January 30, 2016

Cybersecurity report recommends test-hacking medical devices before and after release

White hat hackers are essentially the “good guys” of the industry. They are generally hackers or programmers that make their living through ethical means, specializing in computer and software security. They don’t always work with a particular company — sometimes they are the lone-wolf type. The important point is they don’t hack into systems or devices with the intent of causing harm. Instead, their goal is to find vulnerabilities and holes which may need to be patched in order to improve security. After finding a security flaw, they often provide the necessary documentation and aid to the system owner or admin to improve security.


Testing Tips For Today

Test scenarios aren't always one-way. They aren't always request-response. They aren't always server-pushed. Applications that employ WebSockets often contain a mix of communication patterns. To build your load test scenarios you'll want to record and playback WebSocket communications with your app to create realistic testing scenarios. You'll also need to handle messages pushed over WebSockets just like you would handle messages pushed using a traditional request-response, piggy-back architecture. Load test variables should include the time it takes to establish a WebSocket connection, as well as the time it takes to send a request over that connection. Finally don't forget to include tests for both text and binary data.


Great Little Inventions: Velcro

It is often said that one of the main qualities of geniuses is seeing what no one else sees. Undoubtedly, many people before De Mestral had walked through the countryside just to end up with spikes and thorns pinned to their clothes, yet for most people it was just a minor nuisance. In contrast, when in 1941 the Swiss engineer returned from a hunting trip through the mountain forests of Jura, he envisioned a solution where others could only see a problem. After plucking seeds from his clothes and from his dog’s hair, he came up with the idea of studying them under a microscope in order to understand how they managed to snag so stubbornly.


Finding Unexpected Allies Pt 1: Risk Management

Now, this seems like it’s too good to be true and the obvious question that most people will be asking is, “what’s the catch?” The catch that I’ve experienced is that you can’t simply email a bunch of business units in the bank and say “please list the business services you provide and the applications that support them”. The first problem with doing so is, what is an application? And what is a business service? Without a decent definition, the level of granularity that you might get, and the type of operation that gets identified, will be all over the map. You need to engage with each group to define concepts, so that you ensure some level of consistency.


The next 5 years: possible trends in business software

The growing popularity of platforms with big data capabilities means that more business software programs will likely emphasize real time data analysis in the future, also. This trend emerges in particular in the conduct of successful social media campaigns. The mining of consumer data now extends to a wide array of integrated social media platforms; coupled with sophisticated database technology platforms, this capacity enables companies to develop programs that respond more flexibly and in a far more tailored manner to individual customers. Eli Stutz in “The Future of BPM: 7 Predictions” argues that real time processes will give a fourth dimensional quality to some popular software programs used by businesses.


How healthcare systems can become digital-health leaders

High-quality, sustainable healthcare depends on IT-enabled services and a digital platform, but healthcare systems are still unclear on where to focus investment, what technologies provide the greatest benefits for patients and healthcare providers, and the return on investment. In 2014, we did considerable research into the economic value of digital technologies in healthcare and found that implementing technologies such as patient self-services, using digital channels rather than direct physician interaction, or patient self-management solutions can produce net economic benefits of 7 to 11 percent of total healthcare spending. Over this past year, our work on the ground has confirmed this original analysis.


Best practice advice for moving to the cloud

"For most organisations, moving to the cloud involves a shift in finances, because you're moving from a well-understood capital expenditure model to an operating cost-based model. That scares people sometimes." Hewertson says IT leaders must take time to explain that, while operational costs will rise, the long-term effects of depreciation will be lower as the business avoids a hit every few years when it needs to upgrade its infrastructure. To ensure everyone understands the potential risks and benefits, Hewertson has established a corporate risk board, which highlights the potential risks of the current operation at a formal level. Hewertson advises his CIO peers to use a similar approach to receive the broad support of senior executives and to help alleviate risk, particularly at an individual level.


The Neurologist Who Hacked His Brain—And Almost Lost His Mind

Kennedy called his invention the neurotrophic electrode. Soon after he came up with it, he quit his academic post at Georgia Tech and started up a biotech company called Neural Signals. In 1996, after years of animal testing, Neural Signals received approval from the FDA to implant Kennedy’s cone electrodes in human patients, as a possible lifeline for people who had no other way to move or speak. And in 1998, Kennedy and his medical collaborator, Emory University neurosurgeon Roy Bakay, took on the patient who would make them scientific celebrities.


IT governance: why does it matter?

With increasing regulatory requirements, both auditors and IT managers are adopting CobiT as the compliance framework for IT controls. The CobiT IT Process model has helped convey a view of IT that is understandable to business management, auditors and IT, while providing a basis for IT functions to be organised more effectively into a process structure with accountable process owners. The roles of IT and audit for IT governance are separate yet intertwined. IT professionals often have a poor understanding of what controls are and why they are needed. Audit can help with this by working together with IT, providing training that facilitates a change in the culture of the IT organisation and adopting a focus on controls.


Building Security In versus Building Security On

‘Building Security In’ means that security must be built into the developer culture. Developers should understand that security is now part of their job. This is accomplished by building security into their incentives, providing them the training they require, and showing them that security is a valued skill to the organization. There should be a well-defined software security group with equally well-defined policies and tools to measure efficacy. A common pushback from developers is that security can decrease productivity. There are tools that will in fact do the exact opposite, demonstrating an increase in productivity by as much as 15 percent. These tools live in the developer’s environment and scan code as it is being created.


Quote for the day:


"Winning means you're willing to go longer, work harder, and give more than anyone else." -- Vince Lombardi

Posted by at No comments:
Labels: , , , , , , , , , ,

January 29, 2016

Growing the IoT: Chaos vs. Curation

It’s already happening, since many of the consumer IoT offerings center on, well, a center. You install a "brain" that all of the intelligent elements in your home connect with and through. It makes decisions and also has the primary connection with the cloud. The individual devices aren't doing everything among and by themselves. And in commercial, industrial and governmental areas, it's fairly obvious that pure peer-to-peer device communications without any curation won’t cut it -- something, or someone, needs to act as curator to ensure that things are handled well and properly, rules are applied and rights are respected. The Napster vs. iTunes example parallels this perfectly, and we are facing similar issues with the IoT.


What's Next? 2016 Priorities For High-Performing CIOs

In the new year, many CIOs may find themselves at a critical juncture. They can either build themselves into successful business leaders or they can risk being relegated to second tier “care and maintenance” roles in which they will provide technology support for the strategies and goals of others. Based upon hundreds of conversations we’ve had with CIOs over the past 12 months, it is clear which path high-performing IT leaders will take in 2016. We predict CIOs will take the following steps, among others, to distinguish themselves as strategists and decision makers as they proceed down the leadership path:


EU May Be Aiming to Block U.S. Tech Companies, Schumer Says

Negotiators from the U.S. and the European Union are racing to meet a Jan. 31 deadline to find a replacement for the Safe Harbor agreement that permits user data from companies like Facebook Inc. to be transferred to the U.S. The Safe Harbor pact was struck down last year by the EU’s highest court. "I am worried that the Europeans are using -- that their real motivation is to keep our companies out because they’re so superior to the European companies," Schumer, the likely successor to Senate Democratic Leader Harry Reid, said in an interview Wednesday. His comments come ahead of a Thursday meeting of the Senate Judiciary Committee, where Schumer has a seat. The panel is scheduled to address a bill, H.R. 1428, that would grant European citizens the same data privacy protections as U.S. citizens.


Address IoT security risks before it is too late, urges report

“In the next few years our lives will be surrounded by devices connected to the internet that will digitalise every step we take, convert our daily activities into information, distribute any interaction throughout the network and interact with us according to this information. “Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT. “The future of IoT is unwritten, but only through collaboration and insight can we achieve a secure foundation.” The report was developed by Telefónica’s cyber security and IoT divisions in association with a range of partner organisations operating in the field of cyber security.


A Reference Architecture for the Internet of Things

In the IoT world we don’t only define the goal on the user level (i.e. by application), but things themselves can work towards certain goals without actively including the user. In the end the devices still serve the user but they act autonomously in the background – which is exactly the idea of ubiquitous computing. In order to get a better picture of the term “context” we will first introduce our context model and then jump into the introduction of our reference architecture. Context defines the state of an environment (usually the user’s environment) in a certain place at a certain time. The context model usually distinguishes between context elements and context situation. Context elements define specific context, usually on the device level.


Building a solid cloud governance model for 2016

A final consideration when building a cloud governance model is compliance. This is closely coupled with information security, but there are additional considerations. In particular, watch for details regarding users' responsibility when using a cloud service that is in compliance with a particular regulation. For example, AWS cloud services are PCI compliant, but users of those services must contract with PCI auditors to complete other requirements. Similarly, several, but not all, AWS services are suitable for use with protected healthcare data under the Health Insurance Portability and Accountability Act regulations. Governance strategies should prevent the use of noncompliant services, and ensure compliant services are not used in noncompliant ways.


The need for cyber security skills in Australia balloons

“Yes, they are hard to find, and if you go to an industry and bring a security expert from there, those people have been aligned in a particular areas and are focused on that area only. The best source is the big four management consultant organisations because they invest in people, technology and the soft skills set.” It’s not just end-user enterprises looking for security skills, either. The federal government is ramping up its cyber know-how with agencies such as the Australian Security Intelligence Organisation (ASIO) and ASIS hiring, according to Acheson, and the vendor community is looking for skills too. Like corporate Australia generally, vendors are looking for a blend of abilities.


How To Protect Security Product Investments

The larger the enterprise, the more likely it is that it has many, many security tools. Staff might not learn, use, or update any number of these, perhaps either because there is something off-putting about the technology (some kind of complexity, for example) or because it is one more task on top of an already overwhelming pile. When these tools stay connected and running on the network in a misconfigured, outdated fashion, they become vulnerabilities for attacker entry and liabilities for the enterprise. Security products can come with native remote access capabilities. When enterprises use such products and leave remote access open with default or easily guessed credentials, this turns a security advantage the enterprise should leverage into a security vulnerability.


One crucial exercise for a healthy business

Many organizations, such as technology firms, that have been in this industry for years have the capacity and vision to adjust to financial downturns -- meaning strategic plans and budgets are modified periodically. Depending on their customer base or their global reach, businesses have to assure investors that they can meet market and consumer expectations. ... Conducting effective planning routinely includes an operational budget and a scorecard that aligns with the long-term business plan. With this data in hand, leadership should also have a documented analysis of the business strengths, weaknesses, opportunities and threats that govern how well the company is functioning.


Teach your team to embrace change and create an Agile mindset

Leaders must remember that people are emotionally attached to the way they work -- it is a large part of their lives -- and if they have a lot of experience in the "old" way of doing things, they will be even more emotionally attached to it. Therefore, cognitive arguments with a collection of facts about Agile, or any new idea, aren't necessarily persuasive. What is more persuasive is finding ways to help people care about those facts -- by having conversations that uncover how people are truly feeling about the new idea. Be ready -- these feelings may not necessarily be rational -- but this will allow the leader to truly address what is standing in the way of making Agile, or any new idea, happen.


Quote for the day:


"Be brave. Take risks. Nothing can substitute experience." -- Paulo Coelho

Posted by at No comments:
Labels: , , , , , , , , , , ,

January 28, 2016

Oracle is Planning to Kill The Java Browser Plug-in

"Oracle does not plan to provide additional browser-specific plugins as such plugins would require application developers to write browser-specific applets for each browser they wish to support," the company said in a white paper that outlines migration options for developers. "Moreover, without a cross-browser API, Oracle would only be able to offer a subset of the required functionality, different from one browser to the next, impacting both application developers and users." The main alternative proposed by the company is to switch from Java Applets to Java Web Start applications. This type of application can be launched from the Web without the need for a browser plug-in.


Local Governments Need Governance and Training Amid IT Security Risks

Government agencies approach risk management in different ways, and some may have more mature approaches than others. Additionally, governments need to deal with the fact that residents increasingly expect “24/7 access to government information and services, on mobile devices, without regard for how government develops, manages and pays for that access and those services.” The report says that local governments need to become “technologically proficient” in order to “identify, assess and manage technology risks.” There are four different ways that local governments can achieve this goal, the report notes.


As Cloud Services Mature, Three Key Lessons Learned

As for the integration challenge, 61% indicated that it remains a major pain. In fact, a quarter of the respondents said that at least one cloud application project was abandoned due to the inability to link enterprise data to the cloud applications. While I expect that proportion to decline over time, due to improved tools and smarter implementation teams, it will remain a challenge. An important corollary to the need to integrate external cloud apps to internal on premises data is the fact that we now have a two-way challenge. The rise of XaaS means that many organizations now have valuable data in the cloud that needs to be accessed by their on-premises systems.


The Basics of Web Application Security

Security is a cross-functional concern a bit like Performance. And a bit unlike Performance. Like Performance, our business owners often know they need Security, but aren’t always sure how to quantify it. Unlike Performance, they often don’t know “secure enough” when they see it. So how can a developer work in a world of vague security requirements and unknown threats? Advocating for defining those requirements and identifying those threats is a worthy exercise, but one that takes time and therefore money. Much of the time developers will operate in absence of specific security requirements and while their organization grapples with finding ways to introduce security concerns into the requirements intake processes, they will still build systems and write code.


Hadoop and Big Data: The Top 6 Questions Answered

You will certainly need some folks with Hadoop skills, database/data management skills, system admin skills, programing skills and analytics skills. Currently, the market isn’t oversaturated with Hadoop admins that possess all of these skills along with several deployments and a few years of management experience under their belts ... As for the data scientist, they’re great if you can find one (and afford him/her). You’re talking about someone who gets statistics, algorithms, coding, data and database technologies and the underlying business logic. In many cases, companies are leveraging the skills of multiple individuals already on staff as opposed to hiring a dedicated data scientist.


Unikernels – The shiny new object in the cloud

Unikernels take the concept of minimalistic operating systems to the next level. It is a specialized OS which is compiled exclusively for the program that runs on it. So, a developer can create an extremely compact executable that not only has his code but even the operating system. Unikernels are single-user, single-process, single-purpose, specialized operating systems that strip away unwanted functionality at the compile time resulting in a stand-alone, self-contained unit. The new unit of deployment contains the entire software stack of system libraries, language runtime, and application, compiled into a single bootable VM image that runs directly on a standard hypervisor.


13 Frameworks For Mastering Machine Learning

Over the past year, machine learning has gone mainstream in an unprecedented way. The trend isn't fueled by cheap cloud environments and ever more powerful GPU hardware alone; it’s also the explosion of frameworks now available for machine learning. All are open source, but even more important is how they are being designed to abstract away the hardest parts of machine learning, and make its techniques available to a broad class of developers. Here’s a baker's dozen machine learning frameworks, either freshly minted or newly revised within the past year.


The clearest sign yet that Microsoft is cool again

Despite a booming R&D budget, the research done within Microsoft's labs rarely got productized, as I've written before. Or, as Ahmad Abdulkader, an engineer on Facebook's applied machine learning team, and formerly of Microsoft and Google, told Bloomberg, "Microsoft totally separated its research arm from the rest of the company and almost made it optional to contribute to the rest of the company. Google took the exact opposite approach." This sometimes left Microsoft scrambling to catch up with innovations released elsewhere. Under CEO Satya Nadella, Microsoft's R&D team is actively engaging with product teams to ensure all those R&D billions contribute to tens of billions in sales. But, this isn't the clearest sign of Microsoft's rebirth.


Bimodal IT Strategies and Their Impact on Data Governance

Unfortunately, this dual infrastructure approach rests on several false premises. The first is that startup DevOps teams are all using open source software, and that this is what enables agile application development. The reality is far different. Most startup DevOps teams use a lot of paid software and services out of necessity because they don’t have the time or resources to customize and tie together a bunch of open source applications to meet their IT infrastructure needs. If they did spend the time building this infrastructure themselves they would never get their businesses off the ground. Drawing on scores of on staff engineers and deep pockets, only the biggest of the big tech companies are building IT infrastructures that are based on open source and their own custom-built software.

Managers’ 3 Mental Blocks to Strategic Planning

The typical solution is to spend a lot of the corporate strategy team’s time and money on streamlining the strategic planning process and clarifying the accompanying instructions. This does make a difference, but strategists will be much more likely to help managers consider the long-term – and so help the firm make good long-term decisions – if they spend less time on planning process and more on counteracting executives’ operational mindsets. CEB data show that this is six times more successful in terms of improving long-term thinking during the strategic planning process.


Quote for the day:


"Whenever an individual or a business decides that success has been attained, progress stops." -- Thomas J. Watson

Posted by at No comments:
Labels: , , , , , , , , , ,

January 27, 2016

Cyberwarfare in 2016: The Virtual Battle for Your Information

Regardless of how closely the treaty is followed by either country, it’s clear to the world that this is a unique issue that deserves special attention. Your main concern shouldn’t be corporate espionage as such; attacks on corporations are your biggest danger should cyberconflict arise in any capacity. Chances are that you or an immediate family member works for one. In the rare event that isn’t the case, you absolutely trust your personal data to one or do regular business with one so they have your financial information. Cyberconflict between any organizations large enough can result in corporations being caught in the crossfire.


Windows 10 at six months: Ready for primetime?

One of the most controversial design features in Windows 10 is its new update model, which removes the ability of consumers to control which updates get installed. Businesses have more knobs and levers, thanks to the November 2015 addition of Windows Update for Business, but those tools are made for IT pros and are either invisible or frighteningly complex for less sophisticated users. Still, this is a vision of where the future of computing has to be, and there really is no pain-free path. Asking users, even technically sophisticated ones, to make individual trust decisions over dozens of updates per month is ludicrous. The result, historically, is predictable: many users succumb to information overload or bad advice by disabling updates completely.


The real reason Microsoft open sourced .NET

.NET itself is changing, as the recent name change for the open source version (from .NET Core 5 and ASP.NET 5 to .NET Core 1.0 and ASP.NET Core 1.0), underlines. .NET Core doesn’t cover as much as the full .NET 4.6 framework. The same goes for ASP.NET 4.6 and 5 (which has the Web API but not SignalR, VB or F# support yet). The newer versions don’t completely replace the current versions, although they’ll get the missing pieces in the future. They’re also built in a new way, with faster releases and more emphasis on moving forward than on avoiding breaking changes. That’s the same shift you’re seeing across Microsoft. Over the last decade, building Azure has taught the company a lot about the advantages of microservices for what would otherwise be large, monolithic applications.


Wear your world

If you’re one of those who constantly complain about clothes bought online not fitting right, technology is here to help. LikeAGlove makes leggings that measure the shape of the wearer and provide the details in an accompanying app, which helps users filter out clothes that would not fit right. Workout freaks get to invest in shorts that track running statistics and Radiate makes T-shirts that glow to display the muscle groups that you just used in that last set. Scientists are also working on clothing that can maintain temperature according to the ambient conditions, using everything from pockets of liquid and air to studying how squids modify the wavelengths of light they reflect.


Service-oriented business: Maritz transforms IT culture

Learning was a key part of the Maritz IT overhaul. Paubel said Maritz's IT personnel received training on soft skills, sales and marketing. That process began at the highest level within IT. "We trained the management first," Paubel said, noting that the objective was to help the top IT managers understand what the new IT organization would look like. ... As the cultural shift continued, the Maritz IT group changed its values. The department reworked the management templates that define how employees earn merit increases and promotions. Employees are no longer rated on how many projects they complete, or how many tickets they close, but on how customers perceive them.


Microsoft Open Sources Deep Learning, AI Toolkit On GitHub

Microsoft attributes the surge in interest to the growing number of researchers running machine learning algorithms supported by deep neural networks -- systems modelled on the processes in human brain. Microsoft says that many researchers believe such systems can enhance artificial intelligence applications. The rapid improvements over the past few years in the speech recognition capabilities of applications like Apple's Siri and Google Translate, and in the image recognition capabilities of Google Photos, suggest that belief is well-founded. As mobile and Internet-connected devices proliferate, AI can be expected to become even more important as a way to facilitate function without traditional keyboard-based interaction.


Creating Your Enterprise Cloud Connectivity Strategy

The goal is to create optimal business agility, where the business can adjust or scale according to market demand. Enterprise cloud connectivity uses a variety of secure (and fast) connection protocols to allow organizations to integrate with network, storage, compute, and even user environments. The biggest difference has been the ease of creating these connections and how they can help transform a business. In the past, these connections were made manually and required a lot of administration. Today, major providers are offering easier ways to integrate with their cloud resources.


Microservices in the Real World

Self-Contained Systems (SCS) describe an architectural approach to build software systems, e.g. to split monoliths into multiple functionally separated, yet largely autonomous web applications. The key point is that an SCS should be responsible for its own UI as well as its own data store. The system’s boundaries exhibit a vertical split along what in Domain Driven Design (DDD) is called “bounded contexts”. The integration of each SCS into the overall application happens in most cases within the browser via links and transclusion. These systems don’t share a common UI code nor common business logic. Each system may be maintained by a separate team using their very own preferred technologies.


Major Telcos Join Facebook's Open Hardware Push

It's also about innovating faster. Gagan Puranik, director of SDN/NFV architecture planning at Verizon, said the OCP's collaborative model should help Verizon get new technologies into production more quickly, including future advances like 5G. He expects Verizon to buy equipment from "a mix of traditional and non-traditional" suppliers, he said. Facebook has already developed a pair of powerful OCP switches for cloud and enterprise use, and the new telco equipment could add to the pressure on traditional vendors. Those companies aren't standing still. Nokia, which just bought Alcatel-Lucent, was among the new OCP members announced on Wednesday, and says it will incorporate OCP designs into future telco products.


The Mindful Board

Mindfulness in the boardroom refers to the capacity of a group of people to think in a deep way together. In assessing a current challenge, the mindful board looks to the past, present, and future. Deliberations encompass the impact of a decision not only on the enterprise, but on industry, society, and the planet. And the board considers how the decision will play out in both the short term and the very long term. Mindful boards intentionally look out at the world through multiple windows — technology, politics, sociology, environment, and economics. To leverage the power of using multiple windows, members of the mindful board hone their individual capabilities while practicing three interdependent disciplines as a governing body: leadership by the group, expanded consciousness, and fearless engagement.



Quote for the day:

"Technology has the shelf life of a banana." -- Scott McNealy

Posted by at No comments:
Labels: , , , , , , , , , , ,

January 26, 2016

Is Persistent Storage Good For Containers?

Despite this conventional wisdom, there persists (pun intended) a desire to bring persistent storage to containers. The reasons for this varies. In some cases, an application needs data to persist and its performance requirements can not be met through backends like objects stores or network file systems; typically, this is a SQL database like MySQL or Postgres that isn’t designed to scale out in the way a NoSQL database might. In other cases, a company that is moving to containers and cloud-native apps may have a desire to leverage existing technology when possible, such as a storage array.


Save the ransom: How being prepared and proactive foils the plot

Having good solid, working backups is one of the most important choices that one can make. Maintaining more than one backup plan both offline and offsite, is crucial. Always check backups and test-restore on a regular basis—valid, working backups are part and parcel of the proactive process. Since ransomware targets and encrypts visible files—including mapped network drives and network shares—utilizing an offline backup strategy ensures that your organization will not come to a grinding halt or have to cough up any bitcoins. Remember to always physically disconnect the hardware backup device from the network, after the backup is complete.


The Ten Commandments of Microservices

With the emergence of containers, the unit of deployment gradually started to shift from away from the VM models. Linux container technologies, such as LXC, Docker, runC and rkt, make it possible to run multiple containers within the same VM, allowing DevOps to package each app component or app module in a dedicated container. Each container has everything—from the OS to the runtime, framework and code—the component needs to run as a standalone unit. The composition of these containers can logically form an application. The focus of an application becomes orchestrating multiple containers to achieve the desired output.


Spear Phishing: Real Life Examples

A spear phishing case that involved the RSA security unit of data-storage giant EMC Corp shows how even a company known for security in the cyber realm can be target and victim of an attack. In 2011, RSA was attacked using a Flash object embedded in an Excel (.XLS) file that was attached to an e-mail with the subject line “2011 Recruitment Plan”. Small groups of employees were targeted, and the e-mail was filtered and landed in the users’ junk mail folder. Unfortunately, all it takes is for one person to fall victim of the scam. As explained by the RSA FraudAction Research Labs, regardless of the state-of-the-art perimeter and end-point security controls, security procedures and high-end technology used by a company,


Employee Off-Boarding: How to Keep your Data Safe During Employee Turnover

Companies should make it clear that all data on device is the property of the organization. We ran through some of the specifics behind remote wipe features in this blog, but as a refresher here’s more insight: Employees should have signed a policy disclosing that when e-mail is configured on a personal smartphone, tablet or computer, that if they leave without notice and take their devices, that the company will remote-wipe the device. This means that the employee will not only lose the e-mails on that device, but also all of their personal data on that device. You should encourage employees to be forthcoming about leaving your organization to avoid this issue and present personal devices to be wiped by your IT department without losing their personal data.


Diana Larsen on Agile Fluency Model

Maybe the most surprising thing that’s being added in terms of larger chunks is complex adaptive systems. One of the things that this model has taught back to us is how it actually reflects the foundations, the conditions, the underpinnings of complex adaptive systems–teams as complex adaptive systems. We’re adding information about how complex adaptive systems work when they are teams and when they manifest as a team. What you can look for to help that system flourish. More of that kind of understanding and material, that’s just fascinating to me. We had a tiny bit of that in the first edition. We’re going to have quite a bit more in the second. And we’ll have a couple of new stories. That will be fun.


The CISO's Role in Fighting Extortion

To mitigate risks to corporate data, organizations need to use network segmentation to "ensure that sensitive data is only available within the network to the parts of the network that actually need to be able to access that data," Miller says. They also should use air-gapping to help ensure that sensitive data is not accessible from the public Internet. "Of course there are many other steps that organizations can take to secure sensitive databases and other information as well. ... One of the hopeful measures that companies can take is ensuring that any employee who has a public-facing role and could be contacted by an extortionist is aware of what to do."


Testing the test: How reliable are risk model backtesting results?

This blog reveals that the distributional nature of the profit and loss (P&L) distribution being modelled can have a significant impact upon the previously known factors driving Type-II errors. ... Risk models are not expected to produce reliable and robust risk estimates 100% of the time. Indeed when specifying a model, users build-in expectations around its accuracy often defined by the number of breaches it produces (i.e. occasions whereby the P&L of a portfolio is greater than that predicted by the model). The Kupiec-POF test therefore attempts to assess model performance by comparing the amount of breaches a user would expect a model to produce with the actual amount it does.


Alleviate data wrangling pain points with visualization tools

"The tool presents a visual representation of the data," said Alon Bartur, Trifacta's principle product manager. "It makes certain assumptions concerning the structuring of this data, and the user sees these assumptions by indicators that assess what the likely quality level is of each piece of data. Users know immediately from the indicators whether the data that they are seeing is of high quality or whether it is questionable and might require additional investigation. The user interface is designed for point and click interactions and the system gives the users suggestions of how to organize data reports, as well as certain data transforms that the user can run and what the likely outcomes of these transforms are."


Does Anyone Really Want the govt Deciding Encryption Policy?

What is the best way to keep everyone safe from the various bad guys out there? In one limited sense, this shares an argument from the U.S. gun debates. Is it safer for an individual to have a gun or is it more likely that the bad guy would simply take that gun and use it against the citizen? In the encryption argument, the question is whether it's safer to let the government have full access or will that just make it easier for the bad guys to steal that full access?  Framed in that "which truly makes us safer" perspective, I think there are good arguments on both sides. But if that technology-oriented question is going to be answered by any individual, I'm somehow more comfortable with the Tim Cooks making that call than some politician. At least Tim Cook is honest about his motivation


Quote for the day:


"You have to think anyway, so why not think big?" -- Donald Trump

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)