April 30, 2016

Advice To Fintech Firms: How To Partner With Banks

Banks need help, and they have recognized that some of that help will come from Fintech firms. That is why so many banks have created incubators and accelerators. Banks and Fintech firms need each another. It took a while to sink in, but most players now agree. But Fintechs struggle with how to partner with banks, and vice versa. What will a good Fintech partner look like? Without a doubt, banks are looking for partners. They want companies that will share their business goals and understand their vision. They want partners who will measure success the way they do. But what partnering model are we talking about? There are several existing or emerging models.


The Open Group IT4IT Architecture Offers a New Direction

Within IT, there are places where we want to move in a more agile way -- where we want to move faster. There are also certain activities where waterfall is still an excellent methodology to drive the consistency and predictability that we need. A good example of that comes with large releases. We may develop changes or features in a very agile way, but as we move towards making large changes to the business that impact large business functions, we need to roll those changes out in a very controlled, scripted way. So, we take a little bit different look at Bimodal than some companies do. Your other question was on Shadow IT. One of the things that we have challenged a lot over the last year or so is this concept the role of the IT organization relative to the rest of the enterprise.


The API Economy: A Big Ball of CRUD

Services and APIs are only loosely-coupled in conceptual architecture, but not in the real-world where people still have to manually discover and integrate them at the Application and Process layers. This is the reason why Service Orientation has yet to have delivered “Business Agility”. From that high-level Enterprise Architecture perspective (as opposed to the bottom up IT view) it’s not useful or scalable to be stuck manually considering individual APIs. It would be better to have an abstraction, a model for looking at all of these endpoints as objects that expose functionality, but hide their complexity and automate management of the end-to-end API contract lifecycle in order to advance the Service Orientation architectures.


Key Differences Between A Poiny-To-Point Vs. Enterprise-Wide Data Integrity Solution

Extract, Transform and Load (ETL) systems commonly integrate data from multiple applications and systems and are typically developed and supported by different vendors or hosted on separate computer hardware. The disparate systems containing the original data are frequently managed and operated by different employees as well. It is likely you have found some point-to-point tools in your tool kit to help with this enormous data corralling challenge, but what about maintaining the integrity of the data as it moves away from your original system downstream? An even more elusive question to answer is do you need enterprise visibility into the overall integrity of your key business data?


How artificial intelligence is changing the way illness is diagnosed and treated

The industry's interest in AI, Rajan says, has been driven both by rising costs and increasing volumes of data. "There isn't necessarily the capacity to capture and process and understand all of it. I think AI, particularly a lot of early solutions, are targeting those issues -- being able to take large volumes of data, put it through levels of processing that can allow some level of relevancy to crop up to support decision making and influence the course of care." The aim is for AI systems to do what doctors can't always: keep up on every detail of every patient's visit to every specialist or hospital, as well as each pertinent new piece of research, disease outbreak, and public health recommendation. The system must not only digest all that information, but also factor in the patient's symptoms and then recommend a diagnosis or course of treatment that takes all those elements into account.


Big Data & Logistics: 7 Current Trends to Watch

“Hey ‘Big Data’ is just a big fuzzy word for me” quoted a Vice President of an Innovation Center at a big logistic company back in early 2015. Just one year later, he not only has to admit that ‘Big Data’ is the next big revolution, but has already applied big data technology to dramatic effect significantly growing the business and reducing costs. In fact, he’s been so successful that he’s been given the funding for a new Machine Learning department! UPS’ 1 billion investment in big data more broadly blows the whistle for all logistics companies all around the globe to get very serious about becoming data-driven or otherwise be in fear of being wiped out. The delta being created by those who have been quick to embrace big data is growing rapidly.


Phil Zimmermann speaks out on encryption, privacy, and avoiding a surveillance state

Talking of Snowden, Zimmermann notes with a certain amount of pride: "Snowden got his hands on some documents that showed some products that [the NSA] had broken the crypto [on]—and none of my stuff was on the list." Silent Circle's Blackphone device runs a security-toughened version of Android it calls PrivatOS. Calls are encrypted end-to-end which means even the company itself can't hand over the details to anyone. "We have no access to it. None. We can't disclose what we don't have access to," the company says. Since the V&A exhibition opened, the Blackphone has been added to the collection of a second museum—the International Spy Museum in Washington DC. Its 'Weapons of Mass Disruption' gallery explores the challenges facing the intelligence community in the twenty first century.


Reflecting software architecture evolution in your stack

While the disconnect between the conception of "business processes" as being "business process flows" and event architecture -- or microservices architecture -- seems obvious, it's not being adequately reflected in most enterprise architecture methodologies. The business process output of EA is often prestructured into business process flows and leans toward workflow thinking when translating EA requirements to IT requirements. It is possible to "retroject" an understanding of modern software architecture evolution and design approaches based on the cloud and microservices into today's EA methodologies, but this is difficult to do in a consistent and organized way.


International IT trade group urges firms to prepare for GDPR

“There are challenges ahead. A lot of companies will have their work cut out for them to be compliant in time,” said Bridget Treacy, partner at Hunton & Williams. “All organisations that have not done so already, really have to start thinking in very pragmatic terms about what the GDPR means for the business and how they are going to handle their data assets, because two years is not much time,” she said. The final alarm bell has been sounded, said Stewart Room, cyber security and data protection partner at PricewaterhouseCoopers (PwC). “There are no more alarm bells after this. There is no more pretending. All organisations that have not started preparing now need to start taking this seriously,” he said.


IT guru Batya Friedman talks tenets of value-sensitive design

There's nothing in value-sensitive design that's about a specific technology. It's about how do we foreground what's important to people in the tools and technologies and infrastructure we build. Most of my work has focused on information technology, but other people have applied it to wind turbines, to designing processes for customs in major ports, for transportation systems. ... When you're designing a system, who do you focus on? The language in the field is to talk about users and user-sensitive design. So when people design, they think about who is going to use the technology. We have methodologies for doing usertesting, but we know that others are stakeholders, too. So one of the key changes is to bring other stakeholders in to make sure they're considered along with the users.


Quote for the day:


"Just because something doesn't do what you planned it to do doesn't mean it's useless." -- Thomas A. Edison

Posted by at No comments:
Labels: , , , , , , , , , ,

April 29, 2016

Cyber security in Belgium will gain prominence after terror attacks

There is some good news for the country’s cyber security. Belgium is one of the countries least affected by online banking trojans.  And there is a very good reason for that, according to Eddy Willems, security evangelist at Gdata Software. “Most Belgian banks use advanced authentication system, which makes it more difficult for cyber criminals to obtain the required authentication details to get entrance to the victim’s bank account,” he said. ... Not such good news for Belgium is that it and the other Benelux countries, the Netherlands and Luxembourg, have seen a dramatic increase in the number of ransomware incidents. More incidents have been reported in February 2016 alone than in the last six months of 2015, according to research by security supplier Trend Micro.


In the digital enterprise, everyone is a security newb

In the digital enterprise, protecting critical data has changed. Communication is the missing ingredient because security teams don't have the information they need for the other business leaders who are focused on different objectives, like sales goals or the customer experience. "Those department heads are so concerned about keeping their own systems up so that they can continue bringing in revenue, that they overlook security. For example, the managers of a POS system do not want to have their IT guy take the system offline for an hour to fix a patch during Black Friday," Stolte said. In order to best defend against the threats of malicious actors, leaders across all departments need to become more security savvy. "Line of business and application owners, those who manage assets that contain valuable information, must first recognize that the information they manage is of high value and they must communicate with the security team," Stolte said.


IT performance management pegged for increase of virtualization tools

"There are [fewer] IT organizations using cloud services than everybody expects," said Edward Haletky, CEO and principal analyst for The Virtualization Practice LLC. There has been a large increase in shadow IT, wherein cloud services are purchased ad hoc by workers, but since IT pros are not involved with these unknown services, they aren't factored into decisions about what management tools to buy. Many companies have just started to branch out into the cloud. MetLife Insurance, for example, started with development platforms and has moved to putting new and some existing apps in the cloud, but most of its IT operations are still in owned and hosted data centers, according to Tony Granata, assistant vice president of capacity performance & monitoring engineering at the New York-based insurer.


Rip up the script when assembling a modern security team

Hiring analysts who’ve worked at the same companies or attended the same schools means you may end up with a team that approaches security issues in a similar manner. If they all think alike, they’ll probably miss the same security blind spots. ... look for people who have worked in different companies and industries and have experience fighting a variety of threat vectors. Ideally, your team will include someone with either a military or government background. They’ll have a completely different way of looking at security, forcing your company out of its comfort zone. Military personnel are often familiar with nation-state attacks and malicious intent and understand how complex offensive operations work. And with hackers launching advanced attacks against companies, people who have experience dealing with these threats can apply their knowledge to defend a business.


Don't overlook these two hidden risks to your corporate data

The data your SMB partners have in hand may seem minimal, but it's still critical corporate data. Contact information and services rendered may be valuable to an individual who hacks the SMB's network. As an InfoSec professional, you know what measures you have in place—but what about the SMB? The extent of its security depends upon available resources and what's affordable for it to implement. ... When it comes to internal colleagues exposing sensitive corporate data, it's all about timing and pulling the emotional strings. Along with having the technical skill set to spoof a business's email address, the attacker executed the data breach beautifully by understanding the time of year and knowing who to target at a busy time. The accountant's inbox was potentially flooded with deadline notifications and requests, which created a stressful environment. This makes for an easy target.


The Holistic Approach: Preventing Software Disasters

Understanding each kind of source code and scripts, interpreting the configuration files, evaluating the value of variables throughout the execution cycle for finally piecing all these findings together and reverse-engineering the system blueprint gives CIOs an “X-Ray view” into the inner workings of their organization’s software systems and empowers the CIO to make data-informed decisions to fortify overall software quality. ... But looking at the unit-level source code is not everything, it’s just the beginning - specifically with modern architectures where loose coupling between the different layers is a must. Hence CIOs must also X-Ray the “glue” between software layers and components, which is sometimes defined in configuration, property files or annotations stored directly inside the source code files


10 Free Tools For API Design, Development And Testing

The rise of RESTful APIs has been met by a rise in tools for creating, testing, and managing them. Whether you’re an API newbie or an expert on an intractable deadline, you have a gamut of services to help you get your API up and running quick, and many of them won’t cost you a dime. Following is a sampling of free services for working with APIs: load testers, API designers, metrics collectors, and much more. Some are quick and dirty applications to ease the job of assembling an API. Others are entry-level tiers for full-blown professional API services, allowing you to get started on a trial basis and later graduate to a more professional level of (paid) service if and when you need it.


Is There a Need to Redesign Cyber Insurance?

As insurers increasingly focus on operational risk — that is, failure due to systems, processes, people and external events — as a key element of managing their capital adequacy and solvency, how will the regulators and insurance commissioners view the potential increase in the risk of someone infiltrating an insurer’s own site through some form of remote device? Overall, there seems to be agreement that prevention is better than cure, but where cyber crime happens, it is critical that companies carry appropriate insurance cover. Cyber insurance cover has been around for a decade or so, but as cyber crime has developed, then doesn’t insurance cover also need to mature? With policies provided by some major insurers giving cover to $100m, isn’t it time to think about whether this is enough?


You'll soon be using GPU as a Service

As an example of this new wave, AMD and AP are collaborating to bring immersive experience to news and storytelling. This can significantly enhance the ability to get information to content viewers, while also providing a more concise way to impart information, including the ability to see multiple perspectives, exhibit full dimensional accuracy, get a better sense of time, etc. Although still a niche market, this will help accelerate the adoption of VR clients. In addition to VR clients, the need to process immersive information means that there will be a significant need for high performance graphics processors -- not only at the individual server level, but available as an on-demand service based in the cloud. GPUs as a Service will expand greatly over the next 2-3 years, and will eclipse the PC GPU market in sheer numbers of units.


Production Like Performance Tests of Web-Services

Tests should always keep the end user view in mind to ensure that the software meets with acceptance on the part of the users. But how to test web services which are not directly customer-facing, and in particular, how to performance test them in a meaningful way? This article outlines performance test approaches that we have developed and proven to be effective in the company HERE, which is a leading location cloud company.  ... Tests should be created with knowledge regarding the end user so that they are effective and risk-based. Because of this factor, as well as release techniques such as canary releases and feature toggles, the line between tests run prior to the release and of the released software on production becomes blurred.


Quote for the day:


"Fear causes hesitation and hesitation will cause your worst fears to come true." -- Patrick Swayze

Posted by at No comments:
Labels: , , , , , , , ,

April 28, 2016

Vulnerability in Java Reflection Library Still Present after 30 Months

The ability to load classes dynamically at runtime using custom ClassLoaders has created the opportunity for a number of applications that wouldn’t be possible otherwise, but unfortunately it has also created a number of security concerns, particularly around class impersonation. A developer could, in theory, create a custom ClassLoader that loads a compromising implementation of the primordial class java.lang.Object, and use this custom Object in a Java application. ... When the issue resurfaced in March 2016, the latest available version at the time, 8u74, proved to be vulnerable. Since then, Oracle has released three updates for Java, namelt 8u77, 8u91and 8u92. However, judging by their release notes, none of those seems to have addressed the problem. 


Docker on Windows Server 2016 Technical Preview

To build and run your first Windows container, get Windows Server 2016 TP5 running, begin writing Dockerfiles for Windows, share images on Docker Hub and don’t hesitate to reach out with questions or feedback on the Docker Forums. ... Docker and Microsoft have come a long way since the 2014 partnership announcement of the Windows Server port of Docker engine, through the first publicly available version, up to today’s release. This journey also sawJohn Howard from Microsoft join the ranks of core Docker maintainers. We’re proud of the progress we’ve made to empower developers and ops teams using Windows with Docker’s proven tools and APIs for building, shipping and running containers and that we can help bring together the Windows and Linux communities with a common toolset for shipping software.


Paying ransomware is what ills some hospitals

Data backups are the key to surviving ransomware attacks. But some hospitals and physician practices don’t back up their data at all. This lack of security awareness puzzles McMillan. “It’s possible is that security is still not seen as a critical business function” in those organizations, he suggests.  Even if a hospital or a physician group does back up its data, it might do so only on a nightly basis. So, if a ransomware attack occurs and the organization uses its data backup to continue operations, the database will be missing everything that has been entered into the system since the previous evening, notes Gibson. That’s much better than nothing, but it will still send clinicians scrambling.  Many hospitals do near-real-time backups of data on mirrored servers. In case one server goes down, the other can take up the slack.


Technologically Constrained Banks Face A Challenge From Agile Fintech Firms

“Banks still struggle with legacy systems and with their culture.” One European bank partnered with a fintech firm on a project. Eighteen days later the technologists had a app and a proof of concept, while the bank was still struggling with deciding who should be in the room to meet with them. Interviews with bank CXOs revealed some startling contrasts with some large banks realizing the need for change while some regionals and super-regionals don’t think fintech innovations will impact them. “Banks are underestimating the value fintech firms provide in delivering a good experience and efficient service, as well as their potential influence on all areas of banking,” the report said. “From the customers’ perspective, fintech firms have value in being easy to use (81.9 percent), offering faster service (81.4 percent), and providing a good experience (79.6 percent).


Man jailed for failing to decrypt hard drives

"His confinement stems from an assertion of his Fifth Amendment privilege against self-incrimination," wrote the man's lawyer, Keith Donoghue. The US Constitution's Fifth Amendment is designed to protect people from being forced to testify and potentially incriminating themselves and states: "No person shall be... compelled in any criminal case to be a witness against himself." The Electronic Frontier Foundation, which campaigns for digital rights, said: "Compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them." The man's appeal also contends that he should not be forced to decrypt the hard drives because the investigators do not know for certain whether indecent images are stored on them.


Singapore Is Taking the ‘Smart City’ to a Whole New Level

“Singapore is doing it at a level of integration and scale that no one else has done yet,” says Guy Perry, an executive of the Los Angeles engineering design firm Aecom who studies “smart city” technologies. It helps in Singapore that government- or state-owned companies own or control many aspects of daily life, including public transport networks and housing. More than 80% of Singapore’s 5.5 million people live in government housing. And while Singapore is a democracy, it has always been dominated by a single party whose control of the system means it can move quickly. Leaders also see a chance to pioneer applications for export. The market for smart-city technology in Asia alone will reach US$1 trillion a year by 2025, according to IDC Government Insights, a unit of International Data Corp., the Framingham, Mass., research firm.


Why Won’t They Pair?

The organizational challenges continue from the physical equipment to how developers are rated for recognition, raises and promotions. If an organization stack ranks their employees, the chance of developers learning to pair effectively is severely hampered. In many cases, the developer wants to be seen as the super hero thereby raising their rank above their peers. Performance reviews are another blocker. Few companies recognize teamwork as a valued skill and instead look for the ‘super hero’ who can come in to save the day during a crisis. Further, organizations that consistently work in a tactical fire-fighting mode will struggle to see the value that comes from pairing where developers share knowledge of technical and domain expertise.


BIP 75 Simplifies Bitcoin Wallets for the Everyday User

One of the main downfalls of BIP 70 is that it doesn’t work well for P2P payments. While it gets the job done for transactions between a customer and a merchant, Bitcoin wallets are unable to receive payment requests when they’re offline. Store-and-forward servers can be used to forward new payment requests to wallets when they come online, but this setup creates new privacy and security concerns. BIP 75 is an attempt to solve this issue by encrypting all communication in the Payment Protocol end to end. “By adding encryption at the application layer we create secure private communications, even in the case where there is a store and forward server for mobile or desktop wallets,” Netki founder and CEO Justin Newton, who co-authored BIP 75, told Bitcoin Magazine.


Ransomware-as-a-service is exploding: Be ready to pay

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. "Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything." Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything. You're the latest victim of a ransomware attack. The scary thing is, you're not alone. The ransomware market ballooned quickly, reported TechRepublic's Michael Kassner, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.


Cyber Attacks on Small Businesses on the Rise

Almost half of cyber-attacks worldwide, 43%, last year were against small businesses with less than 250 workers, Symantec reports. The FBI reported last summer that more than 7,000 U.S. companies of all sizes were victims of cyber hacks via phishing email scams as of late 2013, the latest data available, with losses of more than $740 million.  The cyber crooks steal small business information to do things like rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; commit health insurance or Medicare fraud; or even steal intellectual property. The criminals can also hijack a small business’s website to cyberhack other small businesses. “There are probably 20 different ways a bad guy can get into a website” run by a small business, Scott Mann, CEO of Orlando-based Highforge Solutions, has said.


Quote for the day:


"A business of high principle attracts high-caliber people more easily, thereby gaining a basic competitive and profit edge."-- Marvin Bower

Posted by at No comments:
Labels: , , , , , , , , , , , ,

April 27, 2016

A History of Containerology and the Birth of Microservices

Not only has Microsoft jumped on the container bandwagon, but they also shared the vision of Docker’s application focused model for containers. Microsoft partnered with Docker, and as a result, one can run Linux or Windows containers with Docker. Being able to run applications in either Linux or Windows hosted containers will provide companies flexibility and reduce any refactoring costs associated with rewriting, tweaking or re-architecting existing applications. The bold new world that containerology will take us to is that of microservices. In my opinion, microservices (specifically as enabled by Docker) represent the first feasible step towards mechanized or industrialized applications. In the mechanical engineering world, complex systems were built buying off the shelf components and widgets. In contrast, the software world was accustomed to fabricating every part needed to built complex applications.


API security: Key takeaways from recent breaches

A good practice in approaching API security is first and foremost to know your API assets. An API management suite can help identify the API and exact version, whether in development, QA or production, tracked by its internal registry. This is instrumental in controlling API sprawl. And in the event of a breach, knowing the exact variables in play at the time of the breach will help to expedite the solution. A second detection strategy is knowing your consumers and solidifying their authentication. While most companies may start out exposing their APIs publicly, allowing developers to freely build applications using the APIs, it may help to configure multilayer security elements right down to the API level so that API consumers are easily identifiable. This is also crucial as API providers rely on standards such as OpenID for single sign-on between different applications.


5 years into the ‘cloud-first policy’ CIOs still struggling

The greatest challenge is not getting a contract in place, but what you find out is where those boundaries cross of who's now responsible because you're in a different infrastructure set-up, and what the cloud provider's going to do versus the contract staff, versus the application support staff versus the infrastructure staff," Andrews says. "So, that's the greatest challenge we're having now is defining roles and responsibilities and who's going to do what because the world has changed as we've known it, and we've been client-server for so many years that this is truly a different environment for us." Andrews recalls a recent meeting concerning the role of a cloud vendor and a somewhat tense discussion about "what does the word 'manage' mean in a cloud environment," and who has ownership over the systems and who bears responsibility for resolving the inevitable problems when they arise.


Third Generation Robo-Advisors Are Born

The application of machine learning to robo-advisory is still in inchoate stages, and only a few firms have stepped forward describing plans. Little-known Marstone (which focuses on business-to-business advice) has partnered with IBM Watson to deliver some form of cognitive-computing powered advice. It appears that Wealthfront will use artificial intelligence to provide more data-driven and personalized investment recommendations on its Dashboard. Personalization will be dynamic and driven by the client’s specific risk tolerance, financial profile, and investments as assessed across aggregated accounts. Machine learning in robo-advisory may also analyze, adapt to, and learn from investor behavior and correct for cognitive biases. As Wealthfront states, “observed behavior may reveal insights about ourselves that we aren’t even consciously aware of.”


Data Visualization Drives the Era of Information Activism

The information activism trend draws parallels to the printed word. From the invention of the Gutenberg printing press until the advent of the Internet, the ability to write and publish information was a highly technical skill, in the hands of a select few individuals. The arrival of blogging made the written word a mass activity, open to all. Similarly, people are now eager to express themselves using data visualization to tell engaging and visually stimulating stories without the need for a graphic artist or cartographer. They can just do it for themselves. ... Information activism is catalyzing a renaissance in the world of data, transforming the entire field of analytics. People no longer are mere data consumers, passively waiting for information.


MIT’s Teaching AI How to Help Stop Cyberattacks

A system called AI2, developed at MIT’s Computer Science and Artificial Intelligence Laboratory, reviews data from tens of millions of log lines each day and pinpoints anything suspicious. A human takes it from there, checking for signs of a breach. The one-two punch identifies 86 percent of attacks while sparing analysts the tedium of chasing bogus leads. ... Most of AI2‘s work helps a company determine what’s already happened to it can respond appropriately. The system highlights any typical signifiers of an attack. An extreme uptick in log-in attempts on an e-commerce site, for instance, might mean someone attempted a brute-force password attack. A sudden spike in devices connected to a single IP address suggests credential theft.


Backlash against a bimodal IT strategy

The big problem with a bimodal IT strategy is that it doesn't go far enough, according to the authors. Rather than face digital business head on, bimodal IT is a more staggered introduction, giving CIOs a chance to continue clinging to the security and the stability of tradition rather than fully accept the unpredictability and even the riskiness that come with going fast. "Yes, it's a big transition, but if you only do it partway, you're going to make it so much harder on yourself," Sharyn Leaver, Forrester analyst and an author of the report, said during a recent webinar. One of the consequences of going digital "partway" is that it introduces complexity. Divvying up IT tasks can result in two separate technology stacks and two separate teams that develop different value systems, different cultures and are evaluated on different metrics -- all of which CIOs will eventually have to untangle if they want to fully align with the business and move at a faster pace, according to Leaver.


What The Google I/O Schedule Tells Us About The Future Of Android

Google has big ambitions in virtual reality. Cardboard is just the start, as there have been rumors of the company building its own VR headset and indications from Android N about how the operating system will give more native support to VR. So set your eyes on the VR at Google session on May 19, which is hosted by Clay Bavor, Google’s vice president of virtual reality (who also has a fascinating photography blog). Right now Facebook-owned Oculus is leading the VR game and Google’s frenemy Samsung makes the most popular consumer device in the Gear VR. So expect Google to invest heavily to ensure the company’s services are where the Internet is going. YouTube, as an example, recently added support for VR and 360-degree video.


Will Healthcare Data Encryption be Impacted by NIST Guide?

NIST produced a development process for cryptographic standards and guidelines based on nine principles, which are transparency, openness, balance, integrity, technical merit, global acceptability, usability, continuous improvement, and innovation and intellectual property. Notably, NIST added the global acceptability principle to the final draft after public comments suggested that the organization address the global nature of the current economy and exchange of information. The final document reiterates NIST’s intentions to fostering collaborations with all stakeholders, such as security professionals, researchers, standard developing organizations, and users, to establish strong encryption standards and processes. Stakeholders who contribute to the development process are also part of a variety of industries, including healthcare, academia, and government.


Null Object Design Pattern in Automated Testing

In object-oriented computer programming, a Null Object is an object with no referenced value or with defined neutral ("null") behavior. The Null Object Design Pattern describes the uses of such objects and their behavior (or lack thereof). ... The main idea is that sometimes we need to add promotional codes and then assert that the correct amounts are displayed or saved in the DB. As you can assume, there are various ways to accomplish that. One way is to use the UI directly and assert the text is present in the labels. Another way is to use a direct access to the DB and insert the promotional code, then assert the calculated entries saved in some of the DB's tables.


Quote for the day:


"When you do the common things in life in an uncommon way, you will command the attention of the world." -- George W. Carver

Posted by at No comments:
Labels: , , , , , , , , , , , ,

April 26, 2016

What’s eating your lunch? A tale of strategy and culture

“We can’t do what you’re suggesting,” the head of sales shouted at one of his colleagues. “Product development will never deliver on time and we will be stuck with a financial target that there is no way we can meet! They screwed us over last year and we’ve been racing to close the gap for the last 10 months. Our sales teams are spent and frustrated!” These leaders were part of a company that had grown from a young startup, full of energy and fresh ideas, to a billion-dollar firm with thousands of employees. Today, it bears little resemblance to the firm they had all joined years before, and the leaders were experiencing the frustration of navigating a bureaucracy that they had to own a hand in creating.


Agile is Dead

Who said Agile is dead? The founders of Agile and its practitioners said it, not me. Don't go thinking I made this up. ... In the meantime when you say "Agile Software Development" everyone will know you are referring to just another methodology, one that failed to produce the promised results, one that was widely implemented inadequately, one no better than Waterfall or Spiral overall, one with certain relative strengths and even more weaknesses. 'No more magic dust. Several of the founders of Agile Software Development and many other influential developers have pronounced it dead. Only consultants and managers with a vested interest in the brand-name "Agile" still want it alive.


How a CIO can help the CEO drive business growth

CIOs are highly skilled using technical expertise to "keep the IT engine" working 24/7 while simultaneously using creative skills to facilitate the innovative use of new technologies for growth and customer engagement. CIOs need to embrace this dual role with importance emphasized on strategic business matters. In situations where the CEO and senior executive feel that their CIO is not sufficiently business-centric a new trend of engaging a chief digital officer (CDO) is emerging to accelerate the flow of digital benefits into the "front office" or customer facing areas. This may not be necessary, if CIOs can redefine their role as business leaders responsible for leveraging technology advancements for business growth, They should take an ‘outside-in’ approach to their business than the traditional ‘inside-out’ of approach.


Exclusive Q&A: IBM Security’s Marc van Zadelhoff 100 Days In

Customers are placing controls in place of security, but they’re missing the big picture of a Big Data security platform and a team, a SOC (security operation center) that leverages Big Data analytics — our QRadar platform — and has the ability to hunt for the attacker as opposed to looking at historical data. We’re enabling them to transform their security operations with forward and predictive analytics around attacks, compliance and insiders. I think this year will be the year of the SOC transformation that’s going to be driven by the increase in ransomware, the increase in high-value data theft like health care data. It’s ransomware, it’s the theft of high-value data, it’s the emergence of IoT (Internet of Things) and cloud — all these things mean you have to have a highly-analytical SOC in place, and that’s what we’re helping customers to do.


FBI Says It Will Ignore Court Order If Told To Reveal Its Tor Browser Exploit

There are a bunch of different cases going on right now concerning the FBI secretly running a hidden Tor-based child porn site called Playpen for two weeks, and then hacking the users of the site with malware in order to identify them. The courts, so far, have been fine with the FBI's overall actions of running the site, but there are increasing questions about how it hacked the users. In FBI lingo, they used a "network investigative technique" or a NIT to hack into those computers, but the FBI really doesn't want to talk about the details.  In one case, it was revealed that the warrant used by the FBI never mentions either hacking or malware, suggesting that the FBI actively misled the judge. In another one of the cases, a judge has declared the use of the NIT to be illegal searches, mainly based on jurisdictional questions.


Angular 2 and TypeScript - A High Level Overview

AngularJS is by far the most popular JavaScript framework available today for creating web applications. And now Angular 2 and TypeScript are bringing true object oriented web development to the mainstream, in a syntax that is strikingly close to Java 8. According to Google engineering director Brad Green, 1.3 million developers use AngularJS and 300 thousand are already using the soon to be released Angular 2. ... You can also develop Angular 2 apps in JavaScript (both ECMAScript 5 and 6) and in Dart. In addition, the Angular team integrated yet another Microsoft product - the RxJS library of reactive JavaScript extensions, into the Angular 2 framework. Angular 2 is not an MVC framework, but rather a component-based framework. In Angular 2 an application is a tree of loosely coupled components.


New regulatory environment demands CCOs become ‘compliance technologists’

As companies attempt to take a global approach to compliance, 48% of symposium attendees reported that their organizations take a centralized approach to cross-border regulations, meanwhile some have run into issues scaling the compliance function due to the fragmented nature of local regulations. More than a third of respondents said their firms preferred a regional set-up over a more centralized approach. Beyond the teams themselves, an often overlooked area that CCOs need to consider is how their technology systems will evolve and adapt across the enterprise, particularly as rules are increased or changed in multiple countries and jurisdictions.


SWIFT warns customers of multiple cyber fraud cases

Monday's statement from SWIFT marked the first acknowledgement that the Bangladesh Bank attack was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions. "SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters. The warning, which SWIFT issued in a confidential alert sent over its network, did not name any victims or disclose the value of any losses from the previously undisclosed attacks. SWIFT confirmed to Reuters the authenticity of the notice.


How to prepare your business to benefit from AI

Both the customer-centricity and the ability to act on the customer, asks a lot of these organizations. What we're seeing is that a lot of organizations are introducing chief digital officers or VPs of Digital who are responsible for the overarching customer experience or the overarching ability to understand that on the data. ... For artificial intelligence to be truly useful and truly holistic, it needs to be connected across all these different functions, and organizations are going to have to think a lot differently about how they want to deploy technology like this to be able to take advantage of it. Ultimately, most organizations today aren't really structured to take advantage of being truly customer-centric and having the ability to act on that understanding with algorithms or insights or machine learning and so forth.


Juniper's New 100-Gbps Firewall Is 'Absolutely Ridiculous -- In A Good Way'

"A 100 Gbps virtual firewall sounds absolutely ridiculous -- in a good way," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider and longtime Juniper partner. "That's really impressive. You're seeing more people looking towards protecting things east-west [server-to-server] internally, so the more you can enable in that virtual environment, the better. A 100-Gbps [firewall] would be a great new asset for us." The new cSRX is a software-defined networking (SDN) controlled firewall providing advanced layer 4 to layer 7 microservices that Juniper says is the industry's fastest virtual firewall. CSRX includes content security, Juniper's application security suite and unified threat management for providing security as a service in large multi-tenant cloud networks.


Quote for the day:


"Leaders are visionaries with a poorly developed sense of fear and no concept of the odds against them." -- Robert Jarvik

Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)