Выдержит ли ваш бизнес натиск ransomware?

•

1 gostou•318 visualizações

Вы разрабатываете программу непрерывности бизнеса и экстренного восстановления, планируете, как будете справляться с пожаром, сбоями питания или стихийными бедствиями. Но внезапно в вашу сеть попадает шифровальщик-вымогатель, и, возможно, каждую секунду вы теряете доступность своих активов, а вместе с ними и данные. Докладчик расскажет о том, почему угрозу шифровальщиков стоит рассматривать в контексте непрерывности бизнеса и как справляться с уже произошедшим инцидентом и минимизировать его последствия.

Tecnologia

PROPRIETARY AND CONFIDENTIAL 1ACRONIS © 2017
WILL YOUR BUSINESS
STAND A RANSOMWARE?
Yulia Omelyanenko
Unit Manager of governance, risks and compliance
Positive Hack Days VII, Moscow

PROPRIETARY AND CONFIDENTIAL 2ACRONIS © 2017
Bio Overview
• 6 years in Information Security
• 3 years in GRC (before it became mainstream)
• GRC unit manager in Acronis
• Previously worked as GRC manager for multiple regions in
pharmaceuticals, security auditor and consultant

PROPRIETARY AND CONFIDENTIAL 3ACRONIS © 2017
Business continuity program purpose is to ensure that
business-critical assets are continuously available

PROPRIETARY AND CONFIDENTIAL 4ACRONIS © 2017
Classic way to implement
BCP

PROPRIETARY AND CONFIDENTIAL 5ACRONIS © 2017
Leadership Commitment of
BCP
ü Understand value and purpose
ü Establish Business Continuity
Program
#1

PROPRIETARY AND CONFIDENTIAL 6ACRONIS © 2017
Risk Assessment and
Threat Modelling
ü Define disruptive events
ü Assess impact and analyze
risks
ü Propose risk treatment
#2
Risk Assessment for
BCP may be
performed as part of
global Risk
Management initiative
Must contain all
threats that may cause
loss of availability

PROPRIETARY AND CONFIDENTIAL 7ACRONIS © 2017
Conduct a Business Impact Analysis (BIA)
ü Identify critical assets and processes
ü Define recovery time and recovery point
ü Identify other parties and resources for recovery
#3

PROPRIETARY AND CONFIDENTIAL 8ACRONIS © 2017
Deploy, maintain, test,
improve, get certified…
#4

PROPRIETARY AND CONFIDENTIAL 9ACRONIS © 2017
Deploy, maintain, test,
improve, get certified…
#4

PROPRIETARY AND CONFIDENTIAL 10ACRONIS © 2017

PROPRIETARY AND CONFIDENTIAL 11ACRONIS © 2017
Let’s get back to the
basics

PROPRIETARY AND CONFIDENTIAL 12ACRONIS © 2017
The main purpose of BCP is to to ensure that an organization can
continue to operate in case of serious incidents or disasters and is
able to recover to an operational state within a reasonably short
timeline

PROPRIETARY AND CONFIDENTIAL 13ACRONIS © 2017
Risk Assessment and
Threat Modelling
#2 Integrate BCP or its
part with InfoSec
activities
Threat
models
Operational risks
Risk
Assessment
Loss of asset availability?
BIA
Human made disasters
Natural disasters
Third party risks
How possible it is
we will catch
ransomware?
What assets might
be damaged?

PROPRIETARY AND CONFIDENTIAL 14ACRONIS © 2017
Ensure that
your threat
models
correlate
with reality

PROPRIETARY AND CONFIDENTIAL 15ACRONIS © 2017
Conduct a Business Impact
Analysis (BIA)
#3 BIA must include all
possible scenarios
Calculate:
● Cost of resources
for recovery
● Possible damage
caused by disaster
We have lost a number of
assets. What consequences
may this have?

PROPRIETARY AND CONFIDENTIAL 16ACRONIS © 2017
Disaster recovery plan#4
DRP for business
IT continuity plan
Incident
management
Backup and
recovery
Asset
management
Segregation
of duties
ITCP in SLA

PROPRIETARY AND CONFIDENTIAL 17ACRONIS © 2017
Ransomware recovery chain
Risk Assessment
and
Threat
Modelling
How ransomware can potentially appear in network;
How internal processes can be enhanced to minimize
this risk;
What assets might be damaged with ransomware;
Conduct a
Business Impact
Analysis (BIA)
How much can company lose if systems are encrypted;
How much downtime can the company accept;
What kind of remediation is possible and how much will
it cost
Disaster
recovery plan
Backup and restore plans;
Internal forensic lab
Equipment replacement;
Pay the hackers, etc.

PROPRIETARY AND CONFIDENTIAL 18ACRONIS © 2017
Hints for DRP implementation
1) You already might have enough necessary processes in place
to prepare a DRP
2) Delegate functionally on business associates (5% of daily
responsibilities)
3) Extract ITCP part if business doesn’t support solid BCP
4) Test your disaster recovery plans (e.g. perform periodic test
backup and restore)

PROPRIETARY AND CONFIDENTIAL 19ACRONIS © 2017
P.S. why not an option?

PROPRIETARY AND CONFIDENTIAL 20ACRONIS © 2017
Questions?
yulia.omelyanenko@acronis.com yulia.omelia /yomelia

Mais conteúdo relacionado

Mais procurados

2017 Cybersecurity Report

Scale Venture Partners

Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.

Web hacking using Cyber range

Priyanka Aash

Blue Coat Infographic: Proactive Incident response

Meriann Muraoka

Think preventing cyberattacks is enough to protect your enterprise? Consider this: 52% of organizations expect to be compromised by a security breach this year, at an average cost of $3.79 million. Better get proactive about strengthening your incident response capabilities. Start by taking a look at our infographic, chock-full of amazing statistics about: • The size and scope of today’s successful cyberattacks • A better approach to incident response • Specific solutions and technologies that cut your risk and cost

Incident response

bluecoatss

Infosec Europe 2017 Highlights | Lastline, Inc.

Lastline, Inc.

Managing Indicator Deprecation in ThreatConnect

ThreatConnect

Defining A Cyber Moonshot: Getting Safer in Five Years

scoopnewsgroup

Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security s...

Erkan Kahraman

* Why many organizations don’t successfully detect security breaches * How to best use existing security information and event management and log management tools * Other sources, including external ones, that can provide early indicators of a security breach * How to maximize the security resources you already have Watch the webcast here: http://www.tripwire.com/register/10-steps-to-better-security-incident-detection/

10 Steps to Better Security Incident Detection

Tripwire

Innovating at speed and scale with implicit security

Elasticsearch

DWS16 - Plenary Privacy Paradox - Stephane Geyres, Accenture

IDATE DigiWorld

DWS16 - Plenary - Privacy Paradox - Yannick Sadowy, Accenture

IDATE DigiWorld

HPE Protect 2016 - Fearlessly Innovate

scoopnewsgroup

Cybersecurity in Acquisition - Kristen J. Baldwin

scoopnewsgroup

Mais procurados (14)

2017 Cybersecurity Report

Web hacking using Cyber range

Blue Coat Infographic: Proactive Incident response

Incident response

Infosec Europe 2017 Highlights | Lastline, Inc.

Managing Indicator Deprecation in ThreatConnect

Defining A Cyber Moonshot: Getting Safer in Five Years

Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security s...

10 Steps to Better Security Incident Detection

Innovating at speed and scale with implicit security

DWS16 - Plenary Privacy Paradox - Stephane Geyres, Accenture

DWS16 - Plenary - Privacy Paradox - Yannick Sadowy, Accenture

HPE Protect 2016 - Fearlessly Innovate

Cybersecurity in Acquisition - Kristen J. Baldwin

Semelhante a Выдержит ли ваш бизнес натиск ransomware?

Alignment: Office of the Chief Data Officer & BCBS 239

Craig Milroy

Recent newsworthy data breaches have business and IT leaders asking, “Are we learning from the mistakes of others?” In an ever-increasing threat environment, security leaders face mounting pressures to deliver effective security capabilities that protect business assets while balancing budgets, security risks and regulatory issues. For more information on Security, please visit: http://cainc.to/CAW17-Security

Making Security Work—Implementing a Transformational Security Program

CA Technologies

CWIN17 london - how digital identity is fundamentaly enabling business tranfo...

Capgemini

Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them. With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place? What models have been implemented to identify potential insider threat scenarios? Which critical data assets must be safeguarded? What combination of technologies are required to protect against insider threat? Is there a psychology element? The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.

Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...

Puneet Kukreja

For two weeks a year, UCAS, the UK’s Universities and Colleges Admissions Service, is seen as a critical national service, during which 700,000 students rely on the service to find and secure university placements. If UCAS fails, students won’t get their places confirmed on time and universities won’t fill the spaces they need to. Personal data flows from the point of student application, through UCAS, to the universities. Protecting this data is paramount. Join this webinar to learn how the UCAS uses Splunk Enterprise Security running on Splunk Cloud to gain real-time end-to-end visibility and reporting across various technology stacks, both on premise and across their AWS environment, and why an analytics-driven approach can enable you to identify anomalies that could indicate potential compromise. Find out how Splunk helps UCAS: · Gain centralised visibility into their Security Operations Center (SOC) · Use incident investigation to prove-negative for breach notification obligation under the Data Protection Act 1988 (soon to be GDPR) · Proactively detect security risks beyond malware

How security analytics helps UCAS protect 700,000 student applications

Splunk

Watch the webinar on-demand: https://info.trustarc.com/building-pia-dpia-program-webinar.html DPIA/PIA guidance, tips for success and case studies from the field. The GDPR mandates Privacy by Design and requires documented Data Protection Impact Assessments (DPIAs) for high risk processing. How can you build this into a sustainable program across your business? Having a good understanding of what DPIA/PIAs are and how to implement them can be the key to embedding privacy in the heart of your organization as well as achieving GDPR compliance. Watch this webinar on-demand to: - Hear PIA best practices - Review GDPR compliance requirements - Receive a range of tips and tools to help streamline and embed the process - Hear how Volvo Financial Services has approached assessments across their organization To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]

TrustArc

During a recent webinar, Kevin Nassery, Software Security Practice Lead at Synopsys Software Integrity Group spoke to attendees about using metrics to drive their software security initiative. ntuition can take you quite far at the beginning of your application security journey. But even the most experienced leaders will eventually need data to guide them through a decision or justify their investments. Well-designed software security metrics provide that compass. For more information, please visit our website at https://www.synopsys.com/BSIMM

Webinar – Using Metrics to Drive Your Software Security Initiative

Synopsys Software Integrity Group

Andy Powell VP UK Cybersecurity - Capgemini Doug Davidson UK CTO for Cybersecurity - Capgemini Organisations are moving to the Cloud in order to rationalise their legacy application estates and improve the quality of their application services, business performance, and business agility, whilst at the same time reducing their IT cost base. However, the road to Cloud services adoption is fraught with many risks and issues that can trip up the unwary. In this presentation Andy and Doug will outline some of the areas of security risk and threats that customers adopting Cloud services routinely come across. They will also talk through some of the security controls and approaches that you can use to avoid or mitigate business impacts to your cloud services, and will describe how organisations can follow a methodology to securely transition to the Cloud.

Security: Enabling the Journey to the Cloud

Capgemini

The 2018 Threatscape

Peter Wood

NUS-ISS Learning Day 2019-Architecting security in the digital age

NUS-ISS

You want more out of Splunk but don’t know how? Here’s your chance to learn more about Splunk IT Service Intelligence (Splunk ITSI) and get hands-on with it for the very first time. We’ll kick off this session with a discussion on the concept of services, KPIs and entities and demonstrate how to use them in Splunk IT Service Intelligence. We’ll help you build custom visualisations and dashboards for personalised service-centric views. We’ll teach you how to navigate across multiple KPIs, entities and events with built-in visualisations and intelligently troubleshoot and resolve problems faster using Splunk ITSI. We’ll also show you how to create correlations across KPIs easily and be alerted of “notable events” to catch these emerging problems quickly. At the end of this session, you will leave with an understanding of the unique monitoring approach Splunk ITSI delivers to maximise the value of your data in Splunk and how to accelerate visibility into your critical IT services.

SplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence

Splunk

Adam Suchley - Predictive Delivery Assurance - APM Assurance SIG Conference 2018

Association for Project Management

How to Recover from a Ransomware Disaster

Spanning Cloud Apps

Organizations are under constant attack by hackers targeting applications used by the business. The University of Maryland recently quantified the near-constant rate of attacks on computers with Internet access to every 39 seconds. The best defense requires a holistic approach and collaboration of different teams in a concerted effort to reduce the attack surface for hackers. In this webinar we will discuss the roles and the impact that activities, not always associated with security, have in reducing risk. Whether you are an asset manager, a desktop or datacenter manager, or an IT security professional, your role has a significant impact on your organizations ability to reduce the risk of cyber-attack.

Do You Manage Software? Understanding Your Role in Cybersecurity Defense

Flexera

Strategic plans aren’t the only kinds of plans organizations must develop and execute. For many companies, focus on governance, risk management and compliance (GRC) dictate the direction of the business as much as any other initiatives. Too often, GRC management is siloed in one part of the organization and not directly linked to strategy and objectives. Forward-thinking teams are looking for an answer to the question, “How do you get GRC and strategy to operate in the same space?” The current solution (and the problem) is that organizations often take a hyper-detailed, bottom-up approach. The official definition of GRC, as defined by OCEG in the GRC Capability Model, is that GRC is an “integrated capability to reliably achieve objectives while addressing uncertainty and acting with integrity.” Therefore, a proper approach to GRC – and risk management in particular – is a top-down, strategic alignment approach that manages enterprise risk and compliance in the context of overarching organizational objectives. In this webinar, Michael Rasmussen of GRC 20/20 discusses how to successfully implement a top-down GRC strategy that manages risk and compliance execution in the proper context of the organization, department and process strategy. You will learn how to: > Align a top-down approach to GRC, starting with governance of objectives > Mitigate risk in context of objectives and the rhythms of the business > Monitor compliance and controls to ensure that objectives are met > Ensure GRC activities are understood and followed through on

Mitigate Risk with Better Plan Execution and Organizational Alignment

Paige Pulaski

The digital shakeout in quality assurance and testing by Shiva Agolla and Sat...

QA or the Highway

Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then its late. They won’t be back.” Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. a challenge in the agile environment. In this presentation, Blum will address: 1) Challenges of implementing security and risk management in agile or DevOps models 2) Good practices for embedding security services in the pipeline 3) Developing an agile risk management framework

How to Build Security and Risk Management into Agile Environments

danb02

Today’s customers are demanding more real-time interaction. Yet, in this digital world, data vulnerability and cyber-attacks against insurers and financial institutions are becoming an increasingly frequent and sophisticated reality. This webinar shares key insights needed to implement modern solutions that improve your customer’s experience while reducing the risk of cyber threats - protecting your company and your customers from attacks.

Deliver the ‘Right’ Customer Experience without Compromising Data Security

SPLICE Software

Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data. Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains: -- How and where exactly mobile apps fall in scope for various compliance regimes -- Mobile app security issues financial institutions must identify and fix for compliance purposes -- How assessment reports can be used to demonstrate due diligence

Solving for Compliance: Mobile app security for banking and financial services

NowSecure

Atlassian Tools in Practice: A Customer Success Story – Xpand IT & Atlassian ...

Xpand IT

Semelhante a Выдержит ли ваш бизнес натиск ransomware? (20)

Alignment: Office of the Chief Data Officer & BCBS 239

Making Security Work—Implementing a Transformational Security Program

CWIN17 london - how digital identity is fundamentaly enabling business tranfo...

Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...

How security analytics helps UCAS protect 700,000 student applications

Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]

Webinar – Using Metrics to Drive Your Software Security Initiative

Security: Enabling the Journey to the Cloud

The 2018 Threatscape

NUS-ISS Learning Day 2019-Architecting security in the digital age

SplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence

Adam Suchley - Predictive Delivery Assurance - APM Assurance SIG Conference 2018

How to Recover from a Ransomware Disaster

Do You Manage Software? Understanding Your Role in Cybersecurity Defense

Mitigate Risk with Better Plan Execution and Organizational Alignment

The digital shakeout in quality assurance and testing by Shiva Agolla and Sat...

How to Build Security and Risk Management into Agile Environments

Deliver the ‘Right’ Customer Experience without Compromising Data Security

Solving for Compliance: Mobile app security for banking and financial services

Atlassian Tools in Practice: A Customer Success Story – Xpand IT & Atlassian ...

Mais de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Positive Hack Days

Как мы собираем проекты в выделенном окружении в Windows Docker

Positive Hack Days

Типовая сборка и деплой продуктов в Positive Technologies

Positive Hack Days

1. Что такое BI. Зачем он нужен. 2. Что такое Qlik View / Sense 3. Способ интеграции. Как это работает. 4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды. 5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).

Аналитика в проектах: TFS + Qlik

Positive Hack Days

Использование анализатора кода SonarQube

Positive Hack Days

Развитие сообщества Open DevOps Community

Positive Hack Days

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Positive Hack Days

Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.

Автоматизация построения правил для Approof

Positive Hack Days

Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений? На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.

Мастер-класс «Трущобы Application Security»

Positive Hack Days

Формальные методы защиты приложений

Positive Hack Days

Эвристические методы защиты приложений

Positive Hack Days

Теоретические основы Application Security

Positive Hack Days

Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик

От экспериментального программирования к промышленному: путь длиной в 10 лет

Positive Hack Days

Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей. К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Positive Hack Days

Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных. Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.

Требования по безопасности в архитектуре ПО

Positive Hack Days

Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.

Формальная верификация кода на языке Си

Positive Hack Days

Механизмы предотвращения атак в ASP.NET Core

Positive Hack Days

SOC для КИИ: израильский опыт

Positive Hack Days

Honeywell Industrial Cyber Security Lab & Services Center

Positive Hack Days

Credential stuffing и брутфорс-атаки

Positive Hack Days

Mais de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Как мы собираем проекты в выделенном окружении в Windows Docker

Типовая сборка и деплой продуктов в Positive Technologies

Аналитика в проектах: TFS + Qlik

Использование анализатора кода SonarQube

Развитие сообщества Open DevOps Community

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Автоматизация построения правил для Approof

Мастер-класс «Трущобы Application Security»

Формальные методы защиты приложений

Эвристические методы защиты приложений

Теоретические основы Application Security

От экспериментального программирования к промышленному: путь длиной в 10 лет

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Требования по безопасности в архитектуре ПО

Формальная верификация кода на языке Си

Механизмы предотвращения атак в ASP.NET Core

SOC для КИИ: израильский опыт

Honeywell Industrial Cyber Security Lab & Services Center

Credential stuffing и брутфорс-атаки

Último

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Evaluating the top large language models.pdf

ChristopherTHyatt

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Histor y of HAM Radio presentation slide

vu2urc

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Выдержит ли ваш бизнес натиск ransomware?

2. PROPRIETARY AND CONFIDENTIAL 2ACRONIS © 2017 Bio Overview • 6 years in Information Security • 3 years in GRC (before it became mainstream) • GRC unit manager in Acronis • Previously worked as GRC manager for multiple regions in pharmaceuticals, security auditor and consultant

6. PROPRIETARY AND CONFIDENTIAL 6ACRONIS © 2017 Risk Assessment and Threat Modelling ü Define disruptive events ü Assess impact and analyze risks ü Propose risk treatment #2 Risk Assessment for BCP may be performed as part of global Risk Management initiative Must contain all threats that may cause loss of availability

7. PROPRIETARY AND CONFIDENTIAL 7ACRONIS © 2017 Conduct a Business Impact Analysis (BIA) ü Identify critical assets and processes ü Define recovery time and recovery point ü Identify other parties and resources for recovery #3

12. PROPRIETARY AND CONFIDENTIAL 12ACRONIS © 2017 The main purpose of BCP is to to ensure that an organization can continue to operate in case of serious incidents or disasters and is able to recover to an operational state within a reasonably short timeline

13. PROPRIETARY AND CONFIDENTIAL 13ACRONIS © 2017 Risk Assessment and Threat Modelling #2 Integrate BCP or its part with InfoSec activities Threat models Operational risks Risk Assessment Loss of asset availability? BIA Human made disasters Natural disasters Third party risks How possible it is we will catch ransomware? What assets might be damaged?

15. PROPRIETARY AND CONFIDENTIAL 15ACRONIS © 2017 Conduct a Business Impact Analysis (BIA) #3 BIA must include all possible scenarios Calculate: ● Cost of resources for recovery ● Possible damage caused by disaster We have lost a number of assets. What consequences may this have?

16. PROPRIETARY AND CONFIDENTIAL 16ACRONIS © 2017 Disaster recovery plan#4 DRP for business IT continuity plan Incident management Backup and recovery Asset management Segregation of duties ITCP in SLA

17. PROPRIETARY AND CONFIDENTIAL 17ACRONIS © 2017 Ransomware recovery chain Risk Assessment and Threat Modelling How ransomware can potentially appear in network; How internal processes can be enhanced to minimize this risk; What assets might be damaged with ransomware; Conduct a Business Impact Analysis (BIA) How much can company lose if systems are encrypted; How much downtime can the company accept; What kind of remediation is possible and how much will it cost Disaster recovery plan Backup and restore plans; Internal forensic lab Equipment replacement; Pay the hackers, etc.

18. PROPRIETARY AND CONFIDENTIAL 18ACRONIS © 2017 Hints for DRP implementation 1) You already might have enough necessary processes in place to prepare a DRP 2) Delegate functionally on business associates (5% of daily responsibilities) 3) Extract ITCP part if business doesn’t support solid BCP 4) Test your disaster recovery plans (e.g. perform periodic test backup and restore)

Выдержит ли ваш бизнес натиск ransomware?

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (14)

Semelhante a Выдержит ли ваш бизнес натиск ransomware?

Semelhante a Выдержит ли ваш бизнес натиск ransomware? (20)

Mais de Positive Hack Days

Mais de Positive Hack Days (20)

Último

Último (20)

Выдержит ли ваш бизнес натиск ransomware?