CERIAS Weekly Security Seminar - Purdue University
1,158 episodes - English - Latest episode: 28 days ago - ★★★★ - 6 ratingsCERIAS -- the Nation's top-ranked interdisciplinary academic education and research institute -- hosts a weekly cyber security, privacy, resiliency or autonomy speaker, highlighting technical discovery, a case studies or exploring cyber operational approaches; they are not product demonstrations, service sales pitches, or company recruitment presentations. Join us weekly...or explore 25 years of archives for the who's-who in cybersecurity.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Douglas Huelsbeck, The Importance of Security by Design & The Importance of Including Cybersecurity Experts in Your Business Decisions
March 20, 2024 20:30 - 55 minutes - 249 MB VideoHow Cybersecurity relates to various fields of business/ industries – how it works in these fields, different risks and vulnerabilities that are out there, which explains why manufacturing cybersecurity into the design of a product or service is so imperative. In companies today Budget Managers and Business Managers and Engineers are making decisions on their cybersecurity options without including cybersecurity experts in that process. Without the input from the cybersecurity experts, some ...
Alejandro Cuevas, The Fault in Our Stars: How Reputation Systems Fail in Practice
March 06, 2024 21:30 - 1 hour - 274 MB VideoReputation systems are crucial to online platforms' health. They are prevalent across online marketplaces and social media platforms either visibly (e.g., as star ratings and badges) or invisibly as signals that feed into recommendation engines. In theory, good behavior (e.g., honest, accurate, high-quality) begets high reputation, while poor behavior is deterred and pushed off the platform. In this talk, I will discuss how these systems seem to fulfill this mission only coarsely. On one pla...
Sanket Naik, Modern Enterprise Cybersecurity: A CISO perspective
February 28, 2024 21:30 - 59 minutes - 268 MB VideoThe frequency, materiality, and impact of cybersecurity incidents is at a level that the business world has never seen before. CISOs are at the forefront of this. The speaker has experience with developing cybersecurity products and managing IT infrastructure and security from startup to massive scale. The talk will go through the roles, responsibilities, rewards, and perils, of being a CISO in a modern enterprise software company in these turbulent times. We will explore some hard problems t...
Jennifer Bayuk, Stepping Through Cybersecurity Risk Management A Systems Thinking Approach
February 21, 2024 21:30 - 1 hour - 273 MB VideoIn the realm of risk, cybersecurity is a fairly new idea. Most people currently entering the cybersecurity profession do not remember a time when cybersecurity was not a major concern. Yet at the time of this writing, reliance on computers to run business operations is less than a century old. Prior to this time, operational risk was more concerned with natural disasters than man-made ones. Fraud and staff mistakes are also part of operational risk, so as dependency on computers steadily incr...
Jonathan (Jono) Spring, On Security Operations for AI Systems
February 14, 2024 21:30 - 1 hour - 294 MB VideoWe must be methodical and intentional about how Artificial Intelligence (AI) systems are designed, developed, deployed, and operationalized, particularly in critical infrastructure contexts. CISA, the UK-NCSC, and our partners advocate a secure by design approach where security is a core requirement and integral to the development of AI systems from the outset, and throughout their lifecycle, to build wider trust that AI is safe and secure to use. This talk will focus on challenges and opport...
Maksim Eren, Tensor Decomposition Methods for Cybersecurity
February 07, 2024 21:30 - 41 minutes - 185 MB VideoTensor decomposition is a powerful unsupervised machine learning method used to extract hidden patterns from large datasets. This presentation aims to illuminate the extensive applications and capabilities of tensors within the realm of cybersecurity. We offer a comprehensive overview by encapsulating a diverse array of capabilities, showcasing the cutting-edge employment of tensors in the detection of network and power grid anomalies,identification of SPAM e-mails, mitigation of credit card ...
William Malik, Multifactor Authentication - The Problem, Recommendations, and Future Concerns
January 31, 2024 21:30 - 46 minutes - 209 MB VideoIn the course of the talk I'll discuss current authentication challenges, the looming problem with cracking public key encryption, and short and medium term recommendations to help folks stay secure. About the speaker: Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things. This involves technology, policy, and procedures, and impacts acquisition/development through deployment, operations, maintenance, and...
Solomon Sonya, Enhancing Cybersecurity via Lessons Learned from the Evolution of Malware
January 24, 2024 21:30 - 1 hour - 280 MB VideoExploitations in cybersecurity continue to increase in sophistication and prevalence. The purpose of this talk is to discuss how the evolution of malware has led to increased exploitation and then discuss ways to enhance the cybersecurity paradigm. About the speaker: Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master's Degrees in Computer Science, Information Systems Engineering, and...
Leigh Metcalf, Grep for Evil
January 17, 2024 21:30 - 1 hour - 282 MB VideoEvil has been lurking in the Internet since its inception. The IETF recognized this, releasing RFC 3514 on the evil bit. Unfortunately it isn't widely adopted, so we have to find our evil in other ways. Grepping is a time honored way of finding needles in haystacks, so let's see how much evil we can find in the DNS haystack...And can we answer the question of "Why is it so easy?" About the speaker: Leigh Metcalf is a Senior Network Security Research Analyst at the Carnegie Mellon Universit...
Sandhya Aneja, Invisible Signatures: Device Fingerprinting in a Connected World
January 10, 2024 21:30 - 54 minutes - 246 MB VideoThe field of cybersecurity is constantly evolving, and Device Fingerprinting (DFP) has emerged as a crucial technique for identifying network devices based on their unique traffic data.This is necessary to protect against sophisticated cyber-attacks. However,automating device classification is complex, as it involves a vast and diverse feature space derived from various network layers, such as application,transport, and physical. With the advances in machine learning and deep learning, DFP ha...
Mu Zhang, Backtracking Intrusions in Modern Industrial Internet of Things
December 06, 2023 21:30 - 51 minutes - 225 MB VideoAdvanced Persistent Threat (APT) attacks are increasingly targeting modern factory floors. Recovery from a cyberattack is a complex task that involves identifying the root causes of the attack in order to thoroughly cleanse the compromised systems and remedy all vulnerabilities. As a result, the provenance analysis, which can correlate individual attack footprints and thus "connect the dots", is very much desired. Provenance analysis has been well studied in traditional IT systems, yet the OS...
Robert Denz, Mind the Gap: Vulnerabilities and Opportunities for Cyber R&D at the Edge
November 29, 2023 21:30 - 49 minutes - 224 MB VideoThis is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B) Commercial or defense systems are often developed first to meet a mission or customer need. Security of many of these systems is often developed at a component level by each components product team. The product teams often maintain robust security for their component within the system, but security gaps begin to form when the complete system is assembled. Adversaries will seek to exploit these gaps in th...
Andy Ellis, How to Build and Measure a Corporate Security Program
November 15, 2023 21:30 - 54 minutes - 246 MB VideoThe challenge of building a security program is that there are too many things you could be doing, and that creates a challenge for security leaders to decide on which things they should do next.All too often companies pivot from fighting one fire to another fire. They end up cobbling together a security program with duct tape, bailing wire, and a handful of solutions implemented as a reaction to our own incidents and major headlines about other companies' breaches. How should a CISO evaluat...
Wen Masters, Cyber Risk Analysis for Critical Infrastructure
November 08, 2023 21:30 - 39 minutes - 176 MB VideoThis is a hybrid event. Students are encouraged to attend in person: STEW 209. Operational technology (OT) and industrial control systems (ICS) need innovative cybersecurity solutions that go beyond compliance-based security controls in order to be more resilient against increasing cyber threats. This talk describes MITRE Infrastructure Susceptibility Analysis (ISA) that helps ICS/OT organizations to effectively assess risk and prioritize mitigations. About the speaker: As a science and tec...
Steve Lipner, Thinking About the Future of Encryption
November 01, 2023 20:30 - 1 hour - 4 MB VideoDuring the last several years, there has been growing concern that the development of quantum computers could undermine the public-key cryptography that is a fundamental pillar of security on the Internet. Recently, the U.S. Government's National Institute of Standards and Technology has released draft standards for post-quantum encryption algorithms that can replace the existing, and potentially vulnerable public-key encryption. But while the future of encryption will depend on new algorithm...
Courtney Falk, The Bride of the Pod People
October 25, 2023 20:30 - 59 minutes - 269 MB VideoCourtney Falk will discuss his ongoing research into Pod People, the ongoing search-engine optimization spam campaign. This talk combines threat hunting and threat intelligence with real-world applications including insights into how cybercriminals work and how organizations can collaborate. All publicly-accessible indicators collected by this project are published online to contribute to the good of the commons. About the speaker: Dr. Courtney Falk is an information security professional wit...
Derek Dervishian, Fuzzing: Understanding the Landscape
October 18, 2023 20:30 - 55 minutes - 249 MB VideoThe number of software vulnerabilities found in modern computing systems has been on the rise for some time now. As more and more software is being developed, software testing is increasingly becoming an important part of the software development cycle, with the goal of rooting out any and all vulnerabilities before public release. However, finding software vulnerabilities is not a trivial task, especially in complex software systems with thousands of lines of code and complicated system inte...
Rebecca Herold, Sorting Surveillance Benefits from Harms
October 11, 2023 20:30 - 1 hour - 283 MB VideoTracking technologies are proliferating at an increasingly high rate in apps, IoT devices, websites, and in a wide range of files. They are not only impacting privacy in wider and more harmful ways, but they have also extended far beyond the digital world and are also impacting physical safety. Such tools can certainly be very beneficial, when used responsibly and with informed awareness of the cybersecurity and privacy risks. However, when they are used without establishing technical and non...
Khaled Serag, Vulnerability Identification and Defense Construction in Cyber-Physical Systems
October 04, 2023 20:30 - 52 minutes - 238 MB VideoWith the ever-accelerating computerization process of once strictly mechanical systems, information security threats are only expected to increase. This rapidly unfolding process calls into question whether we could promptly cope with the security threats it entails. Unfortunately, a commonly observed trend is for the computerization process to steadily advance while paying little attention to the security aspect until a security vulnerability is discovered, often by an external actor. Only t...
Scott Sage, Erin Miller, How the Cyberspace Domain has Changed the Game for the Space Domain
September 27, 2023 20:30 - 53 minutes - 239 MB VideoThis is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B)As the commercial and international space community grows to reach the projected $1T for the global economy, the vast domain of space becomes increasingly congested and contested. In this Seminar the Space Information Sharing and Analysis Center (Space ISAC) and the National Cybersecurity Center (NCC) team up to share their perspectives and insights on the intersection of cyber and space, how the game is ...
Christopher Nuland, Enhancing Software Supply Chain Security in Distributed Systems
September 20, 2023 20:30 - 1 hour - 299 MB VideoRecorded: 09/20/2023 CERIAS Security Seminar at Purdue University Enhancing Software Supply Chain Security in Distributed Systems Christopher Nuland, Red Hat In the aftermath of the transformative 2020Solarwinds breach, securing software supply chains has surged to the forefront of modern software development concerns. This incident underscored the imperative for innovative approaches to ensure software artifacts' integrity and authenticity. The Supply Chain Level for Software Artifacts (SLSA...
Stuart Shapiro, MITRE PANOPTIC™ Privacy Threat Model
September 13, 2023 20:30 - 53 minutes - 240 MB VideoAs privacy moves from a predominantly compliance-oriented approach to one that is risk-based, privacy risk modeling has taken on increased importance. While a variety of innovative pre-existing options are available for privacy consequences and a few for vulnerabilities, privacy threat models, particularly ones focused on attacks (as opposed to threat actors) remain relatively scarce. To address this gap and facilitate more sophisticated privacy risk management of increasingly complex systems...
Rita Foster, Cyber defender's plead - If it's not codified – Please go away
September 06, 2023 20:30 - 52 minutes - 237 MB VideoProblem: Cyber threat information is rarely codified and never connected to actual infrastructure that needs cyber protections since infrastructure is also not codified.Solution: Infrastructure Expression (IX) – Five use cases for the IX tools with methods using graph theoretics and machine learning will be presented. A full scenario on recent malware binary analysis will be presented highlighting applicability to infrastructure, creation of context specific indicators, cyber observables, and...
Dr. Anand Singh, The State of Software Supply Chain Security
August 30, 2023 20:30 - 1 hour - 270 MB VideoSoftware Supply Chain is emerging as one of the biggest issues that enterprises are facing these days. SolarWinds, Kaseya, 3CX, the examples are way too many. These attacks rapidly multiplied in 2022.In this presentation, we will discuss the trending of software supply chain issues, the federal mandates in the form of executive orders that are impacting this space, emerging best practices and what is the fundamental tech stack to manage these issues, and lastly, what does a good supply chain ...
Marina Gavrilova, Advancements and New Developments in Biometric Privacy, Security and Ethics
April 19, 2023 20:30 - 50 minutes - 227 MB VideoHuman identity recognition is one of the key mechanisms of ensuring proper asset and information access to individuals. It became an established authentication practice for government, consumer, financial and recreational institutions in modern society. Biometrics are also increasingly used in a cybersecurity context to mitigate vulnerabilities and to ensure protection against an unauthorized access. However, with the rise of the technological advancements, such as AI and deep learning, more ...
Kelly FitzGerald, Don't Copy That Floppy!: A History of Anti-cracking Controls in Early Video Games and Its Economic Impact
April 12, 2023 20:30 - 43 minutes - 195 MB VideoThe roots of software piracy were propelled by the fledgling game market of the 1980's where the PC game supply chains were brittle and copying floppy disks was really easy. This talk will walk through the history and evolution anti-cracking controls as video games moved from bedroom game development to a 220 billion dollar industry. About the speaker: Kelly FitzGerald is an Product Security Architect at the RTX CODE Center where she focuses on factory and supply chain cybersecurity and thre...
Sayak Ray, Pre-Silicon Hardware Security Analysis through Information Flow Tracking - Current Industry Applications and Research Questions
April 05, 2023 20:30 - 51 minutes - 229 MB VideoInformation Flow Tracking (IFT) is a useful tool to reason about security of a system. It can be applied at different levels of abstraction - starting from operating system all the way to gate-level circuits through various representations of software and hardware. In this talk, we will focus on IFT at the register transfer level (RTL) representation of hardware and discuss how IFT can be applied to find various types of RTL security vulnerabilities. We will discuss an inductive formulation o...
Wendy Nather, CERIAS Security Symposium Closing Keynote
March 29, 2023 20:30 - 58 minutes - 127 MB Video"What Do We Owe One Another In Cybersecurity?" As the cybersecurity ecosystem evolves, we understand more about how interconnected we are: the ripple effects from breaches, the fact that supply chains aren't discrete lines but rather a web, and that mapping our vulnerabilities is harder than we thought. In this session, Wendy Nather will talk about the concept of civic duty on the Internet — not just sporadic charity efforts or "nice to have" information sharing, but the social norms and obli...
Steve Bellovin, 35 Years of Protecting the Internet
March 22, 2023 20:30 - 59 minutes - 283 MB VideoFor 35 years, the Internet has been bedeviled by attackers. For about as long, defenders have tried deploying various defenses; these have often been of limited utility. We look back at what has happened, focusing on the explicit or (more often) implicit assumptions behind the defenses, and why these assumptions were or were not correct. About the speaker: Steven M. Bellovin is the Percy K. and Vida L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity...
Patrick Schlapfer, Using Endpoint Isolation to Track Malware Trends
March 08, 2023 21:30 - 48 minutes - 219 MB VideoEndpoint security controls have traditionally relied on detecting malicious activity to protect devices from intrusions. But attackers often change their techniques so quickly that detection patterns must be adapted, resulting in a detection lag. Some of this limitation can be solved by using hardware-based process isolation, which isolates risky endpoint tasks from the user's data and critical parts of the operating system. One of the most interesting data sources the HP Threat Research team...
Albert Cheng, Elements of Robust Real-Time Systems: Regularity-Based Virtualization and Functional Reactive Programming
March 01, 2023 21:30 - 54 minutes - 247 MB VideoThe use of sophisticated digital systems to control complex physical components in real-time has grown at a rapid pace. These applications range from traditional stand-alone systems to highly-networked cyber-physical systems (CPS), spanning a diverse array of software architectures and control models. Examples include city-wide traffic control, robotics, medical systems, autonomous vehicular travel, green buildings, physical manipulation of nano-structures, and space exploration. Since all th...
Arjan Durresi, Trust Engineering – from Developing Resilient Systems to Artificial Conscience
February 22, 2023 21:30 - 1 hour - 302 MB VideoThis talk will discuss how we engineer trust among agents, humans, and algorithms to develop solutions to significant practical problems, including Trustworthy AI in multiple applications, Resilience in systems, and a framework for Artificial Conscience to control AI, which we extend to system security. Trustworthiness of AI solutions is emerging as a must for the best use of AI. Using our trust system, we have developed metrics for acceptance, explainability, and fairness of AI solutions hav...
Dean Cheng, Chinese Views of Information and Future Warfare
February 15, 2023 21:30 - 50 minutes - 270 MB VideoExamines Chinese views on the importance of information as the new currency of international power, and discusses how the PLA's restructuring supports PLA efforts at planning for future "informationized local wars." About the speaker: Dean Cheng is a non-resident Senior Fellow with the Potomac Institute for Policy Studies and a Senior Advisor with the US Institute of Peace. He recently retired from the Heritage Foundation as the Senior Research Fellow for Chinese political and security affair...
Ronald Keen, Increasing Dependency; Increasing Threat
February 08, 2023 21:30 - 1 hour - 162 MB VideoIncreasingly, the United States is becoming more and more dependent on Space-based technologies and systems. Our adversaries are well aware of this and have become much more aggressive in their attempts to understand, infiltrate and interfere with Space-based operations, while watching the corresponding impacts to ground-based critical infrastructure. Mr. Keen will discuss that increasing dependency and the associated cyber aspect, then extrapolate that into the upstream and downstream impact...
Jason Ortiz, Securing Your Software Supply Chain
February 01, 2023 21:30 - 1 hour - 282 MB VideoTo secure connected products, developers and manufacturers must use tools and processes that are purpose built to analyze the complex binaries found within connected devices and embedded systems. Beyond the capabilities of traditional security tooling, dedicated product security (software supply chain security) tools must run in the specialized languages, systems, and deployment cycles for these connected devices. In this talk hosted by Finite State's Jason Ortiz, we will examine where tradit...
Aurobindo Sundaram, "Our Journey in Phishing Mitigation"
January 25, 2023 21:30 - 276 MB VideoFor 5 years, we have experimented with technology, people, and process controls at RELX, all designed to create an integrated framework for phishing mitigation. I’ll speak about technology we’ve adopted (and that we haven’t). I’ll speak about failures in industry efforts (e.g., digital signatures). I’ll speak about behavioral science and how we have adopted its concepts to drive behavior change. I’ll speak about the “human is the weakest link/humans are our strongest link” debate ra...
Aurobindo Sundaram, Our Journey in Phishing Mitigation
January 25, 2023 21:30 - 1 hour - 276 MB VideoFor 5 years, we have experimented with technology, people, and process controls at RELX, all designed to create an integrated framework for phishing mitigation. I'll speak about technology we've adopted (and that we haven't). I'll speak about failures in industry efforts (e.g., digital signatures). I'll speak about behavioral science and how we have adopted its concepts to drive behavior change. I'll speak about the "human is the weakest link/humans are our strongest link" debate raging in th...
Mummoorthy Murugesan, "Problems and Challenges in Data Security Posture Management"
January 18, 2023 21:30 - 240 MB VideoThe rise of enterprise cloud computing has brought an even greater emphasis on data. According to an analysis compiled by Statista, two zettabytes of data were created, captured, copied, and consumed globally in 2010. That figure will reach 97 zettabytes this year and 181 zettabytes by 2025. As the adoption of cloud computing continued to evolve, so did how enterprises approached securing their data. Today, enterprises find their data scattered throughout their various cloud systems, ...
Mummoorthy Murugesan, Problems and Challenges in Data Security Posture Management
January 18, 2023 21:30 - 53 minutes - 240 MB VideoThe rise of enterprise cloud computing has brought an even greater emphasis on data. According to an analysis compiled by Statista, two zettabytes of data were created, captured, copied, and consumed globally in 2010. That figure will reach 97 zettabytes this year and 181 zettabytes by 2025. As the adoption of cloud computing continued to evolve, so did how enterprises approached securing their data. Today, enterprises find their data scattered throughout their various cloud systems, and they...
Ambrose Kam, Applying Multi-Agent Reinforcement Learning (MARL) in a Cyber Wargame Engine
January 11, 2023 21:30 - 55 minutes - 250 MB VideoCybersecurity is inherently complicated due to the dynamic nature of the threats andever-expanding attack surfaces. Ironically,this challenge is exacerbated by the rapid advancement of many new technologieslike Internet of Things (IoT) devices, 5G infrastructure, cloud-basedcomputing, etc. This is where artificialintelligence (AI) and machine learning (ML) techniques can be called intoservice, and provide potential solutions in terms of threat detection andmitigation responses in a rapidly ...
Ambrose Kam, "Applying Multi-Agent Reinforcement Learning (MARL) in a Cyber Wargame Engine"
January 11, 2023 21:30 - 250 MB VideoCybersecurity is inherently complicated due to the dynamic nature of the threats andever-expanding attack surfaces. Ironically,this challenge is exacerbated by the rapid advancement of many new technologieslike Internet of Things (IoT) devices, 5G infrastructure, cloud-basedcomputing, etc. This is where artificialintelligence (AI) and machine learning (ML) techniques can be called intoservice, and provide potential solutions in terms of threat detection andmitigation responses in a rapidl...
Julie Haney, Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned
December 07, 2022 21:30 - 49 minutes - 224 MB VideoWhether you're implementing security policy or developing products, considering the human element is critical. Yet security professionals often fall victim to misconceptions and pitfalls that undermine users' ability to reach their full security potential. Grounded in real-world examples and human-centered research, this talk will explore how to recognize and overcome these pitfalls towards improving security through user empowerment. About the speaker: Julie Haney is a computer scientist and...
Julie Haney, "Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned"
December 07, 2022 21:30 - 224 MB VideoWhether you’re implementing security policy or developing products, considering the human element is critical. Yet security professionals often fall victim to misconceptions and pitfalls that undermine users’ ability to reach their full security potential. Grounded in real-world examples and human-centered research, this talk will explore how to recognize and overcome these pitfalls towards improving security through user empowerment.
Meng Xu, "Fast and Reliable Formal Verification of Smart Contracts with the Move Prover"
November 30, 2022 21:30 - 212 MB VideoThe Move Prover (MVP) is a formal verifier for smart contracts written In the Move programming language. MVP has an expressive specification language, and is fast and reliable enough that it can be run routinely by developers and in integration testing. Besides the simplicity of smart contracts and the Move language, three implementation approaches are responsible for the practicality of MVP: (1) an alias-free memory model, (2)fine-grained invariant checking, and (3) monomorphization. The e...
Meng Xu, Fast and Reliable Formal Verification of Smart Contracts with the Move Prover
November 30, 2022 21:30 - 47 minutes - 212 MB VideoThe Move Prover (MVP) is a formal verifier for smart contracts written In the Move programming language. MVP has an expressive specification language, and is fast and reliable enough that it can be run routinely by developers and in integration testing. Besides the simplicity of smart contracts and the Move language, three implementation approaches are responsible for the practicality of MVP: (1) an alias-free memory model, (2)fine-grained invariant checking, and (3) monomorphization. The ent...
Brian Barnier & Prachee Kale, "Making Cybersecurity Reliable and Cybersecurity Careers Rewarding"
November 16, 2022 21:30 - 231 MB VideoPeople face increasing dangers from cyber enemies. At the same time, cyber pros are suffering from stress, burnout and “hamster wheel”syndrome. They experience many difficulties every day in easily protecting people and companies from danger. There is a different option. Cyber pros have the opportunity of better work-life balance, more rewarding careers and achieving their personal missions to better protect people and companies – by making cybersecurity as reliable as electricity. How? T...
Brian Barnier & Prachee Kale, Making Cybersecurity Reliable and Cybersecurity Careers Rewarding
November 16, 2022 21:30 - 51 minutes - 231 MB VideoPeople face increasing dangers from cyber enemies. At the same time, cyber pros are suffering from stress, burnout and "hamster wheel"syndrome. They experience many difficulties every day in easily protecting people and companies from danger.There is a different option. Cyber pros have the opportunity of better work-life balance, more rewarding careers and achieving their personal missions to better protect people and companies – by making cybersecurity as reliable as electricity. How? The sa...
Christine Task, "Data, Privacy---and the Interactions Between Them"
November 09, 2022 21:30 - 276 MB VideoData deidentification aims to provide data owners with edible cake: to allow them to freely use, share, store and publicly release sensitive record data without risking the privacy of any of the individuals in the data set. And, surprisingly, given some constraints, that’s not impossible to do. However, the behavior of a deidentification algorithm depends on the distribution of the data itself. Privacy research often treats data as a black box---omitting formal data-dependent utili...
Christine Task, Data, Privacy---and the Interactions Between Them
November 09, 2022 21:30 - 1 hour - 276 MB VideoData deidentification aims to provide data owners with edible cake: to allow them to freely use, share, store and publicly release sensitive record data without risking the privacy of any of the individuals in the data set. And, surprisingly, given some constraints, that's not impossible to do. However, the behavior of a deidentification algorithm depends on the distribution of the data itself. Privacy research often treats data as a black box---omitting formal data-dependent utility a...
Gideon Rasmussen, Program Maturity - Cybersecurity and Operational Risk Management
November 02, 2022 20:30 - 52 minutes - 237 MB VideoBusiness executives leverage cybersecurity programs to understand residual risk. That helps them make informed decisions to mitigate risk to an acceptable level. This session provides guidance to improve program maturity in stages.Maturity Level 1.Minimal Compliance Development of an information security programshould begin with a reputable baseline such as the NIST Cybersecurity Framework.A framework communicates the minimum controls required to protect an organization. It is also necessary ...