July 06, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The key to avoiding trouble as a security leader, Nall says, is awareness of three things: how government investigations work, how the government interacts with companies during the process, and the incentives companies have to resolve their cases in one way or another.?When push comes to shove, for example, companies will be pressured to name and shame individuals. In his proceedings, Sullivan's legal team painted a picture of a company (Uber) trying to rebrand itself, and holding him up as a lamb to the slaughter.?"It's very unfortunate because the consequences are faced by one individual, or a few individuals, although the ability to make sure that [an incident] doesn't happen is a community-based effort within organizations," says ArmorCode's Karthik Swarnam, formerly chief information security officer (CISO) of Kroger, DIRECTV, and TransUnion.?To avoid being singled out (and because it's good security practice),?CISOs should focus on building clear and robust lines of communication
Keen to address this, Wells and the Pearson technology working group, which includes tech leadership from across the brand’s different organizations, came up with 12 key attributes, including security and maintainability, to rate their technology assets in a consistent way. These tech debt audits provided a clearer picture of where their biggest risks were, which, in turn, allowed them to prioritize what needs to be addressed first
The strategy must align with the capabilities of the organization and the competitive reality of the environment. Such an alignment has never been more important, as artificial intelligence (AI) and other changes disrupt industries and sectors. Before rushing to adopt the latest AI tool, whether it is deep learning or large language models, organizations must assess whether the new tech is strategically aligned. ... Aligning people with the desired strategic position
领英推è
Open source in AI and machine learning is not just about software, it's about the synergy of code and data. The growing ecosystem of open-source models encompasses everything from code to data and weights, making powerful tools widely accessible. ... The term "large language models" (LLMs) is often used broadly and imprecisely, muddying discussions about their capabilities and applications. The distinction between encoder models and large generative models is therefore very important. Encoder models involve task-specific networks that predict structured data, while large generative models rely on prompts to produce free-form text, necessitating additional logic to extract actionable insights. ... Companies like OpenAI might dominate the market for user-facing products but not necessarily the AI and software components behind them. While user data is advantageous for improving human-facing products, it is less critical for enhancing the foundational machine-facing tasks. Gaining general knowledge doesn't require specific data, which is at the core of the innovation behind large generative models.
CISA says that all information in the CSAT tool was encrypted using AES 256 algorithm, and the keys were also inaccessible “from the type of access the threat actor had to the system.†The agency also found “no evidence of credentials being stolen.†However, impacted organizations should assume data theft “out of abundance of caution†and assume that “that this information could have been inappropriately accessed,†the agency said. The agency also stated that even without data theft, the intrusion “met the threshold of a major incident under the Federal Information Security Modernization Act (FISMA),†given the number of individuals and chemical facilities impacted. Subsequently, CISA directed impacted chemical facilities to maintain cyber and physical security measures
To illustrate how the technology works, the team installed a traffic signal along the demonstration pathway. Gankov says an actual traffic-light timer from a traffic-signal cabinet was connected to a TV screen, providing a visual for attendees. A dedicated short range communications (DRSC) radio was also attached, broadcasting the signal’s phase and timing information to the vehicle. This setup enabled the vehicle to anticipate the traffic light’s actions far more accurately than a human driver could. ... These autonomous driving strategies