November 17, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | BU Soft Tech | itTrident | Former Sr. VP & CTO of MF Utilities
Mind presents a matrix that measures “performance” and “generality” across five levels, ranging from no AI to superhuman AGI, a general AI system that outperforms all humans on all tasks. Performance refers to how an AI system’s capabilities compare to humans, while generality denotes the breadth of the AI system’s capabilities or the range of tasks for which it reaches the specified performance level in the matrix. ... DeepMind suggests that an AGI benchmark would encompass a broad suite of cognitive and metacognitive tasks, measuring diverse properties, including linguistic intelligence, mathematical and logical reasoning, spatial reasoning, interpersonal and intrapersonal social intelligence, the ability to learn new skills, and creativity. However, they also acknowledge that it is impossible to enumerate all tasks achievable by a sufficiently general intelligence. “As such, an AGI benchmark should be a living benchmark. Such a benchmark should therefore include a framework for generating and agreeing upon new tasks,” they write.
Unfortunately, a majority of CISOs are spending their limited time firefighting issues rather than contributing to business strategy or forging relationships. This is where a business information security officer (BISO) can come in. According to Forrester, the BISO operates on behalf of the CISO, serving as an advisor and bridge to functional leaders. In other words, it’s a security role that puts business first. ... Security culture can be defined as the values, attitudes, customs, beliefs, and social behaviors that influence the security posture of an organization. It’s the stuff that drives secure behavior in employees (even when no one’s watching); it’s the security instinct that kicks in when someone sees something unusual or suspicious. Traditionally, most CISOs are not in close contact or communication with employees, and therefore, it is difficult for them to influence and promote a positive security culture. With the BISO role, it's different; since the BISO enjoys closer ties with various business groups and has a better understanding of employee requirements and sentiments, they are better positioned to influence culture change.
On the 11 companies that were successfully infiltrated, the threat actors executed malicious code to conduct reconnaissance of the firewall configurations and determine the next course of action. "This kind of coordination requires planning and resources," SektorCERT said in a detailed timeline of events. "The advantage of attacking simultaneously is that the information about one attack cannot spread to the other targets before it is too late." "This puts the power of information sharing out of play because no one can be warned in advance about the ongoing attack since everyone is attacked at the same time. It is unusual – and extremely effective." A second wave of attacks targeting more organizations was subsequently recorded from May 22 to 25 by an attack group with previously unseen cyber weapons, raising the possibility that two different threat actors were involved in the campaign. That said, it's currently unclear if the groups collaborated with each other, worked for the same employer, or were acting independently.
领英推荐
Event Storming is a powerful and collaborative workshop-based technique used to gain a deep understanding of complex systems, processes, and domains. It was introduced by Alberto Brandolini, an expert in domain-driven design and Agile software development. Event Storming stands out as a versatile and practical approach that brings together stakeholders, domain experts, software developers, and business analysts to unravel the intricacies of a system. At its core, Event Storming is a visual modeling method that uses sticky notes and a large workspace, such as a wall or whiteboard, to represent various events and interactions within a system. These events can range from user actions, system processes, and domain events to business rules and policies. The workshop participants collaboratively contribute to this visual representation, creating a shared understanding of the system’s behavior and business processes. Event Storming starts with a domain description, then Big Picture. Big Picture Event Storming is the first step in understanding complex systems.?
In this era of evolving cyber threats, integrating cybersecurity into physical security is not a choice but an organizational necessity. In most cases, physical security and cybersecurity work as two sides of the same backbone in the spectrum of security. Physical security protects tangible assets, such as buildings, equipment, and people, from physical threats. On the other hand, cybersecurity focuses on safeguarding digital assets, information, and systems from virtual threats, including hacking, malware, and data breaches. In this context, just as a backbone provides structural support to the body, the integration of cybersecurity into the realm of physical security offers a robust defense for an organization. This fusion of digital and physical security measures creates a comprehensive defense strategy which safeguards firm-specific assets, personnel, and data from various threats. This integrated approach ensures not only the protection of the physical infrastructure but also the prevention of unauthorized access, tampering, and disruptions caused by cyberattacks. It is paramount to understand how cybersecurity enhances physical security systems’ resilience.
The engineers who wrangle company data to build ML models know it’s far more complex than that. Data may be unstructured or poor quality, and there are compliance, regulatory, and security parameters to meet. There is no quick-fix to closing this expectation-reality gap, but the first step is to foster honest dialogue between teams. Then, business leaders can begin to democratize ML across the organization. Democratization means both technical and non-technical teams have access to powerful ML tools and are supported with continuous learning and training. Non-technical teams get user-friendly data visualization tools to improve their business decision-making, while data scientists get access to the robust development platforms and cloud infrastructure they need to efficiently build ML applications. At Capital One, we’ve used these democratization strategies to scale ML across our entire company of more than 50,000 associates. When everyone has a stake in using ML to help the company succeed, the disconnect between business and technical teams fades. So what can companies do to begin democratizing ML??