Organizations on a digital transformation journey must make a parallel trip, one that integrates security and risk management into DevOps and Continuous Delivery (CD) processes. Join our security experts to discuss security in the digital world.
@markhughessec@markhughessec what is the state of the art in real #infosec .. protecting while not impeding the flow of information between participants?
Is there such a thing as resilient employees? We talked a lot about the importance of cyber resiliency and since people are such a big part of the security equation, I wondered what a resilient person in this context might look or act like.
I go back to #SRE, "reliability engineering" which could probably be "resiliency" engineering... since we all produce and consume information to live our lives and do our jobs, we need to think about provenance, value / utility and act accordingly
Its a great point. And yes, I think there really is. In one particular significant cyber incident, essentially the business lost most of their IT. It was the quick reaction of the employees and importantly, the willingness to help that averted real disaster
we don't leave our cars / houses unlocked, wallet unattended... but it's harder to manage the best practices in business... we need easy button - think that ML/AI will help #SmartWorkplaces
So a cultural issue as well - having people who are prepared to be curious, to get involved in their own continuous improvement and who feel invested in their business can make a huge difference.
@markhughessec I like the curious... and would add "action oriented" if you see something broken, you fix it - or work with others to ensure it is #ExtremeOwnership
.@DXCTechnology i don't know that I'd want a fully automated Service Desk. There are some tech issues that need to be addressed with a real person. #DXCTechTalk
@HHigginsDXC I think this is where the balance of people and machines comes in -- figuring out the optimal way for people and machines to collaborate. Per @JerryAOverton
@HHigginsDXC I think most of us want a similar UX to what we get with everyday apps & services, where there often isn't a help desk at all (never mind a 'real person')
@DXCTechnology actively shares what it sees in the security landscape with other partners... zero days, real/potential threats and in the future we will be talking about detection models that can be "trained" by companies since the "flow" of every client is dif.
Most enterprise have been migrating for some time from EDI to Secure APIs with SAML Authentication and Encryption for Data-in-Motion. Sensor and sensitivity data flowing from partners into Data Lakes is a key concern today...
@cnokkentved this problem of information flow past corporate boundaries is important in #ecosystem plays... how are you seeing companies like @immuta having an impact?
So its a significant area fo the security team to be engaged from the outset. And then to be monitoring. There is a lot of regulation in or coming that deals with this - GDPR being the most well known
@DanHushon not heard of that yet, as most companies are modernizing basic stuff like Identity & Access Mgmt, Data-In-Motion Encryption and APIs. We are seeing a lot of applications of #blockchain for Active Ingredients in #LifeSciences and #Food industries lately
@immutadata is applying ML to flow data across trading partners to "automate" the appropriate reg/policy/rule enforcement to enable lower friction/risk ecosystems to emerge
@DanHushon there are a lot of solutions emerging in the application of AI in Integrated Risk Mgmt space. Looks like #immutadata efforts to create a machine-readable regulatory format to allow for direct embedding of AI/ML algorithms into the disseminated datasets will be an edge.
security is not supposed to be an afterthought, but rather embedded in the development culture of any enterprise or government organization. So #DevSecOps for building threat & vulnerability resilient code needs to become part of the DNA business technologies