manage

From Michael Scott to Bill Lumbergh: Legal Strategies for When a Manager Goes Rogue




manage

Employers in Europe struggling to manage political discussions at work

Stephan Swinkels and Jan-Ove Becker discuss workplace issues that European employers are struggling with, including geopolitical events, political debates and LGBTQ+ rights. 

Human Resources Director Asia

View




manage

ETSI releases a Technical Report on autonomic network management and control applying machine learning and other AI algorithms

ETSI releases a Technical Report on autonomic network management and control applying machine learning and other AI algorithms

Sophia Antipolis, 5 March 2020

The ETSI Technical Committee on Core Network and Interoperability Testing (TC INT) has just released a Technical Report, ETSI TR 103 626, providing a mapping of architectural components for autonomic networking, cognitive networking and self-management. This architecture will serve the self-managing Future Internet.

The ETSI TR 103 626 provides a mapping of architectural components developed in the European Commission (EC) WiSHFUL and ORCA Projects, using the ETSI Generic Autonomic Networking Architecture (GANA) model.

The objective is to illustrate how the ETSI GANA model specified in the ETSI specification TS 103 195-2 can be implemented when using the components developed in these two projects. The Report also shows how the WiSHFUL architecture augmented with virtualization and hardware acceleration techniques can implement the GANA model. This will guide implementers of autonomics components for autonomic networks in their optimization of their GANA implementations.

The TR addresses autonomic decision-making and associated control-loops in wireless network architectures and their associated management and control architectures. The mapping of the architecture also illustrates how to implement self-management functionality in the GANA model for wireless networks, taking into consideration another Report ETSI TR 103 495, where GANA cognitive algorithms for autonomics, such as machine learning and other AI algorithms, can be applied.




manage

SESAR Deployment Manager signs MoU with ETSI for European Air Traffic Management modernization

SESAR Deployment Manager signs MoU with ETSI for European Air Traffic Management modernization

Sophia Antipolis, 27 July 2020

SESAR Deployment Manager (SDM) has recently signed an MoU with ETSI, namely to participate to the ETSI technical group making standards for aeronautics (TG AERO). SESAR aims at the modernization of Europe’s Air Traffic Management (ATM), crucial for the sustainability of European aviation and the forecasted increase in air traffic by 2035 (pre covid-19 forcast). SDM synchronizes and coordinates the deployment of common projects, translating the regulatory requirements to the industry.

Read More...




manage

ETSI Unveils First Cloud-Native VNF Management Specifications

ETSI Unveils First Cloud-Native VNF Management Specifications

Sophia Antipolis, 17 November 2020

The ETSI group on Network Functions Virtualization (ETSI Industry Specification Group NFV) is pleased to unveil its first specification enabling containerized VNFs to be managed in an NFV framework. The ETSI GS NFV-IFA 040 specifies requirements for service interfaces and an object model for OS (Operating System) container management and orchestration.

Read More...




manage

ETSI Encrypted Traffic Integration group extends term to work on cryptographic and key management models

ETSI Encrypted Traffic Integration group extends term to work on cryptographic and key management models

Sophia Antipolis, 2 August 2022

ETSI has recently extended the term of its Industry Specification Group Encrypted Traffic Integration (ISG ETI) for a two-year period through to mid-2024 to work on specific cryptographic and key management models.

Read More...




manage

ETSI’s Zero-touch network Service Management group renewed for two years

Sophia Antipolis, 5 October 2023

ETSI is pleased to announce the extension of its Zero touch network and Service Management group (ISG ZSM) for an additional 2 year-period.

Read More...




manage

ETSI Announces 1st Release of SDG OpenCAPIF Delivering a Robust, Secure, and Efficient 3GPP API Management Platform

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...




manage

MAA Toronto Presents - Intro To Wealth Management

Starts: Wed, 20 Nov 2024 19:30:00 -0500
11/20/2024 06:00:00PM
Location: Toronto, Canada




manage

Manager, Administration & Corporate Services

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as Manager of Administration & Corporate Services for a one-year, renewable appointment in the Finance and Administration Division. The Manager of Administration & Corporate Services AFR is responsible for the overall coordination of administrative matters between IFPRI's headquarters in Washington DC and the IFPRI regional and country/project offices in Africa. The position provides management and operational support to IFPRI regional and country/project offices in Africa including related administrative aspects of current and new corporate partnerships in Africa. This position is based in Dakar, Senegal.  Essential Duties: Specific Duties include but are not limited to: Lead finance and administration functions of the Dakar office, providing operational support and oversight of day-to-day office activities.  Provide management support and oversight of the financial and administrative operations of IFPRI Regional and country/project offices in Africa, including functions such as budgeting, contracts and grants, human resources, facilities and IT management. Work closely with key administrative departments at IFPRI headquarters for accounting, human resources, computer services and facilities/office services, in the development of and roll-out of IFPRI-wide policy and procedure changes, providing guidance and training as needed to regional and country offices to ensure that the quality of operational support meets IFPRI operations standards. Regular analysis of operations capacity of IFPRI offices in Africa, identifying and making recommendations regarding opportunities for improvement in IFPRI’s administrative operations and processes, and undertaking new initiatives as agreed. Build strong relationships with Country Office Heads and Country Administrative and Finance Managers, providing advice, guidance, and support in all areas of operations and ensuring compliance with IFPRI policies and procedures. Financial reporting oversight for IFPRI regional and country offices in Africa, and supervision and management of the Hub Finance and Administration unit team, ensuring compliance with IFPRI and donor standards, policies and procedures and processes. Participation in the formulation of annual budgets and capital plans for IFPRI offices in Africa. Provide management oversight to ensure that proper financial controls are in place and processes are compliant with correct accounting procedures, providing strategic direction in developing options for addressing any weaknesses. Monitor projects in African locations on an as required basis. Facilitate decision-making on human resource (HR) matters relating to IFPRI offices in Africa (policies and procedures, labor law compliance, staffing, recruitment, conflict resolution, etc.) Work to build the capacity of finance, administrative staff members throughout IFPRI offices in Africa through regular training sessions and mentoring support. Contribute to the internal and external audit preparations for IFPRI offices in Africa and provide support on the implementation of audit recommendations and actions. Required Qualifications: Bachelor’s degree plus twelve years of relevant professional experience or Master’s degree plus ten years of relevant experience.  Minimum of four years management experience. Excellent verbal, written and interpersonal skills. Strong customer service skills. Ability to work effectively with all levels of organizations, including regional partners and donors. Ability to work autonomously, yet keep others informed. Ability to work in a multicultural setting. Excellent attention to details. Fluency in French is highly preferred.  ​Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch Employee will lift between 0-10 pounds Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.




manage

Accounting Manager

Job Summary:  The International Food Policy Research Institute (IFPRI) seeks an Accounting Manager for a two-year, renewable appointment to provide general accounting support in the Accounting Department. This position will report to the Controller and is based at IFPRI headquarters located in Washington, DC. Essential Duties: Specific duties and responsibilities include but are not limited to: Manage the daily accounting activities required to maintain the general ledger in compliance with financial policies and procedures. Supervise, direct, and review the work of the General Ledger, Accounts Payable and Payroll accountants. Manage and oversee in-house payroll processing and federal, state, and local tax filings in a timely manner.   Maintain organized set of detailed records and files to document and support financial transactions. Routinely analyze general ledger accounts to ensure accuracy and appropriate summaries of accounts detail is maintained.  Prepare and/or review general ledger bank account reconciliations and ensure reconciling items are cleared in a timely manner. Respond to inquiries and assist staff to resolve issues in a timely manner. Inform Controller of relevant issues regarding financial controls, accounting, and reporting. Recommendations improvements to accounting processes and procedures and assist with implementation as needed. Assist with internal and external audits.   Ensure field office transactions are recorded timely and accurately.  Serve as the point of contact for accounting matters for IFPRI’s field offices. Perform other duties as assigned or required.   Qualifications:  B.S. Degree in Accounting plus ten years of relevant work experience, a Masters Degree in Accounting plus seven years of relevant work experience, or equivalent experience At least two years as management experience  Experience using Deltek Costpoint 8.1 or higher preferable Knowledge of GAAP and USAID regulations Experience with basic grant/contract administration Proficiency with Microsoft Excel and Word Strong supervisory experience Detail oriented – strong analytical skills Ability to work independently and multi-task under tight deadlines in a fast-paced environment Excellent interpersonal skills with demonstrated ability to work in a multi-cultural environment Excellent written and verbal English communications skills Strong organizational skills with ability to prioritize work Physical Demand & Work environment: Employee will sit in an upright position for a long period of time.  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary range for this job requisition is between $85,600 - $104,900.  In determining your salary, we will consider your experience and other job-related factors.  Benefits IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a  summary of our benefits can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US based employees who work at least 25 hours per week.  The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.




manage

Research Unit Contracts & Grants Manager I

The Development Strategies and Governance (DSG) Unit within the Transformation Strategies Department of the International Food Policy Research Institute (IFPRI) seeks a Research Unit Contracts & Grants Manager I, who will be responsible for financial management which includes budgetary responsibilities, cost monitoring and control, and financial analysis and reporting, contracts administration which includes proposal preparation and submission and the administration of the Unit’s special projects. Other responsibilities include supervising Unit Admin Support staff, serving as liaison with finance and administration as well as the Director General’s office; drafting correspondence for the Unit director and communication with external contacts (donors, clients, collaborators, sub-contractors and auditors); and service as active member on various standing and ad-hoc committees, as well as work with Project Managers in management of budgets, contracts, deliverables, invoices and other payment documents. This position is a 2-year, renewable appointment based in Washington, DC.   Essential Duties: Specific duties and responsibilities include but are not limited to: Providing technical support in proposal preparation, reviewing contracts to ensure they reflect the provisions negotiated, and monitoring performance of contracts and submission of specified deliverables.  Drafting, negotiating and monitoring consultant collaborative agreements, serve as liaison between program collaborators and finance/administrative issues, review monthly financial reports, and provide financial analysis reports on projects.  Preparing the divisional budgets and monitoring expense budgets Coordinating the drafting of project/program budgets; review of accounting transactions.  Developing spreadsheets & maintaining financial information for planning & reference. Drafting routine correspondence regarding contracts or project/program finances. Assisting in financial audits Coordinating financial and operational activities for field offices Ensuring the smooth operation of the program’s day-to-day activities; coordinate seminars and workshops, manage logistical arrangements on seminars/workshops. Liaising with IFPRI HR Services, Facilities and IT department for related issues and needs. Preparing administrative and operational procedures for the division and approves timesheets Maintaining division files Supervising administrative support staff Other tasks as assigned. Required Qualifications:  Bachelor’s degree plus ten years of relevant experience, or associate’s degree plus twelve years of relevant experience.   Two year of management experience Experience in developing, monitoring and managing budgets and contracts. Experience in coordinating budget processes, reviewing accounting transactions, developing financial projections and reports. Solid composition, grammar and proof-reading skills, with the ability to compose correspondence and reports; excellent written and oral English communications skills. Proficient in Microsoft Office; word processing & spreadsheet programs required. Ability to handle multiple tasks & prioritize tasks with minimal supervision in a fast-paced environment. Demonstrated experience and comfort working with multiple program managers simultaneously.  Ability to prioritize and coordinate tasks in such an environment. Demonstrated flexibility to adjust to multiple individual work styles.  Attention to detail and ability to work within a team in a multicultural environment.   Preferred Qualifications: Familiarity with IFPRI’s operational systems (finance, accounting, etc.) and the CGIAR system is highly desirable.  Proficiency in a second language of the U.N. system Demonstrated proficiency with MS Office, especially Microsoft Word, Outlook, Excel, and PowerPoint required, and demonstrated proficiency with financial management and administrative software applications such as Costpoint, OnBase, Deltek, and/or other applications. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary range for this job requisition is between $85,600- $104,900. In determining your salary, we will consider your experience and other job-related factors.  Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.




manage

CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

View Change Log

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

CVEDescriptionCVSSv3
CVE-2024-47575FortiManager Missing authentication in fgfmsd Vulnerability9.8

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

 

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

 

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Affected ProductAffected VersionsFixed Version
FortiManager 6.26.2.0 through 6.2.12Upgrade to 6.2.13 or above
FortiManager 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiManager 7.07.0.0 through 7.0.12Upgrade to 7.0.13 or above
FortiManager 7.27.2.0 through 7.2.7Upgrade to 7.2.8 or above
FortiManager 7.47.4.0 through 7.4.4Upgrade to 7.4.5 or above
FortiManager 7.67.6.0Upgrade to 7.6.1 or above
FortiManager Cloud 6.46.4 all versionsMigrate to a fixed release
FortiManager Cloud 7.07.0.1 through 7.0.12Upgrade to 7.0.13 or above
FortiManager Cloud 7.27.2.1 through 7.2.7Upgrade to 7.2.8 or above
FortiManager Cloud 7.47.4.1 through 7.4.4Upgrade to 7.4.5 or above
FortiManager Cloud 7.6Not affectedNot Applicable

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

Change Log

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.




manage

Context Is King: From Vulnerability Management to Exposure Management

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

  • Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
     
  •  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
     
  • Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

  • Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
     
  • Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
     
  • Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

  • Domain admin group on internet-exposed hosts with critical vulnerabilities
  • Devices exposed to the internet via RDP with an associated identity account with a compromised password
  • Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:




manage

Towards 2035: Common Prosperity and Urban-Rural Poverty Management System [in Chinese]

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.




manage

Investor Alert: Investors are not required to use claims management companies to communicate with the CSA, CIRO or OBSI

TORONTO – The Canadian Securities Administrators (CSA), the Canadian Investment Regulatory Organization (CIRO), and the Ombudsman for Banking Services and Investments (OBSI) remind investors that they all offer investors services related to claims or complaints free of charge.




manage

Integrated management of the Blue Nile Basin in Ethiopia under climate variability and climate change hydropower and irrigation modeling [in Amharic]

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.




manage

Leading Analyst Firm Ranks Tenable #1 for Sixth Consecutive Year in Market Share for Device Vulnerability Management

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

tenablepr@tenable.com




manage

Tenable Tackles Emerging Cloud and AI Risks With the Launch of Data and AI Security Posture Management for Cloud Environments

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

  • Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
  • Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
  • Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

tenablepr@tenable.com




manage

PenderFund Capital Management Ltd.

HeadnotePursuant to National Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief from the prohibition on the use of corporate officer titles by certain registered individuals in respect of institutional clients -- Relief does not extend to interact




manage

Canada Life Investment Management Ltd.

HeadnoteNational Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Exemption granted to existing and future alternative investment funds from the margin deposit limits in subsection 6.8(1) and paragraph 6.8(2)(c) of NI 81-102 to permit each fund to depo




manage

1832 Asset Management L.P.

HeadnoteNational Policy 11-203 -- Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief granted from NI 41-101 to funds offering exchange-traded and conventional mutual fund series under a single simplified prospectus -- subject to conditions -- Technical relief g




manage

New Global Executive MBA Program in Healthcare & the Life Sciences Launched by the University of Toronto’s Rotman School of Management

Toronto, ON – With the pace of change in healthcare and the life sciences sector accelerating at unprecedented rates, a new Executive MBA program from the University of Toronto’s Rotman School of Management aims to prepare working professionals in the sector to lead their organizations, businesses and health systems. The Global Executive MBA in Healthcare & […]




manage

Faculty and Doctoral Students Honoured with Research Awards at the University of Toronto’s Rotman School of Management

Toronto, ON – Current faculty members and a former doctoral student from the areas of accounting, organizational behaviour and strategic management have received awards for their research papers from academic associations and publications. A paper published in Administrative Science Quarterly was honoured with two top awards last month. Whitened Résumés: Race and Self-Presentation in the Labor […]




manage

Rotman School Professor Appointed to Lead Research Initiatives at the International Centre for Pension Management

Toronto, ON – Mikhail (Mike) Simutin, an associate professor of finance at the University of Toronto’s Rotman School of Management, has been appointed the associate director of research for the International Centre for Pension Management (ICPM). In the new role he will drive ICPM’s research initiatives and strengthen the organization’s position as a global pension […]




manage

Rotman Professor Named as Management Thinker to Watch by Thinkers50

Toronto, ON – A professor at the University of Toronto’s Rotman School of Management who has become known for his research and teaching on catastrophes and risk management has been named to the 2017 Thinkers50 Radar list of the 30 management thinkers in the world most likely to shape the future of how organizations are managed […]




manage

World’s Preeminent Student Trading Competition Returns to the University of Toronto’s Rotman School of Management

Toronto, ON – The world’s preeminent trading competition for university students returns for its 14th year at the University of Toronto’s Rotman School of Management. The students, along with their faculty advisors, from 52 different universities which include teams from China, Iceland, India, and South Africa, will participate in the competition which takes place from February […]




manage

Excellence in Teaching and Research Honoured at University of Toronto’s Rotman School of Management

Toronto, ON – Seven faculty members at the University of Toronto’s Rotman School of Management have received awards for achievements in research and teaching. Four faculty members were awarded with the 2016 Roger Martin Awards for Excellence in Research and Teaching. Established by Prof. Roger Martin, a former Dean of the Rotman School, the awards are […]




manage

Scholarship in Honour of JosepRotman Awarded at University of Toronto’s Rotman School of Management

Toronto, ON – For the second year, a Joseph L. Rotman Scholarship has been awarded to an incoming student in the Full-Time MBA program at the University of Toronto’s Rotman School of Management. Heather Beatty is the recipient of the full tuition scholarship, which she received, based on the strength of her overall application to […]




manage

“Nudge-a-thon” at University of Toronto’s Rotman School of Management Tackles Public Transit Fare Evasion

Toronto, ON – Fare evaders are a problem faced by public transit systems in cities across the world. Evaders are willing to break the law and risk a significant penalty for the free ride. In Toronto, fare evasion is estimated to cost around $20 million a year in lost revenue. An event at the University […]




manage

New Program in Management Analytics Launched at UofT’s Rotman School of Management

Toronto, ON – A new program at the University of Toronto’s Rotman School of Management aims to equip graduates with the skills to succeed in the field of management analytics. The Master of Management Analytics (MMA) is a rigorous nine-month program aimed at recent university graduates and provides students with advanced data management, analytical and […]




manage

What Can Companies Do to Stay Alive Asks New Book from Strategic Management Faculty at UofT’s Rotman School Management

Toronto, ON – From Volkswagon to BP, from Blackberry to Bombardier, from United Airlines to Equifax, businesses — large and small — face threats to their survival. These worries keep corporate leaders awake and night. Is there anything businesses can do about it? This question and more is answered in new book, Survive and Thrive: […]




manage

Chair Established at University of Toronto’s Rotman School of Management in Honour of BMO’s William Downe

Toronto, ON – A new chair has been established in honour of William Downe, a graduate of the MBA program at the University of Toronto’s Rotman School of Management. The chair was announced at the Rotman Alumni Awards Dinner on October 18 where Downe received a Lifetime Achievement Award. Downe is the former Chief Executive Officer […]




manage

Rotman School Professor and Former Dean Named as Most Influential Management Thinker in the World

Toronto, ON – A professor and former Dean of the University of Toronto’s Rotman School of Management was named as the number one management thinker in the world by Thinkers50, the premier ranking of global business thinkers. Prof. Roger Martin, the former Dean of the Rotman School from 1998 to 2012, received the honour during […]




manage

New Financial Innovation Hub Established at the University of Toronto’s Rotman School of Management

Toronto, ON – A new partnership has been launched at the University of Toronto’s Rotman School of Management to promote and develop initiatives for students and faculty in the area of financial innovation across all of the school’s programs. The Rotman Financial Innovation Hub in Advanced Analytics (Rotman FinHub) will create new classes and learning […]




manage

Why Should Talent Acquisition Managers Hire Sourcers and Recruiters?

The process through which corporations seek, track, and interview job candidates and train new employees is called talent acquisition. A talent source looks for and finds suitable candidates. They do this by employing a variety of proactive recruiting tactics. Sources seek applicants who are both active and passive. The human resources (HR) department is normally in charge of this.




manage

Top 5 Tips to Effectively Manage a Remote Workforce

Even before COVID-19 took the world by storm, giving everyone a "new normal," remote work was already on the rise. Prior to the global pandemic a study by Upwork from their Future Workplace Report found that 5x the number of hiring managers expect more of their team to work remotely in the next 10-years. Now, given the new state of the world, every company that can has been forced to rapidly adopt remote work as a means to continue business operations ...




manage

2023 Quality Leadership Ranking: #3 Electro Product Management Inc.

Since they have achieved this cyber security status, EPM are currently ahead of the industry. Less than 30% of companies are where they need to be with cyber security compliance, according to their auditor.




manage

The Quality Toolbox for Supply Chain Management

In March 2013, Lululemon, a billion-dollar Canadian athletic apparel company, made headlines after the media got wind of an unusual story. The Vancouver-based company recalled its popular black yoga pants after customers complained that the active wear was too sheer.




manage

CyberMetrics Announces New Leadership of the Asset Management Division

Though FaciliWorks CMMS is already used by hundreds of Mexican companies, there is still an enormous number of potential clients who are in need of a system like FaciliWorks.




manage

Integrated, Centrally-Managed Machine Vision for Built-In Quality

Labor shortages continue to pressure manufacturers, with some dedicating up to 20% of their workforce to manual inspection. Embracing Quality 4.0 with automated in-line inspections and AI process analytics could provide significant value.




manage

Machine Vision Project Management – What’s Different?

Machine vision projects often face challenges such as slow progress, difficulty in getting quotes, cost overruns, and unreliable operation. These issues require recognizing and adapting to the unique nature of machine vision projects compared to other types of projects.




manage

White Paper: 2021 Quality Management Trends Report

To help quality professionals understand how their processes and approaches compare to those of other companies and the future outlook, ENGINE interviewed quality and environmental health and safety (EHS) professionals to develop the present "2021 Quality Management Trends Report," commissioned by Veeva.




manage

Vitrek Names D’Amico Eastern Regional Sales Manager

Vitrek announced that Bob D’Amico has joined the Vitrek sales team as Eastern Regional Manager.




manage

Energy Management: Empowering Quality Departments to Lead the Energy Efficiency Charge

A paper released by the U.S. Energy Information Administration (EIA) addresses the importance of renewable energy in mitigating climate change and the challenges posed by the global energy crisis. It emphasizes the need to improve energy efficiency in response to increased energy consumption worldwide.





manage

The Ever-Changing Life of a Quality Management System?

A quality management system program ensures that products and services meet predefined standards, customer expectations, and company-wide benchmarks. One key principle is "first time right," addressing errors immediately at every step.




manage

QT9 QMS Quality Management Software

QT9 Software launched QT9 QMS Version 16.0, adding two new modules and numerous improvements to its quality management software (QMS).




manage

The Case for Re-Educating Leadership on How to Manage for Quality

Leaders prioritize efficiency and productivity over quality management, compromising long-term standards, evident in the widespread adoption of operational excellence programs like Lean and Six Sigma.





manage

Accurate, Reliable Color Management Starts With Right Tools and Right Partner

Don't cut corners on color-matching tools. Professional equipment has advantages that imitations can't match. Learn more in this article.




manage

Greenhouse Gases Related to ISO 9001 Amendment 1 Clause 4.2 – and other Management System Standards (MSS)

How is the ISO involved with Greenhouse Gasses (GHG)? Over the past 20 years or so, ISO has released a number of standards around GHG.