ETSI OSM Release SIX enhances Edge support and lets your Network Service fly

Sophia Antipolis, 20 June 2019

ETSI OSM Release SIX is now available! The new Release brings a huge new set of capabilities to provide end-to-end orchestration across heterogeneous networks and cloud technologies.

Read More...

ETSI NFV announces new features to its architecture to support 5G

Sophia Antipolis, 1 July 2019

ETSI NFV has enhanced the system as well as designed new features to support 5G networks. Specifically, 5G resource management and orchestration aspects were added on top of the NFV Release 2 architecture framework.

Read More...

First ETSI C-V2X interoperability event tests ETSI ITS and 3GPP standards

Registration now open!

Sophia Antipolis, 8 November 2019

ETSI, with experts from its Center for Testing and Interoperability, in partnership with the 5GAA, is organizing the first C‑V2X Plugtests^TM event.

Hosted by DEKRA in its Connected Vehicle Test Development Centre in Malaga from 2-6 December 2019, the event will enable vendors to run interoperability test sessions to assess the level of interoperability of their implementations and validate their understanding of the standards. Interoperability testing checks that devices built to the same standards can work together and provide the functionalities specified in the standards.

Read More...

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...

ETSI's Securing Artificial Intelligence group appoints Chair and Vice Chairs

Sophia Antipolis, 27 January 2020

ETSI's new Industry Specification Group on Securing Artificial Intelligence (ISG SAI) met last week for its second meeting and appointed Alex Leadbeater (BT) as its Chair. Dr Kate Reed (NCSC) was appointed as First Vice Chair and Tieyan Li (Huawei) was appointed as Second Vice Chair. This second meeting, after the launch of the group last October, was also the place to discuss work priorities.

Read More...

ETSI releases a Technical Report on autonomic network management and control applying machine learning and other AI algorithms

Sophia Antipolis, 5 March 2020

The ETSI Technical Committee on Core Network and Interoperability Testing (TC INT) has just released a Technical Report, ETSI TR 103 626, providing a mapping of architectural components for autonomic networking, cognitive networking and self-management. This architecture will serve the self-managing Future Internet.

The ETSI TR 103 626 provides a mapping of architectural components developed in the European Commission (EC) WiSHFUL and ORCA Projects, using the ETSI Generic Autonomic Networking Architecture (GANA) model.

The objective is to illustrate how the ETSI GANA model specified in the ETSI specification TS 103 195-2 can be implemented when using the components developed in these two projects. The Report also shows how the WiSHFUL architecture augmented with virtualization and hardware acceleration techniques can implement the GANA model. This will guide implementers of autonomics components for autonomic networks in their optimization of their GANA implementations.

The TR addresses autonomic decision-making and associated control-loops in wireless network architectures and their associated management and control architectures. The mapping of the architecture also illustrates how to implement self-management functionality in the GANA model for wireless networks, taking into consideration another Report ETSI TR 103 495, where GANA cognitive algorithms for autonomics, such as machine learning and other AI algorithms, can be applied.

ETSI’s new group on COVID-19 tracing apps interoperability moving fast: officials elected and work programme set up

Sophia Antipolis, 11 June 2020

The ETSI E4P group, “Europe for Privacy-Preserving Pandemic Protection”, launched a month ago has already held two meetings. The work of ISG E4P aims to facilitate the development of backward-compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break viral transmission chains.

Read More...

New ETSI white paper: Harmonizing standards for edge computing, a synergized architecture leveraging ETSI ISG MEC and 3GPP specifications

Sophia Antipolis, 27 July 2020

Members and officials of the ETSI Multi-access Edge Computing group and the 3GPP SA WG6 have just published a new white paper which aims to harmonize standards for edge computing. The white paper highlights the role of standards for edge when edge computing is deployed in conjunction with mobile networks. It also reviews the leading efforts in the industry and introduces a synergized architecture which leverages the ETSI ISG MEC and 3GPP specifications. This paper highlights the value proposition of different standards streams and how those standards may be combined when it comes to deployments. Some deployment options are discussed.

Read More...

New ETSI White Paper on Enhanced DNS Support in Distributed MEC Environments

Sophia Antipolis, 8 September 2020

Today ETSI announces the publication of its White Paper on DNS Support in Distributed MEC Environments. DNS (Domain Name System) is a key infrastructure element in any distributed edge cloud as it is used to ensure that modern (i.e. URL/URI-based) services requests are resolved to the properly located service instances. The best instance may often be decided based on properties other than location, e.g., service latency, resource availability as well as the device identifier.

Read More...

ETSI announces MEC Sandbox for edge app developers

Sophia Antipolis, 6 January 2021

ETSI announces the launch of ETSI MEC Sandbox, available at https://try-mec.etsi.org/. The Sandbox is designed to allow application developers to experience and interact with an implementation of ETSI MEC APIs and test out their applications.  

Read More...

CEN, CENELEC AND ETSI HELD A WORKSHOP ON STANDARDS IN SUPPORT OF THE INDUSTRIAL DATA VALUE CHAIN

Sophia Antipolis, 29 September 2021

Industrial data has become one of the top strategic priorities for European and international industry in the recent years. Well managed and duly exploited, industrial data bring a significant competitive edge to businesses and can greatly improve overall efficiency, be it by supporting core processes or by providing a new source of insights.

In this data-driven era, industrial data play an essential role in building the foundation of the next wave of digitization in Europe. For this reason, it is key to the success of a harmonized Single Market and European competitiveness in the global market, but also for the success of the twin transition (green and digital) at the heart of the EU policy agenda.

Read More...

ETSI releases two Technical Reports to support US NIST standards for post-quantum cryptography

Sophia Antipolis, 6 October 2021

In 2016 the US National Institute of Standards and Technology (NIST) announced their intention to develop new standards for post-quantum cryptography. They subsequently initiated a competition-like standardization process with a call for proposals for quantum-safe digital signatures, public-key encryption schemes, and key encapsulation mechanisms. NIST have stated that they intend to select quantum-safe schemes for standardization at the end of the current, third round of evaluation.

Read More...

World’s first non-cellular 5G technology, ETSI DECT-2020, gets ITU-R approval, setting example of new era connectivity

Sophia Antipolis, 19 October 2021

ETSI DECT-2020 NR, the world’s first non-cellular 5G technology standard, has been recognized by the WP5D of the International Telecommunication Union’s Radiocommunication Sector (ITU-R) and included as part of the 5G standards in IMT-2020 technology recommendation. Dr. Günter Kleindl, Chair of the ETSI Technical Committee DECT, says: “With our traditional DECT standard we already received IMT-2000 approval by ITU-R twenty-one years ago, but the requirements for 5G were so much higher, that we had to develop a completely new, but compatible, radio standard.” Released last year, the standard sets an example of future connectivity: the infrastructure-less and autonomous, decentralized technology is designed for massive IoT networks for enterprises. It has no single points of failure and is accessible to anyone, costing only a fraction of the cellular networks both in dollars and in carbon footprint.

Read More...

ETSI NFV Release 5 kicks off with increased support for cloud-enabled deployments

Sophia Antipolis, 9 November 2021

The ETSI Industry Specification Group (ISG) for Network Functions Virtualization (NFV) has started working on its next specification release, known as "Release 5”, officially kicking off the new Release technical work after their September meeting.

The Release 5 work program is expected to drive ETSI NFV’s work into two main directions: consolidating the NFV framework and expanding its applicability and functionality set. On the one hand, some aspects of the NFV concepts and functionalities that have been addressed in previous Releases, but need additional work, will be further developed in Release 5. For instance, based on development, deployment experience and feedback collected during testing events such as the “NFV/MEC Plugtests”, additional work on VNF configuration was deemed necessary. Another example is the more detailed specification work related to fault management modelling which aims at further defining faults and alarms information to improve interoperability during network operations, in particular for root cause analysis and fault resolution in multi-vendor environments.

Read More...

New ETSI White Paper and MEC Hackathon: another step to engage with app developers and verticals

Sophia Antipolis, 16 June 2022

The ETSI MEC (Multi-access Edge Computing) group is pleased to announce a new White Paper which aims to describe the deployment options related to MEC federation, especially from an architectural point of view. With a key focus on ETSI MEC implementations, it also aims to provide an open approach taking into account other standards and technologies, including those from 3GPP SA Working Group 6 and GSMA OPG. For this purpose, the White Paper first analyses the recent publications of GSMA OPG and recent updates in ETSI MEC and 3GPP specifications, then introduces the synergized architecture supported by both standards organizations, which indicates the background information for the deployment of MEC federation harmonized standards for edge computing.

Read More...

New ETSI specification allows single UICC to support the use of multiple applications simultaneously

Sophia Antipolis, 26 October 2022

New specifications released by ETSI will enable multiple subscriptions and identities to exist in the same smartphone handset without needing several SIM cards to be within the device.

The mobile telecom industry has been facing an increasing demand for applications running on mobile devices like banking, payments, transport and identity for some time. These new specifications address this demand by adding the possibility to host and address several "virtual secure elements" into the same UICC. This allows multiple virtual secure elements to coexist logically separated, whilst having the ability to be addressed independently through the same physical interface.

Read More...

New Extension for Disabled People to the ETSI Mobile Emergency App Framework

Sophia Antipolis, 16 January 2023

The ETSI emergency communications technical committee has just released a specification for a Pan-European Mobile Emergency Application framework (PEMEA) Real-Time Text Extension. Real-Time Text (RTT) communications are used extensively by people with hearing and speech disabilities around the world. These systems convey letters as they are typed from the source to the destination.

Read More...

Sophia Antipolis, 26 January 2023

The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its next drop of specifications around new enhancements of the NFV architecture that will support cloud-native network functions.

Read More...

Sophia Antipolis, 8 February 2023

On 7 February, the European Standards Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise their 7th annual conference. The hybrid conference took place at the Brussels Renaissance Hotel and focused on “European Standardization in support of the EU cybersecurity legislation”.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

As the project celebrates the 25th anniversary of the signing of the 3GPP Project Agreement, the 3GPP Organizational Partners have today issued the following joint press release.

Sophia Antipolis, 4 December 2023

With its work on 3G, 4G and 5G specifications used by billions of communications services consumers globally, 3GPP stands ready to create the 6G future.

Read More...

Sophia Antipolis, 13 February 2024

Sharing intelligence: ETSI AI Conference highlights role of standardization in supporting ICT industry transformation.

Held at ETSI’s Sophia Antipolis headquarters from 5-7 February, the event welcomed close to 200 participants from 25+ countries, with featured speakers including AI experts from government agencies, standards bodies, academia and industry.

Artificial Intelligence/Machine Learning (AI/ML) technologies are enabling disruptive new applications across a wide range of digital products and services. Reviewing the current status of AI developments worldwide, the Conference explored the role of standardization in ETSI and other SDOs to support the development of a robust market for safe, lawful AI applications and services within the framework of European policymaking.

Read More...

Sophia Antipolis, 8 March 2024 

On 5 March, the European Standardization Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize their 8th Cybersecurity Standardization Conference.

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

Here is a Storify round up of the SpotOn London session: Enhanced eBooks & BookApps: The

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

This has been cross-posted from the nature.com guest blog, Soapbox Science. Liz Neeley is the

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

Finding sources for funding research can be a demanding task, and one that's not always successful. A new trend that's emerging out of the necessity to fund projects that have no traditional means of support is "crowdfunding." A panel at SpotOnLondon weighs the resulting apprehensions and benefits.

Marie Boran is a PhD candidate at the INSIGHT Centre for Data Analytics, the National

قدمة تستعرض هذه المذكرة المشهد السياسي المعاصر في السودان،وكيفية تأثيرهعلى جدوى الاستثماراتفي القطاع الزراعيالتي تشتد الحاجة إليها لتحقيق التحول الزراعي في البلاد. ت ركزالمذكرة بشكل خاص على سلاسل القيمة في قطاعي الثروة الحيوانية والبستنة فيولاية الخرطوم،وإدارة الموارد الطبيعية في ولايتي النيل الأزرق وجنوب كردفان. أهملت الحكومات المتعاقبة إلى حد كبير قطاع الزراعة على الرغم من أنه أكبر قطاع توظيف في السودان ويساهم بنحو 56في المئة من إجمالي الصادرات (بنك السودان المركزي، 2020).

Mystery author Rachel Goldman is getting used to the idea that her fictional creation Duffy Madison has somehow taken flesh-and-blood form and is investigating missing person cases not far from where Rachel lives. Wait. No. She’s not getting used to it at all, and the presence of this real-life Duffy is making her current manuscript—what’s the word?—lousy. So she doesn’t want to see Duffy—the living one—at all. To make matters worse, when he shows up at her door and insists on talking to her, it’s about the one thing she doesn’t want to do: Find a missing person. But the man Duffy seeks this time around might be able to solve Rachel’s problem. He might just be the man Duffy was before he became Duffy five years ago. The only problem is she could be letting Duffy lead her into danger yet again… Entertaining and witty, the second in E.J. Copperman's Mysterious Detective Mystery series Edited Out will delight his fans, both new and old.

https://www.youtube.com/watch?v=UHhFYrwJjow

https://www.youtube.com/watch?v=Ata12_CZy4A

The DSG Unit of IFPRI seeks a qualified candidate to serve as a Driver II. This position is a two-years, renewable appointment based in Dakar, Senegal. Source: IFPRI Africa Regional Office (AFR)

"When local park fixture (and spy-master) Pops gets squirrel-napped, it's up to Norma, Belly, and their friend little B to save him!" -- Provided by publisher.

This document is only available in PDF format.

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides details of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application before deployment.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The report provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided, which displays any detected applications that are found to be vulnerable to Log4J exploits.

The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

The requirements for this dashboard are:

• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Chapters

Executive Summary: The Tenable Web App Scanning Overview report provides details of vulnerability data discovered by Tenable Web App Scanning, beginning with summary dashboard style view for leadership team. 

Web Application Vulnerability Statistics: This chapter combines the data collected from Nessus and Tenable Web App Scanner, providing a holistic view of vulnerabilities based on scanning the physical asset as well as the web application asset.  

OWASP 2021 Vulnerability Summary: Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. 

Log4Shell: This chapter provides trending analysis along with vulnerability details related to log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. Tenable recommends prioritizing these applications immediately for remediation efforts.
 

Le changement climatique constitue une menace croissante pour nos systèmes alimentaires, dont les implications sont graves pour la sécurité alimentaire et nutritionnelle, les moyens de subsistance et le bien-être général, en particulier pour les personnes pauvres et vulnérables du monde entier. Une action urgente contre le changement climatique est attendue à l’échelle mondiale – à la fois pour réaliser les importantes réductions d’émissions requises pour limiter le réchauffement climatique et pour accroître les capacités d’adaptation et la résilience.

En 2022, le monde a subi des crises multiples. Les perturbations des systèmes alimentaires dues à la longue pandémie de COVID-19, des catastrophes naturelles majeures, des troubles civils, l’instabilité politique et les impacts croissants du changement climatique ont persisté, tandis qe l’inflation et la guerre entre la Russie et l’Ukraine ont exacerbé la crise alimentaire mondiale et la crise des engrais.

Depuis la pandémie de COVID-19 et plus récemment la crise russo-ukrainienne, la problématique de construire des systèmes alimentaires résilients et durables est devenue une urgence pour la plupart des pays d’Afrique au Sud du Sahara (ASS) dont le Sénégal. Très récemment, le Gouvernement du Sénégal à travers le Ministère de l’Agriculture de l’Équipement Rural et de la Souveraineté Alimentaire (MAERSA) a validé le Programme Alimentaire pour la Souveraineté Alimentaire Durable (PASAD 2021-2025).