Sophia Antipolis, 26 August 2020

The ETSI IP6 Industry Specification Group has just released a White Paper on the lessons learned from IPv6 best practices, use cases, benefits and deployment challenges. This White Paper puts forward recommendations to ease the adoption of IPv6 and to motivate the industry for the upcoming large-scale deployment of IoT, 4G/5G, IoT Cloud Computing benefiting from the restoration of the end to-end model.

Read More...

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America

Tools for food system policy development.

The post Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America appeared first on IFPRI.

Event Begins: Wednesday, November 13, 2024 6:30pm
Location: Gretchen's House
Organized By: Maize Pages Student Organizations

"True karate is this: that in daily life one's mind and body be trained and developed in a spirit of humility, and that in critical times, one be devoted utterly to the cause of justice."
--Gichin Funakoshi- Founder of Shotokan Karate Fall 2024 Practice Schedule Wednesday 6:30pm - 8:15pm  @  Gretchen's House, 1580 Dhu Varren Rd Sunday 2:30pm - 4:30pm  @  B225 Medium Multi-purpose Room, Intramural Sports Building (please complete the liability waiver prior to your first Sunday practice)    Exceptions -- Sunday 9/1 practice 2-4pm; no practice on 10/13 & 12/1New members are always welcome. No previous experience is necessary. Just come to any practice. You may watch a practice or actually participate when you come. If you want to participate, wear loose fitting clothes, trim your nails, and no jewelry.

In the interest of New Year's resolutions, we're bringing you this bonus episode from our friends at the Ten Percent Happier podcast. Host Dan Harris speaks with meditation expert Jon Kabat-Zinn about starting a practice and being more mindful in our everyday lives.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Key takeaways As the remote work landscape has become increasingly popular, businesses have had to adapt to virtual onboarding and training methods to offer a positive onboarding experience Communicating business expectations and job requirements and sharing vital information is key to integrating a new hire ...

It's no secret that onboarding can be a strenuous task even under the best of circumstances. In fact, research indicates the average new hire is required to complete 54 activities during the course of a typical onboarding experience. That's a substantial undertaking­­ for both new employees and their employers. Add a global pandemic to the mix, and the onboarding ...

What level of quality do you feel is required in orthopedic implants, pacemakers and other critical, life-sustaining medical devices? The highest quality, of course!

AS9100, the global quality management standard for aviation, space, and defense, reflects this commitment to excellence. Obtaining AS9100 certification is vital for success in this sector. This guide assists organizations in navigating the certification process, ensuring the implementation of top-quality practices across their systems.

Manufacturers are prioritizing low-code AI tools to simplify application development, enabling non-experts to create and customize AI workflows.

Manufacturing compliance goes beyond ticking boxes; it's about trust and excellence. Small manufacturers can navigate complex regulations by understanding compliance history, using technology, and implementing effective strategies for success.

Traditional manufacturing often results in waste of materials and energy due to imprecise measurements. 3D measurement technology enables precise measurement, early issue detection, and process adjustments, reducing waste and costs.

Managers, company leaders, and school district administrators should explore all available options to heighten the safety and cleanliness of their respective spaces.

Compressors in A2L systems are similar to A1 systems, so technicians won't need extensive retraining, especially if they follow best practices.

Before you can fix a leak, you need to find it. That’s where leak detectors come in.

Here are two examples of the difference that high-performance building features and high-efficiency HVAC technology can make.

Hybrid systems offer a pathway that balances environmental concerns with practical considerations, ensuring a more sustainable and feasible transition towards cleaner energy sources.

Ruby has been getting more and more attention by the developer community over the last couple of years. Nevertheless Ruby as language and as a plattform is not too widespread. Most developers don't know people who have actually done commercial Ruby projects. Therefore it is sometimes hard to judge if Ruby is just a hype topic or if Ruby can be used for serious projects today. In this episode Alexander speaks with Thomas Quas about a commercial Ruby project Thomas finished a while ago. Thomas shares his insights and practical experiences with Ruby doing a project under strong time pressure. As Thomas has many years experience doing Java projects we also do some high level comparisons between both platforms.

In this episode, Markus talks with Juha-Pekka Tolvanen about using DSLs and code generation in practice. The main part of the episode is the discussion about a number of case studies that show how DSLs and code generation are used in practice.

Michael Nygard of “Release It!” fame talks with Stefan Tilkov about his experience using the Clojure programming language. Topics include the tool chain and development process, the Clojure learning curve, and on-boarding new developers. Michael explains the similarities and differences compared to typical OO languages when implementing domain logic, and uses both game development and typical web development projects as examples. Finally, the two discuss how well Clojure can be used in the face of long-running projects, and some typical obstacles and strategies for introducing it to real-world scenarios.

Yevgeniy Brikman, author of Terraform: Up & Running: Writing Infrastructure as Code and co-founder of Gruntwork talks with host Robert Blumen about how to apply best practices from software engineering to the development of infrastructure as code...

Gill Hoffer, co-founder and CTO at Salto, talks with SE Radio host Kanchan Shringi about a new persona -- the Business Engineer -- created by the rise of SaaS and adoption of best-of-breed business applications for back office systems. They examine...

Gill Hoffer, co-founder and CTO at Salto, talks with SE Radio host Kanchan Shringi about a new persona -- the Business Engineer -- created by the rise of SaaS and adoption of best-of-breed business applications for back office systems. They examine...

Emily Bache, founder of the Samman Technical Coaching Society and author of several books about technical agile coaching, talks with SE Radio host Sam Taggart about katas and the importance of practice. They discuss how practicing in a safe environment helps developers to learn new skills and build new habits. They also talk about how Samman coaching combines this sort of deliberate practice with applying the lessons learned in practice to the production code base. They also touch briefly on the advantages of working in an ensemble fashion.

Brought to you by IEEE Computer Society and IEEE Software magazine.

Nowadays, if you do not consider harmonics distortion when designing a new network, you missed the whole point of the network design. Yes, really. The sooner you realize that harmonics problems are on the rise, the better. Modern power networks... Read more

The post Practical design knowledge in harmonics distortion and power factor correction (PFC) appeared first on EEP - Electrical Engineering Portal.

New Lesson Plans Entry: 'Emailing on HR topics practice' has just been added to the Lesson Plans area of UsingEnglish.com.

New Lesson Plans Entry: 'Family gift suggestions: 'too' and 'enough' practice' has just been added to the Lesson Plans area of UsingEnglish.com.

New Lesson Plans Entry: 'Things to avoid in IELTS Listening giving reasons practice' has just been added to the Lesson Plans area of UsingEnglish.com.

New Lesson Plans Entry: 'Things to avoid in IELTS Academic Writing Task 1 giving reasons practice' has just been added to the Lesson Plans area of UsingEnglish.com.

New Lesson Plans Entry: 'Requests in conversation practice' has just been added to the Lesson Plans area of UsingEnglish.com.

The process of designing a substation usually begins with the general substation layout, which is dependent on the required safety clearance and insulation withstand, as well as the permissible loads delivered to substation equipment and structures. The permissible loads, in... Read more

The post Good practice in the design of concrete and steel structures in power substations appeared first on EEP - Electrical Engineering Portal.

This article provides guidance on how to conduct gas monitoring and explains the various alerts that can be set. The many sorts of defects that might lead to partial discharges are discussed, and various partial discharge measuring techniques are described,... Read more

The post SF6 Gas Monitoring and Alarming Practices in Gas-Insulated Switchgear (GIS) Systems appeared first on EEP - Electrical Engineering Portal.

Like it or not, hard times are in front of us, by all means. I won’t deal the hard times now, but instead, I’ll shortly say that it’s all about the energy resources and who owns them. It’s also not... Read more

The post Best practice in hard times: How to safeguard the hundreds and thousands of substations appeared first on EEP - Electrical Engineering Portal.

This article will shed some light on how adding capacitors gives the distribution system the necessary reactive power to return the power factor to the required level. Capacitors act as a source of reactive energy, which accordingly reduces the reactive... Read more

The post A few practical ways to determine required reactive energy compensation for a power system appeared first on EEP - Electrical Engineering Portal.

This technical article analyzes the safety requirements against indirect contact employed in particularly special medical locations (e.g., hospitals, medical, and dental practices, etc.), where environmental conditions may increase the risk of indirect contact and therefore the electroshock, precisely microshock. Generally... Read more

The post The ground is not just ground! At least not in hospitals, medical, and dental practices appeared first on EEP - Electrical Engineering Portal.

With the exception of SF6-to-air bushings terminals, all active portions of gas-insulated switchgear (GIS) are contained within grounded enclosures, which means that they are not susceptible to inadvertent contact. This makes gas-insulated switchgear intrinsically safe. In addition, numerous grounding procedures... Read more

The post Practical lesson in grounding and bonding of Gas-Insulated Switchgear (GIS) appeared first on EEP - Electrical Engineering Portal.

In the present era, the presence of reliable and uninterrupted electricity is commonly assumed in the majority of nations. Nevertheless, in many nations, this is susceptible to frequent disruptions caused by a range of issues, including as insufficient supply, inefficient... Read more

The post Modern practice for LV/MV substation and power distribution systems within buildings appeared first on EEP - Electrical Engineering Portal.

This article aims to inform the reader about the applications, procurement, selection & design, and integration of BESS (battery energy storage systems) into LV and MV power networks. The intended audience is project and design engineers who shall perform procurement... Read more

The post BESS (Battery Energy Storage Systems) in LV and MV Power Networks: Practical Guide (Part-1) appeared first on EEP - Electrical Engineering Portal.

The restoration industry, despite its rapid growth, faces a leadership crisis. Burnout, the influx of younger generations with different motivations, and a backlog of urgent tasks have left many asking: Who will lead tomorrow?