What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-26 23:00:00 | Épisode 34: Votre toast à la gestion des risques est-il? EPISODE 34: IS YOUR RISK MANAGEMENT TOAST? (lien direct) |
Cet épisode nous sommes rejoints par Michael Walford-Williams , un consultant spécialisé dans la résilience opérationnelle et la gestion des risques tiers.Son conseil Westbourne Consultancy Limited le voit travailler pour divers clients fournissant des services de gestion des risques pour l'industrie des services financiers. Dans cet épisode, nous examinons comment l'appétit des risques évolue avec le temps, le pouvoir de équipe rouge , comment permettre à tout le monde de se soucier de risque et de poser la question: \\ 'est votreToast de gestion des risques? \\ ' Prise des clés: L'appétit de risque est une cible en mouvement: juste parce qu'une menace ne vous a pas encore frappée, ne signifie pas qu'elle a gagné \\ 't.Apprenez à adapter votre stratégie de gestion des risques à l'évolution des menaces. Les tests sont parfaits (ou du moins plus préparés): n'attendez pas une véritable attaque pour exposer votrefaiblesses.Des attaques simulées comme les campagnes de phishing et l'équipe rouge peuvent exposer les vulnérabilités avant qu'elles soient exploitées. du papier à la réalité: tester la résilience de la cybersécurité ne devrait pas être simplement les meilleurs effortsSur un morceau de papier (documentation de continuité des activités). meilleur rouge que pain!L'équipe rouge se déchaîne: tests, des simulations de phishing aux évaluations physiques, en passant par les activités d'équipe rouge à part entière, toutes jouent un rôle central dans l'autonomisation des employés et l'augmentation de la vigilance organisationnelle.Et rappelez-vous, il ne s'agit pas de pointer des doigts - it \\ 's sur l'autonomisation. Propriété du risque: Le risque n'est pasproblème.C'est le travail de tout le monde.De la salle de conférence aux fronts, nous sommes tous ensemble.Nous vous montrerons comment redéfinir la propriété des risques. Liens vers tout ce que nous avons discuté dans cet épisode peut être trouvé dans les notes de l'émission et si vous avez aimé le spectacle,Veuillez faire laissez-nous une revue . Suivez-nous sur toutes les bonnes plateformes de podcasting et via notre chaîne YouTube, et n'oubliez pas de Partager sur LinkedIn et dans vos équipes . Cela nous aide vraiment diffuser le mot et obtenir des invités de haute qualité, sur les épisodes futurs. & nbsp; Nous espérons que vous avez apprécié cet épisode - à la prochaine fois, restez en sécurité, et n'oubliez pas de vous demander, \\ 'Suis-je la position compromettante ici? \' & nbsp; Mots-clés: cybersécurité, risque, résilience, équipe rouge, appétit des risques, raci, ai Afficher les notes \\ 'La plus grande cyber-risque est la complaisance, et non les pirates \' - Le commissaire à l'information britannique émet un avertissement en tant que société de construction amendé et livre; 4,4 millions. ico Le point de basculement: combien de peu les choses peuvent faire une grande différence par Malcolm Gladwell À propos de Michael Walford-Williams Michael Walford-Williams est un consultant spécialisé dans la résilience opérationnelleet gestion des risques tiers.Son conseil Westbourne Consultancy Li | Vulnerability Threat | ★★★ | |
|
2024-04-24 23:00:00 | Épisode 27: Ignorez toutes les instructions précédentes: Modélisation des menaces Systèmes AI EPISODE 27: Ignore all previous instructions: Threat modelling AI Systems (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! Welcome to the grand finale of season two of \'Compromising Positions\', where we delve into the fascinating world of AI security. In this special episode, your hosts will guide you through the labyrinth of securing AI models, one step at a time.For those who prefer a quick overview, we offer an abridged version on Apple Podcasts and Spotify. This version deep dives into two key topics: Jeff\'s unique mnemonic C-PTSD for threat modeling AI systems, and an intriguing discussion on the correlation between boredom, worm-killing, and AI efficiency gains.For those who crave a deeper dive, scroll down or visit our Youtube channel for the extended cut. This version includes everything from the regular version, plus:Jeff\'s academic journey in AI at the University of HullLianne\'s preparation for a 100 days of Code in Python for her MSc in Data Science and AI at Leeds Trinity UniversityA critical discussion on OpenAI\'s transparency and the latest AI wearable technology, along with the complexities of consent and privacy in an \'always recorded\' lifestyleWhether you choose the regular or extended version, we appreciate your support throughout season two. Stay tuned for more enlightening discussions in season three! Thank you for being a fantastic audience.We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Keywords: Cybersecurity, AI, Threat Modelling, MSC, Data Science, IOT, Wearables, Data SecuritySHOW NOTESJeff\'s article on C-PTSDLianne\'s Article The (AI) Revolution will be BORING...And that\'s Okay!Wearables, Shareables, Unbearable? The IOT and AI Tech Nobody Asked for But Cybersecurity Criminals Love. Future of CybersecurityMSc in Artificial Intelligence - | Threat Medical Conference Technical | ★★★ | |
|
2024-04-10 23:00:00 | Épisode 25: SuperConnecteurs: déchaîner le but au-delà des métriques dans votre fonction de cybersécurité EPISODE 25: SUPERCONNECTORS: UNLEASHING PURPOSE BEYOND METRICS IN YOUR CYBERSECURITY FUNCTION (lien direct) |
Welcome to Compromising Positions! This week we are joined by Dr David Burkus, one of the world\'s leading business thinkers and best-selling author of five books on the topic of business and leadership. Dr Burkus has worked with the leadership teams of some internationally known names such as PepsiCo, Adobe and NASA.In this episode, “Storytelling Superconnectors: Unleashing Purpose Beyond Metrics in Your Cybersecurity Function”, Dr Burkus challenges the concept of Dunbar\'s Number as we discuss the power of human networks, and how finding the superconnectors in your organisation will help you get your cybersecurity agenda in front of the right people.Indulging in a bit of schadenfreude, Dr Burkus shows us how we can use the hacks and breaches of our competitors to demonstrate our value and purpose offering to the c-suite and he also shares his unique insights on breaking down siloes, and harnessing the power of positive engagement in the workplace.And as if that wasn\'t enough (!) how to move away from just metrics to make your security function shine! If you want to change the way your organisation sees your security team, this is the episode for you! This is a two part episode (this is part one!) so don\'t forget to check back in next week to hear the whole interview! Key Takeaways:Find your Superconnectors: Superconnectors are individuals who have lots of powerful connections and can help you expand your network quickly. By networking with superconnectors, you can find new opportunities and build purpose-driven teams in the cybersecurity function.Embrace the Power of Storytelling: Facts and figures are important, but stories resonate on a deeper level. Security teams can leverage storytelling to educate employees about cybersecurity threats, celebrate successes, and foster a sense of shared purpose.Break Down Silos: Challenge the stereotype of security as the "office police." Focus on collaboration and highlight the positive contributions your team makes in protecting the organization. Aim for a 3:1 ratio of positive interactions to negative ones to build trust and rapport.Learn from Your Competitors\' Misfortunes: While celebrating wins is important, so is learning from failures. Use competitor breaches as a springboard for threat intelligence exercises, demonstrating the value your team brings in proactively preventing such attacks.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Keywords: cybersecurity, storytelling, psychology, networking, silos, purposeSHOW NOTES | Ransomware Threat Legislation | ★★★ | |
|
2024-03-28 00:00:00 | Épisode 23: Conscience ≠ Changement comportemental - Repenser la formation de cybersécurité EPISODE 23: Awareness ≠ Behavioural Change - Rethinking Cybersecurity Training (lien direct) |
Dernier épisode que nous avons terminé en parlant avec Bec de la façon dont les cybercriminels exploitent la réponse Fight-or Fight et obtenezVous pour faire des choses que vous ne feriez pas normalement, comme partager les détails de la banque, via Amygdala hijacking .Bec a conclu l'épisode en nous donnant d'excellents conseils sur la façon dont nous pouvons nous recycler pour ne pas être si réactifs et, espérons-le, empêcher quelque chose de témér: Pre-wrap; "> Dans cet épisode, conscience ≠ Changement comportemental - Repenser la formation de cybersécurité , nous allons s'appuyer sur ce que Bec a discuté la semaine dernière, une cyber-psychologie 101 Si vous voulez, et voyons comment nous appliquons pratiquement des concepts psychologiques clés comme l'agilité cognitive, la pensée convergente et divergente et les compétences méta-cognitives à des choses comme les exercices de table et la formation de sensibilisation à la sécurité. clés à emporter: adopter l'agilité cognitive : le monde est trop complexe pour une approche unique.Apprenez quand s'adapter et réfléchir de manière critique face à des situations inattendues. La conscience ne change pas de changement dans le comportement: une taille unique ne convient pas à tout, et le quantitatif est généralement apprécié sur la qualitative, qui doit changer. Levier de la pensée divergente et convergente : ne vous entraînez pas simplement pour des scénarios spécifiques.Développez la flexibilité pour explorer à la fois des solutions diverses et converger sur la meilleure ligne de conduite lorsque le temps vient. Construisez diverses équipes: La pensée de groupe peut être votre pire ennemi en crise.Faire des perspectives diverses au sein de votre équipe pour éviter ce blindspot critique. faire de l'apprentissage réfléchissant une priorité : Apprenez de chaque expérience, bonne ou mauvaise.Débrief après les incidents et demandez: qu'est-ce qui s'est bien passé?Qu'est-ce que nous n'avons pas?Comment pouvons-nous nous améliorer? Focus sur les compétences d'impact, pas seulement les connaissances techniques: décision-La fabrication, la communication et la collaboration sont les compétences fondamentales nécessaires pour naviguer dans les cyber-menaces complexes. Nous espérons que vous avez apprécié cet épisode -Rendez-vous la prochaine fois, restez en sécurité et n'oubliez pas de vous demander, \\ 'Suis-je la position compromettante ici? \' & nbsp; Mots-clés: cybersécurité, formation, réponse aux incidents, gestion de crise, compétences générales, compétences en impact, agilité cognitive, apprentissage réfléchissant, diverses équipes, changement de comportement show notes Des notes complètes de spectacles peuvent être trouvées ici: https://www..compromisingpos.co.uk/podcast/episode-23-awareness-does-not-equal-behaviour-change-rethinking-cbersecurity-formation à propos de Bec McKeown | Threat Technical | ★★★ | |
|
2024-03-21 00:00:00 | Épisode 22: L'effectif mon Amygdala!La psychologie derrière la cybersécurité EPISODE 22: Hands Off My Amygdala! The Psychology Behind Cybersecurity (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Bec McKeown, a chartered psychologist with extensive experience in carrying out applied research for organisations including the UK Ministry of Defence and the founder and director of Mind Science, an independent organisation that works with cybersecurity professionalsIn this episode, Hands Off My Amygdala! The Psychology Behind Cybersecurity, we are going to hear about Bec\'s varied and interesting career in advising people in highly stressful situations to be reflective and not reactive, and how they cannot only learn from their actions but become masters of them. This episode is a smorgasbord of psychological concepts that will make you think twice about how you normally run your security awareness programme and but also your tabletop exercise too. And crucially, learn why people act the way they do during an actual cybersecurity incident. Key Takeaways:The curse of knowledge: Understanding what it\'s like to not understand cybersecurity from a technical perspective can be an advantage in helping you communicate better. By putting yourself in the shoes of the listener, you can convey complex ideas in a way that is easy to understand and relatableZero trust: While zero trust may make sense from a technical standpoint, it can lead to frustration and workarounds when it hinders employees. Theory Y suggests that people given more agency and autonomy are likely to work well, if not harder, than when constantly surveilled.Just culture: Accepting that mistakes will be made and analysing the steps that lead to that mistake happening with a view of learning how to avoid it without blame can improve the learning culture. Most people don\'t come to work to be malicious, if a mistake happens it is due to other factors like stress or bad processes.Microlearning: Nobody wants to sit in training for three hours! Microlearning helps by breaking up information into bite-sized chunks that are easy to digest. It\'s also important to account for different learning styles and provide information in various formats.Amygdala hijacking: Cybercriminals leverage amygdala hijacking, which occurs when the amygdala activates the fight-or-flight response when there is no serious threat to a person\'s safety. It\'s essential to recognize the contextual cue that led you to act that way and develop strategies to deal with it before it happens.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality | Threat Technical | ★★ | |
|
2024-02-22 00:00:00 | Épisode 18: Et le BAFTA pour la meilleure formation de sensibilisation à la cybersécurité va à… EPISODE 18: And The BAFTA For Best Cybersecurity Awareness Training Goes To… (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Damjan Obal, Head of design at Ardoq, lecturer and international speaker on all things design and data. In this episode, And the Bafta for Best Cybersecurity Awareness Training Goes To…, we are looking at how we practically apply design principles to our security awareness programmes, with things like design thinking, the double diamond design method, opportunity solution trees and much much more! We also look at the dangers of gamification and how to get your bafta-winning moment when delivering your security message to the business!In this Episode we cover:Convenience vs. Security: The Eternal Battle: You\'re late for a meeting, and that pesky password reset pops up. What do you do? Convenience often wins, and that\'s where security takes a hit. We\'ll explore shortcuts, trade-offs, and the delicate balance between ease and safety.Data Storytelling: Making Ones and Zeros Relatable: Security teams deal with mountains of data. But how do they turn it into compelling narratives? Whether it\'s the sheer quantity of incidents or the relentless attacks, we\'ll reveal how to tell data-driven stories that resonate.Infographics: A Picture Is Worth a Thousand Alerts: Enter the superhero of visual communication: infographics! We\'ll explore how these bite-sized graphics simplify complex security concepts. From breach timelines to threat landscapes, infographics make data digestible for everyone.Tangibility in the Intangible: Making Cybersecurity Real: Cybersecurity can feel abstract, like chasing shadows. Think metaphors, analogies, and relatable scenarios. Because securing data isn\'t just about 1s and 0s-it\'s about protecting our digital existence.The Gamification Dilemma: Fun vs. Functionality: Gamification is all the rage, but is it always the answer? Not necessarily. Remember, not every challenge needs a leader board.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Keywords: cybersecurity, compliance, user experience, storytelling, human-computer interaction, behaviour | Threat | ★★ | |
|
2023-12-07 00:00:00 | Épisode 11: Êtes-vous expérimenté par utilisateur?Appliquer les principes d'Ux & Ur au parcours de cybersécurité EPISODE 11: Are You User Experienced? Applying The Principles of UX & UR To The Cybersecurity Journey (lien direct) |
Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants. In this episode, we explore the fascinating topic of UX and cybersecurity.We\'re going to learn from the UX function to see how we can create a better user experience for people on their security journey, learn how to get buy-in from the business about implementing controls such as MFA, and how to \'sell\' our security value offering as a positive user experience. And of course, crucially, how to take those first few steps to engage with the UX team! Key Takeaways for this episode are:UX and Cybersecurity share the same challenge of educating and getting buy-in from the organization to elevate their importance on the business agenda.Understanding the user journey is crucial for both UX and Cybersecurity teams to build a better usable security journey.Empathy mapping helps build a picture of a person and understand their needs and expectations.Leveraging user expectations and their ease of use thresholds can help create appropriate security controls.Collaboration between UX/UR and Cybersecurity teams can lead to innovation in the security space and improve the user experience.This is the first of our two part conversation with Helena, next week we will be talking about her other specialism in AI, which kicks off our Christmas miniseries on AI Links to everything Helena discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don\'t forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, like Helena, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don\'t forget to ask yourself, \'Am I the compromising position here?\' Show NotesWhat is a Persona Non Grata? Developed at DePaul University, the Persona non-grata approach makes threat modelling more tractable by asking users to focus on attackers, their motivations, and their abilities. Once this step is completed, users are asked to brainstorm about targets and likely attack mechanisms that the attackers would deploy. Read more: Cyber Threat Modelling: An Evaluation of Three Methods by FORREST SHULL AND NANCY R. MEAD | Threat Studies | ★★ |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
