Podcasts about itsec

The defense sector is increasingly turning to advanced simulation technologies and simulated environments in defense to better equip military operators for the complexities of modern combat scenarios. The stakes are high—technological advancements in modeling and simulation (M&S) not only enhance operational readiness but also serve as a critical deterrent against adversaries. Recent developments highlighted at ITSEC, the premier event for modeling, simulation, and training, showcase milestones like F-35 testing in fully immersive simulated environments. These strides underscore the growing reliance on simulations to replicate the complexity of modern battlefields.But how close are simulated environments to reality? And why does bridging this gap matter so much for military training and operational success?On Pro AV Today, host Ben Thomas explores these questions with Chris “SLAM” Duncan, the Director of Business Development at CAE USA's Next Generation Test & Training Systems. Their conversation delves into the transformative power of simulated environments in defense training, the technological advancements driving this evolution, and the implications for the future of military readiness.The two discuss...Realism in Training: Modern simulation environments, from domes to VR systems, replicate complex scenarios to enable operators to develop "muscle memory" for decision-making in high-stakes situations.Technological Drivers: Advances in GPUs, connectivity, and AI are revolutionizing the fidelity and scalability of simulations, enabling decentralized and collaborative training across global locations.AI's Role: While still emerging in M&S, AI is poised to enhance pre-mission planning, scenario generation, and post-mission analysis, driving more effective and efficient training outcomes.Chris Duncan is a leading expert in defense training and simulation, currently serving as Director of Business Development at CAE USA's Next Generation Test & Training Systems. With nearly two decades in the U.S. Air Force, including serving as the first Commander of the 31st Combat Training Squadron, he has led large-scale teams and pioneered advancements in modeling and simulation for next-generation aircraft and weapons systems. An active member of numerous defense councils, Duncan's expertise spans artificial intelligence, data analytics, and strategic planning for high-end training and operational readiness.

In this episode, we'll explore how your everyday online activity creates a digital footprint that companies profit from and hackers target. Learn how to spot, delete, and secure your data, protect your identity, and break free from the cycle of information overload. Buckle up!Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

What happens after a municipality gets hacked? In this episode, Darnley discusses the fates of a city or town that gets hit with a ransomware. Who pays for it? How much damage does it really cause? What is the price to be paid post-breach? Why it is the citizens responsibility to hold their local governments accountable before it happens to them?Support the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Join us as we reflect on the highs and lows of the cybersecurity landscape in 2023, providing valuable insights for cybersecurity enthusiasts, professionals, and anyone interested in the dynamic world of digital security.See where Fortra GoAnywhere, 3CX, MOVEit, Barracuda, Microsoft, and Cisco dropped the cybersecurity ball this year. How their failures affect governments, and your every day life. Support the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

In this gripping episode, we delve into the high-stakes realm of cyber warfare, focusing on the intense rivalry between China, Russia, and the United States. Join us as we unravel the stories behind major cyber attacks against critical infrastructure and explore the intricate dynamics of these digital battlegrounds.

Full presentation of the real life Super Soldier Program status and reality of the varieties of super soldier development in the USA military and on the worldwide stage of 21st century future warfare. X: @topsecrettexan CashApp: $beyondtopsecrettexan business email: beyondtopsecrettexanofficial@gmail.com --- Support this podcast: https://podcasters.spotify.com/pod/show/beyondtopsecrettexas/support

In the run up to I/ITSEC 2023 we are very grateful for Hadean agreeing to sponsor a special episode in two parts.Firstly, we are very pleased to introduce Royal O'Brien, Global CTO for Hadean. Royal has a considerable track record with the likes of Amazon, The Linux Foundation and a host of games related companies, including foundational work on the O3DE platform and Open Metaverse Foundation.Not dodging the hard questions, this interview gave us the chance to ask a burning question - Is the Military Metaverse dead? You might think we'd regret asking this of Royal, but he then took us on a whirlwind tour of all the novel technologies and challenges facing military simulation and training. Including subjects as diverse as managing huge datasets, leveraging generative AI, true interoperability beyond the current standards, and integrating the human in the loop.This discussion reminds us of the huge challenges the military users and industry have to harness these recent developments, which only seem to be accelerating.We are also joined by Andy Fawkes and Marty Kauchek from Military Simulation & Training magazine, who provide a look ahead to I/ITSEC and point out the things to watch out for if you're heading out that way.Hosts:Tom Constable: https://www.linkedin.com/in/tom-constable/ Colin Hillier: https://www.linkedin.com/in/colinhillier/Guests:Royal O'Brien: https://www.linkedin.com/in/obwando/Andy Fawes: https://www.linkedin.com/in/andyfawkes/Marty Kauchak: https://www.linkedin.com/in/marty-kauchak-nola/Links:Website: https://www.warfighterpodcast.com/LinkedIn: https://www.linkedin.com/company/warfighter-digital/YouTube: https://www.youtube.com/channel/UCkgiH-cwmyc2I2Iyc8MLYtgTwitter: https://twitter.com/WarfighterPodEpisode Sponsor: HadeanHadean is a UK-based spatial computing company that is modernising the military simulation ecosystem with a new way to understand the operating environment for training, strategy and readiness. Their technology provides the AI-powered spatial compute infrastructure that integrates allies, domains, systems, and technologies to deliver a common operating picture, bridging physical and virtual worlds.Trusted by the British Army and wider UK Ministry of Defence, the Hadean Platform draws on distributed data and leverages novel AI and Large Language Model (LLM) integrations to synthesise coherent, singular, large-scale and complex simulations that are capable of managing millions of entities and dynamically replicating real-world scenarios.They enable out-of-the-box simulation and orchestration capabilities that are easy to develop, deploy and integrate with any system; from legacy simulators through to bleeding-edge AI and LLM solutions. The platform is primed with a core distributed pattern of life simulation

Artificial Intelligence (AI) has made quite the splash. With the advancement if ChatGPT, how far has AI come today? Why we should make a big deal out of artificial intelligence and how it will change our world. Many questions to be answered, Darnley reflects in this episode on how far we come with AI and how AI will change our world into the future. Support the show

Do you know the difference between misinformation and disinformation? Understanding that our access to unlimited amount of data is being used against all of us, how do we protect ourselves?In this podcast, Darnley defines and discusses the problems of today and how to protect yourself. Listen here. Support the show

[Editor’s Note: Army Mad Scientist is pleased to present our latest episode of The Convergence podcast, recorded on location at I/ITSEC 2022, the world’s largest modeling and simulation conference in Orlando, Florida. Co-hosts Luke Shabro and Matt Santaspirt spoke with proclaimed Mad Scientist Jenny McArdle from the Center for a New American Security, Cmdr. Paul Grøstad from NATO Allied Command Transformation (ACT), and Whitney McNamara from Beacon Global Strategies, about emerging technologies and how they can better prepare us for both competition and conflict — Enjoy!] Jennifer McArdle serves as an Adjunct Senior Fellow in the Center for a New American Security’s defense program and wargaming lab and as a Non-Resident Fellow at the Joint Special Operations University. A former professor, Ms. McArdle has served on Congressman Langevin’s cyber advisory committee and as an expert member of a NATO technical group that developed cyber effects for the military alliance’s mission and campaign simulations. Ms. McArdle is a PhD candidate at King’s College London in War Studies, is the recipient of the RADM Fred Lewis (I/ITSEC) doctoral scholarship in modeling and simulation, and is a Certified Modeling and Simulation Professional (CMSP). She is a term member with the Council on Foreign Relations. Ms. McArdle is also a proclaimed Mad Scientist, having frequently contributed to the Mad Scientist Laboratory blog site and The Convergence podcast. Cmdr. Paul Grøstad is Deputy Branch Head for Concept Development at NATO ACT. A Royal Norwegian Navy officer with 29 years experience in Signals, C4ISR, and Cyber Operations, Cmdr. Grøstad is currently researching Cognitive Warfare, Malign Influence, the Information Environment, and Cognitive Effects. He has extensive international experience from serving in multiple positions at different levels of the NATO command structure. A Norwegian Naval Academy and Joint Command and Staff College graduate, he holds a Master’s degree in military studies from the Norwegian Defence University College and a Bachelor’s degree in Information Science from the University of Bergen. Cmdr. Grøstad is a certified PRINCE2 Practitioner. Whitney McNamara is an Associate Vice President at Beacon Global Strategies and a Nonresident Senior Fellow at the Center for Strategic and Budgetary Assessments. She is also currently supporting the Atlantic Council’s Commission on Defense Innovation Adoption, where she is the lead author on assessing critical technologies and their barriers to innovation in the Department. She previously served on the Department of Defense’s Defense Innovation Board (DIB), whose mission is to provide the Secretary of Defense, Deputy Secretary of Defense, and other senior leaders across

This week on the Shephard Defence Podcast, senior naval reporter Harry Lye and military training & simulation reporter Norbert Neumann chat about the big news stories from I/ITSEC,  the world's largest modeling, simulation and training event.Harry is also joined by Chris Lade, Defence Sales Manager at Saab Sea Eye, about the trends and challenges of seabed warfare.Each month on the Shephard Defence Podcast, our team of international journalists and analysts take deep dives into defence issues, focusing on niche market sectors and looking at where the trends are heading.We also feature regular content developed by Shephard Studio in cooperation with our partners.

Introducing Season 5!  A brand new season of a fresh podcast. You will find episodes on cybersecurity, technology, news, cybersecurity awareness, business, and top tech news.  I hope you enjoy your stay at the Café! 

In this episode of The Weekly Defence Podcast, our Military Training Editor is on the line from the floor of I/ITSEC in Orlando to discuss major themes and headlines from the show; we look into talk of a merger between two major European next-generation fighter programmes; and in an interview with Aircraft Carrier Industrial Base Coalition (ACIBC), we discuss ongoing supply chain shortages affecting the aircraft carrier industrial base. Newsround [01:06]News Editor Ben Vogel is on the line with Trevor Nash who is reporting on the main themes at I/ITSEC 2021.Among the major show highlights on Trevor's radar are the fallout from BAE Systems' purchase of BISim; a potential USAF move away from using the T-1A Jayhawk training fleet; and do conventional gallery ranges have any purpose in the modern age?Elsewhere, Air Editor Tim Martin give us an update on Airbus briefings about the multinational Eurodrone and FCAS programmes, including industry talk that the latter could merge with Tempest.Interview – ACIBC [31:00]Senior Naval Reporter Harry Lye is on the line with Richard Giannini Chairman of the Aircraft Carrier Industrial Base Coalition (ACIBC) to discuss the challenges in production rate of new carriers and potential solutions for supply chain crisis for defence. This episode was produced by Noemi Distefano with music and sound mixing by Fred Prest. 

Elon Musk's Starlink and Google cloud are joining forces to provide Starlink internet users faster internet speeds, greater connectivity along with low latency. Is this the partnership that everyone wants for the future of the internet?

On this episode of the DefAero Report Daily Podcast, sponsored by Bell, Raanan Horowitz, the president and CEO of Elbit Systems of America who was a member of the Reagan Institute's bipartisan task force on national security and US manufacturing competitiveness co-chaired by former Lockheed Martin Chairman, President and CEO Marilyn Hewson and Bridgewater Associates CEO David McCormick, discusses the Institute's new report — “A Manufacturing Renaissance: Bolstering US Production for National Security and Economic Prosperity;” and Dr. Wes Naylor, a retired US Navy captain who is now the president of Fifty Pound Brains Ventures and a professor at the University of Central Florida's Institute for Simulation and Training, discusses key themes at this year's Interservice/Industry Training, Simulation and Education Conference that began today in Orlando, Fla., with Defense & Aerospace Report Editor Vago Muradian.

In this episode of The Weekly Defence Podcast, the team looks at how NASCAR expertise is being applied to the defence sector; we speak to CAE to understand the company's posture seven months after the acquisition of L3 Harris Military Training business; and we discuss the C295 MPA programme with Airbus. Newsround: [01:40]The news team dives into modification work on USN Freedom-class Littoral Combat Ships; what to expect from the I/ITSEC expo next week in Orlando; the signature of a new partnership among signatories to the AUKUS agreement; and Taiwan's F-16V modernisation programme.In focus:Land reporter Flavia Camargos Pereira reports on projects involving NASCAR champions Henrick Motorsports with the USMC, US Army and GM Defense. Where does motorsport technology meet defence?The EDA Council has launched new projects as part of its Permanent Structured Cooperation (PESCO) framework. Several countries among the 25 EU member states are involved on a series of new programmes for their air, naval and land forces. Interview- Airbus [32:05]Air Editor Tim Martin is on the line with Fernando Ciria Head of marketing airborne ISR and tactical airlifters at Airbus to discuss the status of the C295 MPA programme and more. Industry voice [48:04]Creative Director Tony Skinner speaks to Dan Gelston, Group President, Defence and Security at CAE to take a look at the impact — seven months on — of the acquisition of the L3Harris Military Training division. This episode was produced by Noemi Distefano with music and sound mixing by Fred Prest.

The world largest domain registrar was attacked with over 1 Million accounts stolen affecting roughly 20 million Go Daddy users. Listen to this episode to learn ways to protect your credentials from cyber criminals. 

Two Factor Authentication or One Time Password (2FA / OTP) are authentication methods that are still used by many. In this episode, Darnley discusses the difference between 2FA and MFA, why 2FA is broken and what ideal situation you should be in. It's time to evolve beyond 2FA in 2021. 

With the recent Facebook/ Meta announcement, human existence as we know it is going to change. In this podcast, Darnley will talk about the new digital world that we will soon be subject to - bad or good. Is this Metaverse be met with optimism or pessimism? 

Have you ever looked up at the night sky and wonder about all the hacking that has gone on in our world? I do, but I also think about those media worthy hacks over the last 20 years that has disclosed some interesting clues that maybe we are not alone. You may consider this podcast an X-File, but I talk about some notable hacks that has shaken up the UFO community at large. 

Ta-da! Windows released a new operating system - Windows 11. What does this mean for cybersecurity? Are they going to pull this off or royally get attacked? 

Bálinttal beszélgettünk a blogjáról, hogy került a blogírás és az ITSEC közelébe, mi történt vele azóta és mit szeretne a jövőben látni a hazai security szcénában. 

Napi ajánlat:crackelt szoftvernek álcázott malwareBlack Matter akik nem játszanak a szabályok szerint cikk1 cikk2Phishingek fajtáiOpen Source modulok bug bountyjahuntr: bug bounty Apple macOS path ami nem működik tökéletesen Xiaomi nem cenzúráz...nagyon!Kikerült kamera felvétel egy iráni börtönből Sharky blog ajánlója AI által generált képeket hogy lehet lebuktatni, vagy nemElérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

Napi menü:EESZT és Apple privacy gondokPegasus vélemények, gondolatokCandiru vagyis egy újabb kiberfegyvernepperKémkedik az IKEAKína saját kézbe vennék a 0day problémátHáború villám a titkosított doksik ellenKomoly Sámuel hibaLinux privilégium eszkalációElérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

What is a false sense of security? Have you ever made an assumption which turned out being incorrect?In this episode, Darnley discusses the fundamentals of human ignorance, why industrial disasters equate to cybersecurity screw-ups, and how to avoid a cyber explosion.IT and Cybersecurity professionals are not perfect, and usually that ignorance leads to the amount of breaches experienced today. Listen to more hereSupport the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

We all have a common enemy - hackers.They are attempting to steal our data everyday by attacking our email systems.In this episode, Darnley gives you all the goods in protecting and hardening your email. By utilizing truth, industry advice, along with 10 tips to protect yourself from being hacked. Email is not secure, learn how to protect yourself in this podcast. Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

The mass exodus from WhatsApp to Signal stirred some major questions: Is Signal any safer? Could signal get breached? Why are famous people advocating using this app?Find out in this episode. Oh, and Lucifer makes a guest appearance...Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

Are you under information over load?Do you feel your organization will not keep up with all these cyber attacks?In this episode, Darnley explains the importance of keeping a grassroots approach while considering your businesses best interests in hand.Want to see the video podcast, visit Darn IT Podcast on YouTube!Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

You may know that your data is used against you, but do you know to what extent? Living in 2021 may seem like a pipe dream from 100 years ago, but to what cost to our privacy?In this episode, Darnley discusses the different between Privacy vs. Secrecy, why you close the door when you go to the toilet, and why privacy is a human right. Tune in to the thought provoking podcast.Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

Do you have preconceived notions of cybersecurity?Do you think a technical problem requires a technical solution?Did you know that majority of cyberattacks are caused by human error?In this podcast, Darnley discusses the fundamentals of why cybersecurity needs to be managed, not only for the CISO. It takes a village to build a proper cybersecurity ecosystem.Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

The majority of employees feel cybersecurity is not their job, not their problem, nor their responsibility. I'm here to tell you that you are wrong. In 2021, today's cybersecurity responsibilities lay on all of our hands. IT/security departments alike are drowning in various responsibilities, ignorance is one of them. In this podcast, Darnley will discuss why human error is one of the most common root causes of data breaches, how to build a 5-way cyber-secure work environment culture, what we should do while working from home, and a note to leaders. Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

In this episode of The Weekly Defence Podcast, we discuss the virtual I/ITSEC exhibition with our Military Training Editor, and following the Sandia National Laboratories test which saw a mock B-61-12 weapons drop from an F-35A, we talk to the  director of the Nuclear Information Project at the Federation of American Scientists for an expert insight on this new capability.Newsround (00:51)In Russia, Rostec CEO Sergey Chemezov confirmed on 7 December that ‘proactive' work is underway on a powered exoskeleton, although the Russian MoD has not yet defined its specific requirements.In the US, efforts continue to place Joint All Domain Command and Control firmly in the Pentagon's long-term acquisition plans.The US Air Force created a new avenue for prototype Advanced Battle Management System projects to be adopted into the DoD's formal procurement portfolio.Still in the US, Taiwan has been given the green light to receive  mobile communications equipment under the Foreign Military Sales programme. In France, the next generation aircraft carrier (PANG) programme was formally approved by President Emanuel Macron on 8 December.News in FocusNews Editor Ben Vogel highlights a report on how the conflict in the Nagorno-Karabakh region  might affect future defence procurement. UCAVs and loitering munitions are becoming a more attractive prospect, but operators of MBTs face protection problems.In news from Europe, Air Editor Tim Martin discusses what's new for the Franco-German-Spanish FCAS programme. Substantial development progress is underway after key approval from air force leaders.Land Reporter Flavia Camargos Pereira talks about the recent developments for the US Army Soldier Protection System programme. She looks at some features of the programme and discusses where it stands today. Deep Dive: Insight into military simulation and training (21:05)Ben Vogel is on the line with Military Training Editor Trevor Nash to discuss some of the main technologies and new systems in training and simulation, including takeaways from the virtual I/ITSEC show.Interview: Federation of American Scientists  (35:23)Tim Martin speaks to Hans Kristensen, director of the Nuclear Information Project at the Federation of American Scientists, about the recent test carried out by Sandia National Laboratories which saw a mock B-61-12 weapons drop from an F-35A. Does this mean any air force operating the F-35 will have a nuclear capability?Industry Voice (58:15) Creative Director Tony Skinner speaks to Josh Melin, Product Line Director at Honeywell Connected Enterprise Aerospace, about the requirements and opportunities surrounding the Military Base of the Future. What is the role that digital solutions play when it comes to military logistics and maintenance operations?

This week the podcast highlights all of the teams who took part in the annual Iron Dev competition at I/ITSEC 2020.  Iron Dev is a team competition similar to competitive cooking shows, where teams will be given a challenge and “secret ingredient” to develop a training solution to improve warfighter readiness. Teams will consist of diverse members with skills in AR/VR development, simulation networking/distribution, graphic design, simulation development, and training development.  Listin in as the teams share who they are and what they did for this year's competition.   Links: Team Full Sail:  https://fullsailedu-my.sharepoint.com/:f:/g/personal/dmapes_fullsail_com/En4tiYaviMJNk4zYa8zMsKwBLS1zk_-CfGV_1SZ07AB7Lw?e=nPyQwV Team The Grill: https://www.af-grill.com/ Team SimBlocks Website: www.simblocks.io LinkedIn: https://www.linkedin.com/company/simblocks-llc/ YouTube: https://www.youtube.com/simblocksio/videos Twitter: https://twitter.com/SimBlocks Team Moth+Flame Website: mothandflamevr.com Team CyberDream YouTube: https://youtu.be/tA7ua8MEcl4 Twitter:  @tylerhgates @sophiamosh  Visit the VR/AR Association at www.TheVRARA.com for more information about how you can get involved with this worldwide organization to help gain exposure and share ideas and best practices with other experts in the industry.   Subscribe to the podcast wherever podcasts are found or listen to past interviews at www.TheVRARA.com/podcast

Did you know the demand for cloud security applications has increased since the beginning of the work from home narratives?In this episode, Darnley discusses the importance of cloud transition, the risk associated, and 8 tips to prepare for a cloud security model for various kinds of businesses. The jump to the cloud has become more cultural than technological. Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

Are you a believer that by installing a firewall you are fully protected?In this episode. Darnley discusses why only thinking about your perimeter device can lead to your demise via other threat landscapes. Darnley also discusses 8 reasons why the firewall will end up failing you. Do you feel that the cybercriminals are going to after your businesses crown jewels? Listen more to this latest episode. Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam. BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:  CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o   CISSP Exam Questions Question:  165 Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes an item the software development team needs to address to ensure that drivers cannot be loaded in an unauthorized manner? A. Improved security kernel processes B. Improved security perimeter processes C. Improved application programming interface processes D. Improved garbage collection processes If device drivers can be loaded improperly, then either the access control rules outlined within the reference monitor need to be improved upon or the current rules need to be better enforced through the security kernel processes. Only authorized subjects should be able to install sensitive software components that run within ring 0 of a system. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question:  166 Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes Steve’s confusion? A. Certification must happen first before the evaluation process can begin. B. Accreditation is the acceptance from management, which must take place before the evaluation process. C. Evaluation, certification, and accreditation are carried out by different groups with different purposes. D. Evaluation requirements include certification and accreditation components. Evaluation, certification, and accreditation are carried out by different groups with different purposes. Evaluations are carried out by qualified third parties who use specific evaluation criteria (Orange Book, ITSEC, Common Criteria) to assign an assurance rating to a tested product. A certification process is a technical review commonly carried out internally to an organization, and accreditation is management’s formal acceptance that is carried out after the certification process. A system can be certified internally by a company and not pass an evaluation testing process because they are completely different things. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question:  167 Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. Which of the following best describes one of the system requirements outlined in this scenario and how it should be implemented? A. Data hiding should be implemented through memory deallocation. B. Data hiding should be implemented through properly developed interfaces. C. Data hiding should be implemented through a monolithic architecture. D. Data hiding should be implemented through multiprogramming. Data hiding means that certain functionality and/or data is “hidden,” or not available to specific processes. For processes to be able to interact with other processes and system services, they need to be developed with the necessary interfaces that restrict communication flows between processes. Data hiding is a protection mechanism that segregates trusted and untrusted processes from each other through the use of strict software interface design. https://www.brainscape.com/subjects/cissp-domains Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS: ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

With a growing user base with Tik Tok, greater alarm bells are being sounded as the majority of users are forgetting that this application is built inside China, which means a communist country has the ability to intercept and use the data.In this episode, Darnley will speak about his personal opinion about Tik Tok, the issues faced when using the application and how to best deal with this application on a security standpoint. Support the show (https://www.paypal.com/biz/fund?id=DE9JJEXYBZVQA)

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam. BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:  CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o   CISSP Exam Questions Question:  165 Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes an item the software development team needs to address to ensure that drivers cannot be loaded in an unauthorized manner? A. Improved security kernel processes B. Improved security perimeter processes C. Improved application programming interface processes D. Improved garbage collection processes If device drivers can be loaded improperly, then either the access control rules outlined within the reference monitor need to be improved upon or the current rules need to be better enforced through the security kernel processes. Only authorized subjects should be able to install sensitive software components that run within ring 0 of a system. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question:  166 Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes Steve’s confusion? A. Certification must happen first before the evaluation process can begin. B. Accreditation is the acceptance from management, which must take place before the evaluation process. C. Evaluation, certification, and accreditation are carried out by different groups with different purposes. D. Evaluation requirements include certification and accreditation components. Evaluation, certification, and accreditation are carried out by different groups with different purposes. Evaluations are carried out by qualified third parties who use specific evaluation criteria (Orange Book, ITSEC, Common Criteria) to assign an assurance rating to a tested product. A certification process is a technical review commonly carried out internally to an organization, and accreditation is management’s formal acceptance that is carried out after the certification process. A system can be certified internally by a company and not pass an evaluation testing process because they are completely different things. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question:  167 Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. Which of the following best describes one of the system requirements outlined in this scenario and how it should be implemented? A. Data hiding should be implemented through memory deallocation. B. Data hiding should be implemented through properly developed interfaces. C. Data hiding should be implemented through a monolithic architecture. D. Data hiding should be implemented through multiprogramming. Data hiding means that certain functionality and/or data is “hidden,” or not available to specific processes. For processes to be able to interact with other processes and system services, they need to be developed with the necessary interfaces that restrict communication flows between processes. Data hiding is a protection mechanism that segregates trusted and untrusted processes from each other through the use of strict software interface design. https://www.brainscape.com/subjects/cissp-domains Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS: ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

In part one of my three part series on Cybermarketing in Covid time, I chat with Ryan Bunker, Business Development executive at pre-revenue start up Byos.io In parts two and three we will chat with Dean Nicolls of growth company Jumio and Atri Chatterjee of late stage company ForgeRock.   Leaving RSA Byos.io was on a roll. Pre-revenue with a unique hardware solution to remote Wifi security, interest was high. Learn how Ryan Bunker has had to embrace the change brought by Covid and navigate changing user behavior, ITSec priorities, ZeroTrust clutter and more. Ryan discusses some of the unique challenges of having a hardware solution with no physical meetings to have! Ryan recommends you follow Kelly Shortridge , Paul Salamanca and the ever present Wendy Nather. You can follow Ryan at all the usual places, Linked In, Twitter and learn more about Byos.io’s unique solution here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Nokia e il raffreddamento a liquido per 5G, iOS 14 su tutti gli smartphone con il 13, Intel smantella la serie 8 delle CPU.

Chiavetta da 128MB spacciata per anti5G, Trump attacca Twitter e firma l'esecutivo, OnePlus fixa la fotocamera a raggi X del suo 8 Pro.

Apple investe in Siri, Aumento di città NO 5G, Huawei crea il suo Youtube con Dailymotion.

Twitter segnala fake news di Trump, Amazon investe nel self-driving, Spotify rimuove limite 10.000 canzoni.

Linus Torvalds passa ad AMD, iPhone 12 non avranno USB C, React Native disponibile per macOS.

App Immuni rilasciato codice sorgente, Apple e il bug degli aggiornamenti, Wikipedia cambia la politica interna.

La raccolta di tutte le notizie più interessanti della settimana dal 18 al 23 Marzo 2020.

QRcode e Whatsapp, Facebook punta sullo smartworking, Google rifiuta il programma JEDI.

Android e iOS pronte per l'app Immune, Google Traduttore italiano in tempo reale, Truffa Whatsapp di Ikea.

Facebook Shops, Project Bonsai da Microsoft, Nvidia cambia nome a "Tesla" per copyright.

Violato Easyjet, nuovo telescopio spaziale James Webb, Squad-Mobility presenta Solar City Car.