AWS Artefacts

AWS Artefacts

 

WS Artifact provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

 

Advertisements

Aristotle triptych

Aristotle triptych

Tell them what you are going to say, say it and then tell them what you said.

 

  1. Tell them what you will tell them. This is your opener in which you lay out why you are speaking to the audience. Your message should be predicated on two things: what you want to say, and what the audience needs to hear. Too many presenters focus on the first half but not the second. Knowing what your audience needs to hear is critical to the leadership aspect of your message. You are there to provide direction.
  2. Tell them. This section is open ended. It is the time when you pour out all your content, and explain the details. As a leader, it is the best time for you to build your business case. Your message should ring with logic; that is, you need to emphasize the benefits of your points. But important messages also need to resonate with the heart. Put people in the position to feel why what you’re saying is important and how things will be better when they follow through with your ideas.
  3. Tell them what you just told them. Reiterate your salient points. For leaders, this is the opportunity to give people a reason to believe in your idea and in you. And then demonstrate how you and your team are the ones to deliver on the message. That is, if you are a sales person, how you will back up the product. Or if you are a CEO, how you will guide the company through troubled waters.

This is a formula but it need not be formulaic. That is you can imbue the structure with data but more importantly with your personality. Laden it with stories that amplify your points. Season it with numbers, add spice, sprinkle in humor. And relate the message to your audience.

Not only does Aristotle’s triptych work for formal presentation,

DEVOPS / Agile Technical Titles and Skills

DEVOPS / Agile Technical Titles and Skills

 

  • UI Designer
  • Full Stack Developer
  • DevOps Engineers (Puppet, Chef, Ansible, Salt, Docker, Kubernetes, AWS, Azure, Golang)
  • SecOps
  • Cloud Solution Engineers (AWS, Azure, Rackspace, Google Cloud Platform)
  • SysOps and TechOps Engineers (Jenkins, Hudson, GIT, Bamboo, Stash)
  • Linux Systems Engineers (AWS, KVM, VMWare, Nagios, Python, Shell, Ruby)
  • Linux Systems Administrators (Linux, Unix, Oracle, Solaris, Ubuntu, Debian, CentOS, RedHat

CISO Strategy

CISO Strategy

 

What the CISO Should Do to Help the Board Make Informed Decisions Around Security and Risk

  1. Develop and communicate a security mission statement rooted in business enablement
  2. Determine your risk appetite and document your risk tolerance in layman’s terms
  3. Choose a security framework and map initiatives to that framework
  4. Establish unbreakable rules around security responsibility and information sharing
  5. Keep the board updated on security trends and be prepared to discuss specifics, such as how the organization is responding to a specific threat drawing headlines

What the Board Should Do to Support a Culture of Security Awareness and Accountability

  1. Approach and understand cybersecurity as an enterprise-wide risk issue
  2. Learn the legal implications of cyber risks
  3. Access cybersecurity expertise by giving cyber risk discussions adequate time on the board meeting agenda
  4. Set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget
  5. Discuss cyber risks from the perspective of identifying which risks to avoid, mitigate, accept, or transfer through insurance, as well as specific plans associated with each

Personally identifiable information (PII) Examples

Personally identifiable information (PII) Examples

PII is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

 

Examples

  • John Smith + Trustwave = GDPR
  • John Smith + Phone Number = GDPR
  • jsmith@trustwave.com = GDPR
  • PII; car number plate, national insurance , passport number, NI Number all = GDPR
  • 407 Southway Drive Plymouth + John Smith = GDPR (fictitious address)
  • Post Code + car reg = GDPR
  • Medical record = GDPR
  • Cookies = GDPR
  • IPaddress = GDPR
  •  Princess Diana  does not apply to GDPR as she has deceased.
  •  Prince William = GDPR
  •  Essentially any information that can identify a living person can be in scope of GDPR even indirectly can come into scope of GDPR:
  •  For example if I was to write a blog then just by the content of the blog if I can be identified , i.e. by style of writing or subject it could indirectly come into GDPR