If you memorize these 00M-662 real questions, you will get full marks.
killexams.com is the particular last preparation resource for passing the particular IBM IBM Security Systems Sales Mastery Test v2 exam. We possess carefully complied plus practiced Practice Test and exam prep, that are usually up to day with the same frequency as actual 00M-662 examination is up-to-date, and reviewed by way of enterprise specialists.
Exam Code: 00M-662 Practice exam 2022 by Killexams.com team IBM Security Systems Sales Mastery Test v2 IBM Security Topics Killexams : IBM Security syllabus - BingNews
Search resultsKillexams : IBM Security syllabus - BingNews
https://killexams.com/exam_list/IBMKillexams : IBM and Cisco: Progress on Cyber Security, But Not Enough
At NIWeek earlier this month, executives from two tech heavyweights – Cisco and IBM – weighed in on the status of cyber security. Their conclusion? We’re making progress, but not enough. Both IBM and Cisco are deeply involved in developing cyber security defenses, both as individual companies and as founders of the Industrial Internet Consortium.
Paul Didier, industry solutions architect at Cisco Systems, noted that the increased attention on security is helping to focus solutions on the challenge, but there’s still ways to go. “This space is no longer being ignored. There is lot of good definition about what it means to have a secure area: validation, organization, and who you trust,” Didier told Design News. "But it’s just getting started. I’m looking for the industrial bodies to come up with security packages.”
Greg Gorman, director, product management with the Internet of Things at IBM, sees security as a problem with a number of facets -- each of which has be addressed individually and successfully. “It’s a huge challenge. We need multiple security software tools,” Gorman told Design News. We've been looking at people who are interested in approaching it from data and data analytics. We’re also looking for companies to do it on the chip level.”
Automakers Need a Defense Lesson
Gorman pointed to exact problems with car hacking as an example of the new difficulties in cyber security. He believes there are solutions from the defense industry that can be deployed by automotive companies. “It used to be you only had to fortify the door in a car. Now there are a lot of orifices,” said Gorman. “Certain critical functions in the car will have to be encrypted, just like in the defense industry. The carmakers know which of their systems can be entered. Now they need to be able to detect it when it’s not the right person entering. As a systems engineer, I see it as a systems problem.”
At Cisco, Didier sees the cyber security challenge growing with the increased connectivity that comes with the Internet of Things. The shift in greater connectivity not only creates more vulnerabilities, it also requires a more complex solution. “You have a lot of things talking to each other, so it needs to be more secure and more flexible,” said Didier.
Like many in the industrial space, he sees a need for greater cooperation between IT and operation teams. “IT and OT need to have a relationship. Cisco and IBM are both strong on IT security out of the box, but they have to do something about OT,” he said.
IBM is trying to address the challenge by creating an environment in which its partners and customers can work out security solutions. “We’re looking to build an ecosystem that people can innovate on,” said Gorman. “We can create that infrastructure and get participants to innovate while still operating within the bubble of their own brands.”
What do you think has to be done to speed up progress around cyber security? Share your thoughts in the comments!
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other syllabus he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.
[image source: iliana.info]
Tue, 28 Jun 2022 12:00:00 -0500entext/htmlhttps://www.designnews.com/automation-motion-control/ibm-and-cisco-progress-cyber-security-not-enoughKillexams : IBM’s Cost of a Data Breach Report finds invisible ‘cyber tax’
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
When it comes to operational challenges, few mistakes are as costly as data breaches. Just one exploited vulnerability can lead to millions in damages, not just due to upfront disruption, but a loss of respect from consumers and potential compliance liabilities.
Unfortunately, the cost of a data breach is only going up. Today, IBM Security released its annual “Cost of a Data Breach” report conducted by Ponemon Institute, which found that the cost of a data breach in 2022 totaled $4.35 million, an increase of 2.6% since last year’s total of $4.24 million.
The research also found that organizations that fell victim to cyberattacks were prime target for follow-up attacks as part of a “haunting effect”, with 83% of organizations studied having had more than one data breach.
For enterprises, the report highlights that new approaches are required to mitigate the impact of data breaches, particularly in the face of a growing number of sophisticated attacks, which can’t always be prevented.
The hostile reality of the threat landscape
As the cost of a data breach continues to rise amid a threat landscape of rampant double and triple extortion ransomware attacks and identity-related breaches, it’s becoming increasingly clear that traditional approaches to enterprise security need to be reevaluated.
In the last week alone, T Mobile and Twitter found out the cost of a data breach first hand with the former agreeing to pay customers $350 million as part of a post-breach settlement, and the latter having to deal with the negative fallout after a hacker claimed to have accessed data on 5.4 million users.
With the impact of such breaches causing millions in damage, many organizations decide to pass costs onto consumers, as part of an invisible cyber tax. In fact, IBM found that for 60% of organizations, breaches led to price increases passed on to customers.
“What stands out most in this year’s finding is that the financial impact of breaches is now extending well beyond the breaches organizations themselves,” said Head of Strategy, IBM Security X-Force, John Hendley.
“The cost is trickling down to consumers. In fact, if you consider that two or three companies within a supply chain may have suffered a breach and increased their prices, there’s this multiplier effect that’s ultimately hitting the consumer’s wallet. Essentially, we’re now beginning to see a hidden “cyber tax” that individuals are paying as a result of the growing number of breaches occurring today compounded with the more obvious disruptive effects of cyberattacks,” Hendley said.
When asked why the cost of data breaches continued to grow, Hendley explained that there’s a high volume of attacks occurring, but only a limited number of skilled security professionals available to respond to them.
This is highlighted in the research with 62% of organizations saying they weren’t sufficiently staffed to meet their security needs.
What are the implications for CISOs and security leaders
Although the report highlights the bleakest of the current threat landscape, it also points to some promising technologies and methodologies that enterprises can use to reduce the cost of data breaches.
For instance, one of the most promising findings was that organizations with fully deployed security AI and automation can expect to pay $3.05 million less during a data breach, and on average cut the time to identify and contain a breach by 74-days.
At the same time, organizations that implement zero trust can expect to pay 1 million less in breach costs than those that don’t.
Finally, those organizations maintain an incident response team and regularly tested IR plans can expect to cut the cost by $2.66 million.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Advocating for greater security collaboration between businesses, law enforcement, and government
By Nicole Mills, Exhibition Director at Infosecurity Group
Cybercrime is on an extremely worrying trajectory.
A previous survey of global IT security decision makers conducted by Statista revealed that 46.4% of organizations had endured between one and five successful cyber-attacks in the 12 months ended November 2020. Since then, Accenture has reported that such attacks increased 31% between 2020 and 2021.
As we now move through 2022, this concerning reality is further compounded by even more frightening figures.
According to IBM, the average cost of a data breach last year was $4.24 million, and this number is predicted to rise in 2022. Resultantly, Cisco and Cybersecurity Ventures together suggest that come 2025, the global cost of cybercrime could exceed $10 trillion.
The Infosecurity Group Advisory Council comprising industry leaders at the cutting edge of cybersecurity solution highlight many varying factors contributing to this broad and growing challenge.
Unsurprisingly, ransomware was pinpointed as an area of particular concern. While individuals, criminal groups and nation states will continue to favour ‘tried and tested’ approaches, they are expected to employ these in novel ways to generate revenue from attacks.
Indeed, more sophisticated attacks leveraging new methodologies are becoming more commonplace, and supply chain attacks have emerged as a prime example. Businesses now need to realise that their security relies on a web of third-party suppliers, and that they’re only as strong as the weakest link.
At the same time, the council affirmed that information security investment is, generally, still not sufficiently prioritised within businesses or government.
Greater collaboration is critical
The point is that there are a multitude of evolving threats, and attitudes and mindsets simply must change in order to keep up.
Cybercriminal networks today are expanding, evolving, advancing and working together to target victims more successfully than ever before. Ransomware-as-a-service, for example, is dramatically lowering the barriers-to-entry for attackers, with savvy cybercriminals actively supporting the threat ambitions of less technically abled perpetrators at scale.
To even stand a chance in the fight taking place amid this increasingly complicated landscape, cybersecurity professionals must equally collaborate by sharing knowledge and experiences to support each other in identifying vulnerabilities and developing stronger security strategies.
Promisingly, there is agreement within our community that greater cooperation will help.
According to an Infosecurity Europe Twitter poll conducted in January 2022, 45% of the 2,543 respondents pointed to advanced threat detection is the cybersecurity challenge that would benefit most from increased industry collaboration. This was followed by social engineering threats (22%), incident response planning (18%), and governance, risk and compliance (15%).
With a clear appreciation that greater collaboration within cybersecurity will bring major advantages, it’s vital that we act as a united industry to overcome any barriers that might be stifling this. I believe we must work together to build an environment of trust and transparency where we can exchange knowledge, resources and ideas to combat security threats while protecting commercial sensitivities.
Events as pillars of security progress
It is for this reason that we chose Stronger Together as the theme for Infosecurity Europe 2022 – to try to encourage greater collaboration between businesses, law enforcement and government.
Over the years I’ve seen first-hand the vital role that events play in facilitating cross-sector cooperation, instigating vital discussions that sew the seeds of greater security progress.
Every organisation from every operational background has a unique vantage point – different approaches that have been moulded by different experiences. By exchanging these experiences, approaches and ideas, we can support each other in achieving best practice, gaining practical and actionable knowledge that can help in keeping up with the increasing sophistication of security threats.
Events are vital platforms from which we can achieve a great deal. From seasoned professionals to those just starting out, everyone has value to add, and everyone can benefit.
In the case of Infosecurity Europe 2022, syllabus will range from everything from the need to tackle insider threats, building a security culture, the paradigm change in ransomware and monetisation of threats to cybercrime-as-a-service (CaaS), third party risk, how cyber criminals are changing their approaches, and improving detection of known and unknown threats.
Covering all these bases is critically important. When it comes to security, there are always more opportunities to learn. By expanding our collective knowledge, sharing insights and advocating for the broad adoption of best practices, we can begin to tackle the escalating problems of cybercrime and turn the tide together as a unified industry.
About the Author
Nicole Mills is Exhibition Director for the Infosecurity Group. With over 20 years’ experience in events and media, she has worked with many brands responsible for strategic and commercial growth. Nicole has worked in the Infosecurity Group for six years working with the Infosec team responsible for Infosecurity Europe and Infosecurity Magazine. Working with the team the aim is to bring the cyber community together to showcase the latest products and solutions to enable businesses to continue to protect themselves.
FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.
Sat, 06 Aug 2022 21:00:00 -0500en-UStext/htmlhttps://www.cyberdefensemagazine.com/cybersecurity-3/Killexams : Cyber Attacks Against Critical Infrastructure Quietly Increase
The Washington Post reported this week on how the cyber war between Iran and Israel has intensified. The story began this way: “In late June, Iran’s state-owned Khuzestan Steel Co. and two other steel companies were forced to halt production after suffering a cyber attack. A hacking group claimed responsibility on social media, saying it targeted Iran’s three biggest steel companies in response to the “aggression of the Islamic Republic.”
“Israel’s defense secretary then ordered an investigation into leaked video showing the damage to the steel plants, citing “operational events in a manner that violates Israel’s ambiguity policy.” This incident came close on the heels of a statement by the Israeli Security Agency, or Shin Bet, claiming a May cyber operation by Iran was intended to generate actions outside of the cyber domain.
“Both incidents show how the cyber conflict between the two countries has grown increasingly public in the past two years.”
The article goes on to point out that worldwide cyber actions are becoming less covert.
“Critical Infrastructure Lags in Zero Trust – Almost 80 percent of critical infrastructure organizations studied don’t adopt zero-trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28 percent of breaches amongst these organizations were ransomware or destructive attacks. …
“Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28 percent of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and health-care companies amongst others.”
HEALTH-CARE DATA BREACH COSTS REACH RECORD HIGH AT $10M PER ATTACK
Commenting on the report, this article points out that “the unrelenting barrage of cyber attacks against health-care organizations is causing major financial damage as health systems struggle to mitigate the costs of data breaches.
“A health-care data breach now comes with a record-high price tag — to the tune of $10.1 million on average, according to IBM Security’s annual Cost of a Data Breach Report.”
TREND MICRO CRITICAL INFRASTRUCTURE REPORT
Back in June of this year, Trend Micro Incorporated announced new research revealing that “89 percent of electricity, oil and gas, and manufacturing firms have experienced cyber attacks impacting production and energy supply over the past 12 months.
“The research also found that:
40 percent of respondents could not block the initial attack.
48 percent of those who say there have been some disruptions do not always make improvements to minimize future cyber risks.
Future investments in cloud systems (28 percent) and private 5G deployments (26 percent) were the top two drivers of cybersecurity among respondents.
The OT security function tends to be less mature than IT on average in terms of risk-based security.
“The addition of cloud, edge and 5G in the mixed IT and OT environments has rapidly transformed industrial operations and systems. Organizations must stay ahead of the curve and take security measures to protect business assets. Improving risk and threat visibility is a curtail first step to a secure industrial cloud and private network.”
Also, I like this Accenture OT and ICS security video covering “the art of the possible:”
CYBER INDUSTRY ASKS AGAIN: IS THE ‘BIG ONE’ COMING?
Just like earthquake discussions in California, it seems like we keep coming back to questions surrounding whether a cyber 9/11 or a cyber Pearl Harbor is coming soon.
This article proclaims “China Could Unleash a Cyber-Pearl Harbor on America“: “It is understandable that military analysts focus on Russia and the threat it poses to Ukraine. But when it comes to cyber, and in particular cyber defense and offense in space, we cannot forget that China is the leading threat. Lessons from the war against Ukraine may have only limited application to this more critical, longer-term struggle. …
“Unfortunately, we cannot assume that the cyber components of a conflict with China will resemble what we are seeing in Ukraine. Consider first of all that China has a $14.3 trillion economy, compared to Russia’s GDP of just $1.7 trillion at official exchange rates. While both countries have significant workforce technical skills, China has spent decades trying to copy and surmount the skills found in the United States and other highly advanced countries. It is a step behind the United States, Japan, Taiwan and our other peers in semiconductors, supercomputers and avionics — but only just a step.”
You may be wondering: Is this is a new Topic for “Lohrmann on Cybersecurity”?
The answer is no, and here are just a few of the previous blogs where I covered this critical infrastructure protection topic:
I expect this Topic is not going away over the next decade.
In fact, despite the lack of a Colonial Pipeline-type event in 2022 so far, cyber attacks against critical infrastructure are quietly rising around the world.
Sat, 30 Jul 2022 21:52:00 -0500by Lohrmann on Cybersecurity on July 31, 2022en-UStext/htmlhttps://securityboulevard.com/2022/07/cyber-attacks-against-critical-infrastructure-quietly-increase/Killexams : 9 Security Practices to Protect Your Business’s Sensitive Information
You don’t need to look far to see the repercussions when a business fails to protect sensitive information. Equifax, Adobe, Target were all victims of significant data breaches that resulted in a massive blow to their reputation and bottom line. [Learn the most effective ways of how to manage your online reputation.]
Data breaches and fraud are problems for businesses of every size, affecting over 25% of businesses with an average fraud loss of $38,000. That’s enough to push many small businesses into bankruptcy.
Types of security risks businesses face
Businesses face an increasing number of threats on a daily basis. Research shows that ransomware, phishing, data leakage, hacking and insider threats are all security issues businesses are dealing with.
FYI: Information security issues have a major impact on a business. Loss of revenue can result from remedying the problem and damage to your brand’s image.
Hackers are responsible for the majority of information security breaches. Cybercriminals look for ways to make monetary gain from businesses by using malware and phishing scams to collect sensitive data. The cost to remedy a data breach can be astronomical. Large companies that have to deal with major data breaches have paid out millions to certified to become compliant once again. According to IBM Security, the average cost of a data breach in the United States in 2020 was $150 per record.
Here is more about some of the threats businesses are facing.
Email phishing scams
Phishing is the act of a bad actor sending someone an email designed to look like an official communication from a legitimate, reputable company. This email may ask you to log in to an account or share your credit count information to prevent something drastic from happening. This information then goes not to the reputable company, but to the bad actor. You’re best off not responding no matter how legitimate the email looks.
To determine whether an email is a phishing attempt or a legitimate communication, check the email address that sent it. It’s easy to not think of doing so when you receive concerning emails, but the one second this takes can strongly protect your business. And if you’re not sure whether the email is legitimate, just call the company apparently behind the email. They’ll know for sure.
Device and computer hardware theft
Nearly 650,000 laptops are lost every year – and that’s just in airports. Surely, the number of laptops lost or stolen in both airports and other settings is in the millions. And a stolen laptop, if not password-protected, gives anyone who uses it full access to your information. The good news is that avoiding this security threat is easy: Always keep your password-protected laptop in sight or on your person.
Unauthorized network users
When you password-protect your Wi-Fi network, you block hackers from stealing your information. That’s because computer-savvy unauthorized network users can access any information you transmit via your Wi-Fi network. This information includes credit card numbers you use for online payments and passwords with which you log into your accounts.
Tip: Use a combination of strong passwords, two-factor authentication and endpoint security to help prevent security breaches.
How to protect your business from cybersecurity threats
To lower your risk and keep sensitive information safe, follow these essential security practices.
1. Only save what’s necessary.
The more information you collect about your customers and employees, the more you need to protect them. Companies often save more information than necessary, and their customers are the ones who suffer if a data breach occurs.
To limit what hackers could steal, only save the information you absolutely need to run your business. Avoid collecting anything extra, and if you only need information temporarily, get rid of it properly after you’ve used it.
2. Keep an information inventory.
Laptops, smartphones, tablets and flash drives provide plenty of convenient ways to store and transfer information, but this also results in more opportunities for data to fall into the wrong hands.
Keep track of what information you’re storing, where you store it and who has access to it. Make sure this information inventory includes both electronic files and physical documents with sensitive information.
3. Stay up to date with your cybersecurity.
There are quite a few top cybersecurity programs that can protect businesses of any size from malware and other threats. Look for a paid program that can secure your network and every device on it. The money you spend is well worth it, as a breach could cost you much more. Once you have your cybersecurity program in place, install all updates immediately.
Did you know? The Equifax breach, which affected 143 million people, occurred because, the company failed to update Apache Struts, according to sources who spoke to Bloomberg.
4. Store physical documents securely.
Cyberattacks may be a more common threat, but lost or stolen documents can be just as bad. Whenever documents contain sensitive information, it’s important to keep them safe from prying eyes.
Store documents in a locked file cabinet or room that only your most trusted employees can access. Dispose of documents by running them through a shredder.
5. Pay for expenses with a business credit card.
For business expenses, the best and most secure payment method is a business credit card. Most will have zero-liability fraud protection, and if you need to dispute a transaction, you won’t be out any money during that process. You can set spending limits on employee cards and receive immediate notifications of any transaction via text alerts.
Any payment method has its risks, but credit cards have the most safeguards and security features. Security isn’t the only benefit of business credit cards, as they also provide detailed expense reports and the opportunity to maximize your travel rewards.
6. Set internal controls to guard against employee fraud.
Regardless of how much you trust your employees, it’s wise to use internal controls to limit your employee fraud risk. Otherwise, employees could misuse company funds or steal customer information.
Limit each employee’s access to only the information they need for their job. Make sure your systems log what information each employee accesses. Set up segregation of duties to prevent any single employee from having too much responsibility. For example, instead of having one employee make purchases and go over expense reports, split those tasks among two employees.
7. Monitor your employees’ accounts.
Any employee’s account is a potential hacker’s portal to your most valuable information. To protect your business from employee account hacks, you should analyze their logs and behavior while setting rule-based alerts. In doing so, you can identify unusual login attempts that often indicate a hacker inside the account.
8. Create firm employment agreements.
In all your job contracts, include text that forbids your employees from sharing certain types of information. Every time an employee shares information, they transmit data through a channel that, even if highly secure, could still theoretically be breached. If this information isn’t shared in the first place, it can’t be accessed.
9. Plan your response to data breaches.
You always need to be prepared for a worst-case scenario. How you respond to security incidents can be the difference between a minor data loss and a costly breach. Your plan should include the following steps:
Close any holes immediately. Disconnect and shut down any compromised computers, and stop using any compromised programs.
Notify the appropriate parties. Depending on the information that was stolen, you may need to let customers and law enforcement know about it.
Investigate what happened. Conduct an internal review or hire an agency to find out what went wrong.
Giving your business maximum protection
Preventable security issues have brought down many small businesses. Although you can’t eliminate the possibility of data breaches or fraud, with the right security practices, you can reduce their likelihood and minimize the damage if one occurs.
Tue, 19 Jul 2022 12:00:00 -0500entext/htmlhttps://www.business.com/articles/7-security-practices-for-your-business-data/Killexams : Has the cloud caught up with the mainframe?
Yes, you read that right. For much of the last couple of decades, it’s felt as if everyone has been talking about the impending demise of the mainframe, whilst simultaneously attempting to emulate as many as possible of its key operational characteristics.
Originally this emulation was via industry-standard servers, but in the last few years “the cloud” has taken up this challenge. It began with cloud computing promising the same level of scalability, flexibility and operational efficiency that mainframe systems have long provided, and on scalability going somewhat further. For a while these were more words than reality, but now cloud capabilities are (finally) getting close to what mainframe users have long taken for granted.
More recently, attention in cloud circles has turned to other – what we might regard as core – mainframe attributes such as security, privacy, resilience and failover. Whether you believe the marketing of cloud providers on this is up to you (as it is with any vendor marketing messages). But ensuring such things certainly requires very careful memorizing of the service level guarantees and contractual small print.
Today much of the focus of cloud services has switched to support for specialist workloads, and again, we see cloud following in the footsteps of the mainframe by using dedicated offload engines designed to optimise workload performance, and in many cases to minimise software licensing costs as well. But it’s always seemed as if cloud has been in catch-up mode, and the mainframe has remained in the lead. Which leads to the question, has the cloud now caught up?
Has the cloud caught up?
In many ways, the answer is “yes”, but this is a qualified yes. When it comes to scalability, throughput, operational efficiency, and arguably even resilience and failover, cloud has arguably caught up with the mainframe of the 1990s or early 2000s. But there are other factors to bear in mind as the mainframe has not stood still.
For example, it is fair to say that cloud providers have made great strides on security and privacy, but in reality the mainframe is still recognised as the gold standard, with security baked into every layer in the systems stack.
Then there are questions such as latency and data location. With the mainframe, there is no doubt where the data resides and who can access it. Managing these details and the associated operational policies has been part of the platform for over fifty years. When it comes to latency, the mainframe is probably sitting very close to the data you are working with, making latency as low as possible in terms of system response times, something reinforced when considering the system’s very powerful processors and sophisticated, mature partitioning capabilities.
And the mainframe environment is getting even stronger when you look at the announcements made at the exact launch of the IBM z16. These include quantum-safe cryptography to protect against the development of Quantum computers able to decrypt current encryption standards, on-chip AI acceleration to boost ML and AI execution, and flexible capacity combined with on-demand workload transfer across multiple locations to further reduce the chance of service disruption.
But there are places where things are arguably closer, one of which is in the area of workload optimisation, although the two environments are developing in different ways. For example, the mainframe strives to deliver a consistent environment that can handle a wide range of workloads, but managed through the same set of frameworks and tools. The cloud, on the other hand, allows you to spin up dedicated specialised environments, e.g. for AI or analytics.
What about developers?
Which leaves the question of where is “the cloud” ahead of the mainframe? The obvious place to start is in terms of the diverse geographic distribution of the major public clouds which spread across the globe with huge resources that no mainframe or mainframe cluster can match that. But this advantage is no longer quite so huge given that IBM will shortly be making “mainframe as a service” available from its IBM Cloud data centres around the world.
Not quite as a corollary, it is also fair to say that cloud was ahead for a while with regard to modern software delivery methods such as DevOps and the implementation of various agile delivery solutions. But we must recognise that it hasn’t taken long for the gap to close because the fundamental principles underlying things like DevOps, container, microservices, APIs, etc. have been intrinsic to the mainframe environment for decades, indeed pretty much since its beginning. In addition, IBM and the other software vendors in the mainframe ecosystem, such as Broadcom and BMC, have developed their offerings to such a degree that today there’s almost absolute parity.
In essence today’s mainframe environment is one where the latest generation of developers should not feel out of place. It uses the same standards-based, open tools they handle daily. And with the mainframe-as-a-service soon to be available, devs will be able to build code wherever they like and run it on the mainframe with a few clicks and no need to build a complex environment.
This is good news for the mainframe, but having the technological capabilities is less than half of the challenge. What’s really needed is for the mainframe to catch the eye of modern developers. IBM needs to ensure that developers understand that the mainframe is not a new and alien place, but instead is ready for them to exploit using the tools they are already comfortable with.
Some final thoughts
When you stand back and consider the modern mainframe, particularly the LinuxOne version and the new Z16, it’s pretty clear any claims of the mainframe being out of date or legacy stem from a fundamental lack of awareness. Indeed, the mainframe has continued to lead the way in many critical areas, delivering IT cost-effectively and securely at scale. The bottom line is, it’s not that the mainframe has been trying to keep up with industry developments, it’s that the mainframe is still very much leading the way.
Wed, 27 Jul 2022 18:48:00 -0500entext/htmlhttps://www.computerweekly.com/blog/Write-side-up-by-Freeform-Dynamics/Has-the-cloud-caught-up-with-the-mainframeKillexams : Cybrary confronts the cyberskills gap head on; raises $25M
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
As we move deeper into 2022, almost every company is feeling the cyberskills gap to some degree. Now with the cyber workforce gap hitting 2.72 million, it’s unsurprising that IBM research recently found that 83% of organizations have had more than one data breach.
With the workforce gap showing no sign of closing, training is becoming critical for employees to teach cybersecurity professionals the skills they need to thrive amid today’s complex threat landscape.
Addressing the cyberskills gap
As the cyberskills gap continues to grow, more and more organizations are recognising the need to use training — rather than hiring — to fix the shortage.
“Studies continue to show that a cybersecurity staffing shortage is placing organizations at risk, and the skills shortage and its associated impacts have not improved over the past few years,” said Kevin Hanes, CEO of Cybrary, a cybersecurity skills training platform.
“Products and technology will not help solve this fundamental issue; rather, investing in people is key to narrowing the cybersecurity skills gap and helping to combat increasing burnout and human error,” Hanes said.
Hanes says that Cybrary is aiming to address these challenges by providing cybersecurity practitioners with the “right training at the right time” to equip them to respond to modern threats.
It does this by providing them with a platform they can use to access learning materials and prepare for professional certifications with scenario-based training and over 1,900 learning activities.
A look at the IT training market
Cybrary is competing against a range of cybersecurity training providers that offer online, in-person training and boot camps. The provider sits loosely within the global IT training market, which researchers valued at $68 billion in 2020, and estimate will reach a value of $97.6 billion by 2026.
One of Cybrary’s competitors is Pluralsight, which offers a mixture of courses, skill-assessments labs, and hands-on learning developed by industry experts on syllabus such as Microsoft Azure Deployment, AWS Operations and Ruby Language Fundamentals.
Pluralsight most recently announced raising $430.4 million in revenue in 2020.
Another competitor is Infosec, a cybersecurity training and security awareness training provider with over 2,000 resources, including over 1,400 cybersecurity courses and cyber ranges, and live boot camps with instructor-led training. According to Zoominfo, Infosec has raised $31 million in revenue.
However, Hanes argues that Cybrary differentiates itself from other solutions on the market by offering up-to-date learning material at a lower price point.
“Cybrary’s platform allows individuals and teams to skill up on their own time from anywhere in the world. And with the Cybrary Threat Intelligence Group (CTIG) and SMEs developing new content in real time, Cybrary users can be confident that we are providing them with high-quality training that covers the latest threats and vulnerabilities impacting the industry.”
Today, Cybrary announced it has raised $25 million as part of a series C funding round, bringing its total funding to $48 million following a $19 billion series B funding round in 2019.
The organization intends to use the funding to enhance its R&D across engineering, product and marketing teams, while growing the capabilities of the Cybrary Threat Intelligence Group.
More broadly, the funding highlights that investors are looking to security training as a potential solution to bridge the cyberskills gap.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Tue, 05 Jul 2022 04:01:00 -0500en-GBtext/htmlhttps://www.bbc.com/news/topics/c77jz3mdqwpt/ibmKillexams : Post-quantum crypto cracked in an hour with one core of an ancient Xeon
One of the four encryption algorithms America's National Institute of Standards and Technology (NIST) considered as likely to resist decryption by quantum computers has had holes kicked in it by researchers using a single core of a regular Intel Xeon CPU, released in 2013.
Within SIKE lies a public key encryption algorithm and a key encapsulated mechanism, each instantiated with four parameter sets: SIKEp434, SIKEp503, SIKEp610 and SIKEp751.
Microsoft – whose research team played a role in the algorithm's development along with multiple universities, Amazon, Infosec Global and Texas Instruments – set up a $50,000 bounty for anyone who could crack it.
Belgian boffins Wouter Castryck and Thomas Decru claim to have done just that, using some good ol' non-quantum x86 silicon.
"Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively. A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core," wrote Castryck and Decru, of Katholieke Universiteit Leuven (KU Leuven ) in a a preliminary article [PDF] announcing their discovery.
The authors made their code public, as well as the details of their processor: an Intel Xeon CPU E5-2630v2 at 2.60GHz. That bit of kit was launched in Q3 2013, used Intel's Ivy Bridge architecture and a 22nm manufacturing process. The chip offered six cores – not that five of them were in any way encumbered by this challenge.
Quantum-resistant encryption research is a hot Topic because it is felt that quantum computers are almost certain to become prevalent and sufficiently powerful to crack existing encryption algorithms. It is therefore prudent to prepare crypto that can survive future attacks, so that data encrypted today remains safe tomorrow, and digital communications can remain secure.
Thus, bounties for testing its limits abound.
Microsoft described the algorithm as using arithmetic operations on elliptic curves defined over finite fields and compute maps, also called isogenies, between the curves.
Finding such an isogeny was thought to be sufficiently difficult to provide reasonable security – a belief now shattered by nine-year-old tech.
Alongside the vintage processor, Castryck and Decru used a key recovery attack on the Supersingular Isogeny Diffie–Hellman key exchange protocol (SIDH) that was based on Ernst Kani's "glue-and-split" theorem.
"The attack exploits the fact that SIDH has auxiliary points and that the degree of the secret isogeny is known. The auxiliary points in SIDH have always been an annoyance and a potential weakness, and they have been exploited for fault attacks, the GPST adaptive attack, torsion point attacks, etc." argued University of Auckland mathematician Stephen Galbraith in his cryptography blog.
The math gets cerebral, and Galbraith suggests if you really want to understand it, you need to study Richelot isogenies and abelian surfaces.
Damn. Another missed opportunity during lockdown.
But we digress. For those who already have a rich background in elliptic curve cryptography and want a quick immersion, there are several Twitter threads that analyze the achievement at greater depth.
Some professionals in the arena propose that not all is lost with SIKE.
SIKE co-creator David Jao reportedly believes the NIST submitted version of SIKE used a single step to generate the key, and a possible more resilient variant could be constructed with two steps.
That possibility lies still in a yet undiscovered portion of the intersection of mathematics and computer science. In the meantime, cryptography experts are shaken.
"There is no doubt that this result will reduce confidence in isogenies. The sudden appearance of an attack this powerful shows that the field is not yet mature," commented Galbraith.
Security researcher Kenneth White tweeted his awe and noted "In 10-20 yrs (or 50, or never) we *might* have practical quantum computers, so let's roll out replacement PQ crypto now. Which could be trivially broken today, on a laptop."
But as Kevin Reed, CISO of cybersecurity firm Acronis, put it in a LinkedIn post: "It's still better than if it was discovered after it is standardized." ®
Fri, 05 Aug 2022 04:42:00 -0500entext/htmlhttps://www.theregister.com/2022/08/03/nist_quantum_resistant_crypto_cracked/Killexams : IBM SmartCloud Powers an International Approach to Education
IBM is taking its Big Data and cloud capabilities overseas to help transform a French institution into a "smart business school" with international reach.
EMLYON Business School has partnered with IBM to use the company’s technologies to provide a more personalized education experience to its international students.
Cloud computing techniques can make education more compelling and encourage students to explore more topics, Katharine Frase, vice president and CTO of IBM’s public sector, told EdTech. It’s also a technology that makes sense for a school that intends to offer courses in multiple languages to countries on multiple continents.
“We’re interested in how cloud computing can help you not only on the efficiency side of education, but particularly on the digitized side — to enable you to be more nimble and to have more global reach,” Frase said.
EMLYON is also at the drawing-board stage with IBM on how its cognitive computing system Watson could bolster the school’s efforts, particularly Watson’s potential to overcome language barriers.
IBM's SmartCloud is a software-as-a-service offering that gives schools a cloud-based content-delivery system. EMLYON will be taking advantage of the system's versatility to offer business courses at the school’s campuses in France, China and Morocco as well as on "pop-up" campuses in emerging markets, such as West Africa.
“What we believe is genuinely new about this initiative is that it will allow us to deliver content and coaching that are absolutely relevant to each participants’ needs and aspirations, wherever they are in the world and at every step on their career path,” said Bernard Belletante, dean of EMLYON, in a press release. “So, in a similar way that users today can cherry-pick their entertainment, our community will be able to choose when, where and how much it learns.”