Referencias | References
Referencias completas de vocabulario, eventos, crónicas, evidencias y otros contenidos utilizados en los proyectos relacionados con biotecnología y neurociencia de la KW Foundation.
Full references of vocabulary, events, chronicles, evidences and other contents used in KW Projects related to biotechnology and neuroscience.
Especial | A | B | C | D | E | F | G | H | I | J | K | L | M | N | Ñ | O | P | Q | R | S | T | U | V | W | X | Y | Z | TODAS
Addressing security with the board 
Addressing security with the board: Tips for both sides of the table
Clearly security is a boardroom topic, but the trick is to get both sides on the same page
By Steve Ragan
In the boardroom, when it comes to addressing the topic of security, there's tension on both sides of the table.
It doesn't happen all the time, but when it does, the cause of the friction is usually security executives and board members – each with vastly different areas of expertise and interest – pushing to get what they want out of the discussion while keeping business goals intact.
Stephen Boyer, the co-founder and CTO of BitSight Technologies, a company that uses public data to rate the security performance of an organization, shared some thoughts with CSO recently, geared towards moving the discussions forward past the deadlock.
Since there are two sides to the issue, Boyer shared two sets of tips; one set for the board and the other set for the executives speaking to them.
As a board member
Frame expectations clearly
Communication goes both ways. It's essential to make sure the security team understands what information is required, how discussions should be framed, and the level of abstraction you require to make decisions. Otherwise, you risk sitting through conversations that fail to address the issues the business cares about most.
"In no way should every board member have to act as a security expert. But, in today’s world, cyber risks are a major part of managing risk in a business. Therefore board members need to make it known what they see as critical and how to begin those conversations," Boyer explained.
Are you talking about security or risk?
Performance is important, but instead of focusing on specific technologies, policies and procedures, evaluate what the business is doing to proactively mitigate cyber risks and what those risk levels are.
For example, are there risks in the supply chain that your organization could be ignoring? With each strategic decision made, are the organization's risks increasing or decreasing?
"Understanding the security performance of a company is important, but managing the risks associated with security is crucial. As in other business areas, boards need to be aware of the sources of risk and communicate clearly what is acceptable for the business. From there, it’s not up to the board to dictate what technologies and policies should be in place, but to guide their teams when it’s necessary to take action to reduce or transfer security risks," Boyer said.
Decide on the key indicators you want to monitor and be consistent
You don't need to be in the trenches to understand security posture if you choose the right data points to assess. Work with your team to choose meaningful, data-driven metrics that demonstrate both performance and effectiveness. It matters less how frequently you are attacked if your team is effectively re-mediating threats before they become an issue.
"One of the issues we can’t stress enough is that to arrive at insight and action ability, it’s important that all parties agree on a set of metrics that are objective and consistent. The goal is to paint a clear picture of security performance over time, and to gain context about where your company sits relative to peers and competitors within your industry," Boyer added.
Focus on a fixed set of key indicators, and benchmark performance over time to gain valuable insight into the issues affecting your posture and effectiveness. Moreover, correlate performance changes with key events to gain an understanding about the impact of technology investments, headcount and policy decisions.
In short, shift the conversation from a numbers game to a performance review, as you would in other areas of the business.
As a security executive
Always provide context.
Historical trend data and peer comparisons are key points for helping leaders "get it" when the spotlight is turned on security performance.
Being able to show how your organization compares to others in your industry, provides context that is often lacking from discussions about cyber security. Your board members bring expertise from their personal experience - tying performance metrics back to companies they've managed or advised can help.
Demonstrating that your company is more or less secure than others in your sector can help leaders justify strategic changes and investments that can improve your team's effectiveness.
"Context is key when it comes to security performance. If board members hear that overall security is going well, it gives them little information to bring cyber security into strategic decisions. A key way to add context to these discussions is through industry and peer benchmarking. If a security professional can tell the board, 'Here is where we are in relation to our industry and this is what I need for us to improve.' That is a strong and actionable statement," Boyer said.
Tell a story & teach a lesson.
Use this time to train your board members and fellow executives to be alert. Tell them what specific threats are targeting your company, what the attacks look like and what they can do to help avoid a breach.
If a peer has been breached and you fear you might also be a target, explain what conditions existed to allow the attack to happen and what you're doing to make the company more secure. By focusing on specific threats that your company is facing, instead of wants regarding issues you've already handled or the technical specifications of an attack, you can help prevent attacks from spreading.
"While conversations should stay high level when it comes to security, boards should be informed of major threats facing their company. In our recent analysis of the Education sector, we found that the Flashback virus was widespread on college networks," Boyer said.
"For a university security practitioner, this is crucial information to convey to the school’s board and more importantly, to answer the fundamental question: 'What does this threat mean for our business?'"
Answer the questions being asked.
Your metrics should paint a picture that people outside the security team can understand. Reduce the amount of technical jargon and stat charts on your slides and focus on measuring what matters to your audience. The end result should communicate whether you are more or less secure, and why.
"A lot of times we hear from companies that talking with security teams can be intimidating because not everyone in the room is a technological expert, or at the same level of awareness as the pros. The way to face this challenge is to avoid walking into the room with an eye-chart packed presentation, but to instead focus on only showing the metrics that answer the questions your board is asking. This ties back to knowing your audience and making sure you speak in a common language," Boyer said.
El ácido desoxirribonucleico, frecuentemente abreviado como ADN, es un ácido nucleico que contiene instrucciones genéticas usadas en el desarrollo y funcionamiento de todos los organismos vivos conocidos y algunos virus. Es responsable de la transmisión hereditaria. El papel principal de la molécula de ADN es el almacenamiento a largo plazo de información.
ADVANCED PERSISTENT THREATS 
3 BIG DATA SECURITY ANALYTICS TECHNIQUES YOU CAN APPLY NOW TO CATCH ADVANCED PERSISTENT THREATS
By Randy Franklin Smith and Brook Watson
In this unprecedented period of advanced persistent threats (APTs), organizations must take advantage of new technologies to protect themselves. Detecting APTs is complex because unlike intensive, overt attacks, APTs tend to follow a “low and slow” attack profile that is very difficult to distinguish from normal, legitimate activity—truly a matter of looking for the proverbial needle in a haystack. The volume of data that must be analyzed is overwhelming. One technology that holds promise for detecting these nearly invisible APTs is Big Data Security Analytics (BDSA).
In this technical paper, I will demonstrate three ways that the BDSA capabilities of HP ArcSight can help to fight APTs:
Please read the attached whitepapers.
Afecto en la socialización 
El afecto en la socialización
Las sociedades se construyen con cada nuevo miembro que nace en ellas. Ellos son los cimientos que soportarán en un futuro el destino de la sociedad, y es por ello que debemos esmerarnos en que tengan la mejor calidad humana para acometer esa tarea. El afecto es la energía que hace que se mueva toda la maquinaria social y tiene su origen en la especial relación entre madre e hijo durante los primeros meses de vida y, en menor medida, entre padre e hijo. Será durante esa etapa cuando aprenda lo que es el afecto, qué valor tiene y por qué tiene que ganárselo. Los hijos separados de sus madres durante los primeros años de vida son más vulnerables ante todo tipo de enfermedades y será fácil que desarrollen psicopatía, un trastorno que hacen que el individuo viva al margen de la sociedad y que la considere como hostil. El afecto es el lenguaje universal que hablan los hombres y mujeres dentro de la humanidad, a través de él construyen las instituciones, las funciones y las estructuras sociales. El sentido de la vida está orientado a lograr afecto en sus múltiples manifestaciones, como amor, como reconocimiento, como admiración, etc. Además el afecto retorna hacia quien lo entrega. Los nuevos miembros de la sociedad buscarán el afecto de sus padres en la sociedad. La sociedad le ofrecerá recompensas en las que verán ese afecto. Serán generalizaciones del afecto paternal.
Agencias de Calificación de Riesgos 
Las agencias de calificación de riesgos son empresas que, por cuenta de un cliente, califican determinados productos financieros o activos de empresas, Estados o Gobiernos. Sus notas o calificaciones valoran el riesgo de impago y el deterioro de la solvencia del emisor. Para los inversores, aumentan el abanico de opciones y proporcionan medidas fáciles de usar. En general esto incrementa la eficiencia del mercado, al reducir los costes tanto para el que presta como para el que toma prestado. Este mecanismo puede afectar la disponibilidad de capital de riesgo, fundamental para emprendedores y startups. La calificación marca el tipo de interés al que se concederá la financiación.
AGESIC es la Agencia de Gobierno Electrónico y Sociedad de la Información de Uruguay, unidad ejecutora dependiente de la Presidencia de la República. Posee autonomía técnica. Su finalidad es impulsar la Sociedad de la Información, promoviendo la inclusión y equidad en el uso de las TIC (Agenda Digital Uruguay) y liderar la estrategia de Gobierno Electrónico y su implementación en el país, como base de un Estado eficiente y centrado en el ciudadano.
Sitio web: http://agesic.gub.uy/.
Agile Operations 
eGuide: Agile Operations
In the application economy, constant application updates are table stakes. To gain a competitive advantage, you must deliver the very best user experience by ensuring those improvements are based on real user feedback and application and infrastructure performance - from mobile to mainframe, on-premise or in the cloud. End-to-end monitoring solutions from CA can give your enterprise the holistic monitoring and in-depth management capabilities it needs to turn this feedback into valuable functions and reduce mean-time-to-recover.
Read this eGuide to learn how you can enhance user experience by leveraging real-time insights from your entire application and infrastructure to drive improvements.
Please read the attached eGuide.
AI-powered Google services 
The phone personalizes the machine-learning model locally, based on how it is used (A). Many users' updates are aggregated (B) to form a consensus change (C) to the shared model, after which the procedure is repeated. Image: Google
Android más inteligente: los servicios de Google que funcionan con AI mejorarán a medida que los utilice
Smarter Android: AI-powered Google services will get better as you use them
By Nick Heath
The tech giant is testing whether its mobile services could use an approach called Federated Learning to improve their machine-learning models.
Google is introducing a new way for its AI-powered services to improve as people use them.
The tech giant is testing whether its mobile services could use an approach called Federated Learning to refine their underlying machine-learning models.
For each Google service, a machine-learning model is downloaded to a mobile device. Federated Learning allows these models to improve by learning from data on the phone, and then to summarize any local changes as a small update. This update is then encrypted and sent back to the Google cloud, where it is averaged with other user updates to improve the shared backend model.
The continual refinement of the machine learning model stored on the phone benefits the end user, as improvements no longer depend solely on the improved machine learning models being downloaded to their phone.
Google says the approach also has the advantage of improving privacy, as all the training data remains on the device, and no individual updates are stored in the cloud. Updates will only be decrypted and averaged with those from other phones once hundreds or thousands of similar updates have been gathered.
"Federated Learning allows for smarter models, lower latency, and less power consumption, all while ensuring privacy," Google research scientists Brendan McMahan and Daniel Ramage said in a blog post.
"And this approach has another immediate benefit: in addition to providing an update to the shared model, the improved model on your phone can also be used immediately, powering experiences personalized by the way you use your phone."
Google is testing the Federated Learning approach in Gboard, a keyboard for Android handsets. In this instance, the machine learning model will remember which suggested inputs and information the user clicked on and use that data to improve future suggestions.
The blog post goes into some detail about the complexity of introducing the Federated Learning approach, including mentioning that the on-device training uses a miniature version of TensorFlow, Google's open-source software library for machine learning.
Google says that the Federated Learning approach can't be used to help solve every machine learning challenge, with exceptions including using labelled images to teach a machine to recognize the breed of dog in a photo.
In a somewhat similar move, last year Apple said it would approach machine learning in a way that respects personal data, by using what it called 'differential privacy'. This approach allows it to analyze customer data for trends without being able to identify any particular individuals: for example, to be able to spot trending words that need to be added to the QuickType keyboard suggestions.