ETSI releases world-leading Consumer IoT Security standard

Sophia Antipolis, 30 June 2020

The ETSI Technical Committee on Cybersecurity (TC CYBER) today unveils ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.

Read More...

ETSI Multi-Access Edge Computing extends services to WiFi to address enterprise needs

Sophia Antipolis, 16 July 2020

The ETSI Industry Specification Group on Multi-Access Edge Computing, ISG MEC, has recently released ETSI MEC GS 028 to extend network information services to the world of WiFi and thus squarely into enterprises space.

Read More...

ETSI webinar on Standardization for EU competitiveness in a digital decade

Register now!

Sophia Antipolis, 6 October 2020

ETSI and KREAB invite you to a high-level virtual debate on 28 October to discuss and share your ideas on a standardization strategy to stimulate EU competitiveness in the digital economy.

Read More...

ETSI launches DECT-2020 new radio interface for IoT

New standard addresses ultra-reliable, low-latency and massive machine-type communication use

Sophia Antipolis, 20 October 2020

Developed by ETSI in the 90’s, the DECT^TM standard (Digital Enhanced Cordless Telecommunications) is implemented in more than a billion short-range communication devices around the world. The technology is now taking a giant step forward with a new set of DECT-2020 New Radio (NR) standards: the ETSI TS 103 636 series defines an advanced radio interface applying modern radio technologies. It is designed to provide a slim but powerful technology foundation for wireless applications deployed in various use cases and markets. DECT-2020 NR was developed to support broad and diverse wireless IoT applications requiring both ultra-reliable and low-latency communication needed in voice and industrial applications. It also supports massive machine-type communication with millions of devices in a network required in use cases such as logistics and asset tracking, industry 4.0 and building automation as well as condition monitoring.

Read More...

ETSI experts complete specifications for Vulnerable Road Users

Sophia Antipolis, 24 November 2020

A group of experts in ETSI TC ITS, the committee in charge of Intelligent Transport Systems, has just completed a set of three standards related to Vulnerable Road Users (VRU) protection with the specification ETSI TS 103 300-3. This standard defines the VRU awareness service together with its key interfaces and protocols as well as the VRU awareness message (VAM) format, semantics and syntax. The specification completes the Technical Report, ETSI TR 103 300-1 on use cases and the Technical specification, ETSI TS 103 300-2, addressing the functional architecture and requirements for VRU. The development of the standards included stakeholders from around the world and received a large set of contributions from representatives working on different types of vulnerable road users, for example bicycles and motorcycles.

Read More...

ETSI Top 10 Webinars in 2020 - Starring: cybersecurity, the Radio Equipment Directive, the new smart secure platform and AI

Sophia Antipolis, 8 December 2020

As 2020 comes to an end, we have selected for you our most popular webinars of the year. If you missed them, listen to the recorded presentations and their Q&A sessions, deep dive into cybersecurity novelties, discover the RED latest developments and find out about the new smart secure platform and AI.

Read More...

Open Source MANO Release NINE fulfils ETSI's zero-touch automation vision, ready for MEC and O-RAN use cases

Sophia Antipolis, 18 December 2020

ETSI is pleased to announce the launch of OSM Release NINE today. With an array of new features, this Release completes the alignment process with ETSI NFV specifications, culminating in native adoption of ETSI GS NFV-SOL006 for network functions and service modelling. Standardizing the onboarding process for VNFs into OSM fosters interoperability and boosts the growth of OSM’s VNF ecosystem. Release NINE coincides with the announcement of a new production deployment, confirming OSM as the most comprehensive open-source NFV orchestrator and a key enabler for zero-touch end-to-end network and service automation.

Read More...

ETSI releases test specification to comply with world-leading Consumer IoT Security standard

Sophia Antipolis, 12 October 2021

ETSI has released the test specification for the existing ETSI EN 303 645, the world leading consumer IoT security standard. This test specification, ETSI TS 103 701, describes how a conformity assessment is performed in a structured and comprehensive way. This will allow supplier organizations such as manufacturers, vendors or distributers to assess the compliance of their devices against ETSI ETSI EN 303 645 in self-assessments or via testing labs. User organizations can also apply the test specification for in-house testing.

Read More...

ETSI Top 10 Webinars in 2021 - Starring: DECT2020, Ultra-Wide Band radio technology, IPv6, MEC.

Sophia Antipolis, 8 December 2021

As 2021 comes to an end, we have selected for you our most popular webinars of the year. If you missed them, listen to the recorded presentations and their Q&A sessions, deep dive into the non-cellular 5G radio DECT2020-NR, IPv6, Multi-access Edge Computing, Open Source MANO and much more.

Read More...

ETSI Announces Second Release on Self-Adapting Autonomous Networks

Sophia Antipolis, 13 January 2022

Following on from meetings conducted in late 2021, ETSI has now completed Release 2 of its Experiential Networked Intelligence (ENI) specifications with the system architecture ETSI GS ENI 005. 

ETSI GS ENI 005 and associated documents will provide better insight into network operations - allowing more effective closed-loop decision making plus better lifecycle management. Through its use, operators will be able to leverage acquired data and apply artificial Intelligence (AI) algorithms to it. This will mean that they can respond much quicker to changing situations and gain far greater agility. The services being delivered across their networks may thereby be rapidly adapted and the resources they have available correctly assigned in accordance with subscribers’ requirements, or any other alterations in circumstances (either operationally or commercially driven).

Read More...

ETSI Advanced Mobile Location standard now permits European smartphones to send caller location in emergency calls

Sophia Antipolis, 22 March 2022

Since 17 March all smartphones sold in Europe are required to comply with Advanced Mobile Location for emergency communications. AML was standardized in ETSI TS 103 625 by the ETSI technical committee on emergency communications (EMTEL) in December 2019. It is already helping emergency services dispatch the needed resources efficiently in Europe and worldwide.

Read More...

ETSI publishes a new white paper on Fixed 5^th generation advanced

Sophia Antipolis, 22 September 2022

Members from the ETSI Fixed 5^th generation (F5G) group have just published a new white paper “F5G advanced and beyond”. This white paper describes the drivers, dimensions, and technologies of the F5G advanced and beyond.

Nine key applications or industry trends are identified as key drivers for F5G Advanced. These can be grouped into two categories: those that are oriented towards services and applications, and those that are directed towards network transformation. Ultra-high-definition immersive experience services could put many new requirements on the network. Enterprises will continue their digitization and cloudification, and this is a huge opportunity for fixed networks.

Read More...

ETSI’s Activities in Artificial Intelligence: Read our New White Paper

Sophia Antipolis, 21 December 2022

ETSI has a long history of developing standards in the field of artificial intelligence (AI) and systems that use and support AI. Today ETSI is pleased to release a new White Paper developed by a variety of members and experts. They include companies from telecom and network communication sectors, from large and small and medium enterprises, based either in Europe, Asia or America.

This White Paper entitled ETSI Activities in the field of Artificial Intelligence supports all stakeholders and summarizes ongoing effort in ETSI and planned future activities. It also includes an analysis on how ETSI deliverables may support current policy initiatives in the field of artificial intelligence.  A section of the document outlines ETSI activities of relevance to address Societal Challenges in AI while another addresses the involvement of the European Research Community.

Read More...

Sophia Antipolis, 22 February 2023

During the 17th meeting of ETSI’s Securing AI Industry Specification Group, Scott Cadzow from Cadzow Communications, was elected as the new Chair.

His vision is to confirm ISG SAI as the European Union’s and Standards Development Organizations’ centre of excellence in the topic of securing Artificial Intelligence and Machine Learning.

AI is, or is likely to become, endemic. All reasonably complex software will eventually include AI elements and he is convinced that ETSI is well placed to become thought leader on the role of AI and, particularly, the role of standards for AI, addressing the challenges to standardization of the forthcoming AI Act.

Read More...

Sophia Antipolis, 30 May 2023

ETSI is pleased to publish its new White Paper on “Evolving NFV towards the next decade” written by delegates of the ETSI Industry Specification Group on Network Function Virtualization (ISG NFV).

Read More...

Sophia Antipolis, 8 October 2024

ETSI announces the completion of its Release 3 specifications on Fifth Generation Advanced Fixed Network (F5G-A). Building on the achievements of the Release 1 and Release 2, the ETSI ISG F5G has specified a series of new features and capabilities, further elevating fixed fiber networks to a new level:

• Specification of F5G Advanced
  ETSI ISG F5G unveiled the "F5G Advanced Generation Definition", which not only further enhances existing three foundational features of F5G-Enhanced Fixed Broadband (eFBB), Full Fiber Connectivity (FFC), and Guaranteed Reliable Experience (GRE), but also introduces three new key features: Real-time Resilient Link (RRL), Optical Sensing and Visualization (OSV), and Green Agile Optical network (GAO).

Read More...

Starts: Wed, 13 Nov 2024 20:00:00 -0500
11/13/2024 06:00:00PM
Location: New York, U. S. A.

Starts: Thu, 14 Nov 2024 22:00:00 -0500
11/14/2024 07:30:00PM
Location: PARIS, Canada

Starts: Mon, 25 Nov 2024 19:00:00 -0500
11/25/2024 05:30:00PM
Location: Montréal, Canada

New essay by Glenda Gilmore just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by William L. Andrews just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay, "Jazz and the African American Literary Tradition," by Gerald Early, Merle Kling Professor of Modern Letters at Washington University in St. Louis, added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

This document is only available in PDF format.

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

1. Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting is amended by this Instrument.

The Securities Advisory Committee (“SAC”) is a committee of industry experts established by the Commission to advise it and its staff on a variety of matters including policy initiatives and capital markets trends.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as Manager of Administration & Corporate Services for a one-year, renewable appointment in the Finance and Administration Division. The Manager of Administration & Corporate Services AFR is responsible for the overall coordination of administrative matters between IFPRI's headquarters in Washington DC and the IFPRI regional and country/project offices in Africa. The position provides management and operational support to IFPRI regional and country/project offices in Africa including related administrative aspects of current and new corporate partnerships in Africa. This position is based in Dakar, Senegal.  Essential Duties: Specific Duties include but are not limited to: Lead finance and administration functions of the Dakar office, providing operational support and oversight of day-to-day office activities.  Provide management support and oversight of the financial and administrative operations of IFPRI Regional and country/project offices in Africa, including functions such as budgeting, contracts and grants, human resources, facilities and IT management. Work closely with key administrative departments at IFPRI headquarters for accounting, human resources, computer services and facilities/office services, in the development of and roll-out of IFPRI-wide policy and procedure changes, providing guidance and training as needed to regional and country offices to ensure that the quality of operational support meets IFPRI operations standards. Regular analysis of operations capacity of IFPRI offices in Africa, identifying and making recommendations regarding opportunities for improvement in IFPRI’s administrative operations and processes, and undertaking new initiatives as agreed. Build strong relationships with Country Office Heads and Country Administrative and Finance Managers, providing advice, guidance, and support in all areas of operations and ensuring compliance with IFPRI policies and procedures. Financial reporting oversight for IFPRI regional and country offices in Africa, and supervision and management of the Hub Finance and Administration unit team, ensuring compliance with IFPRI and donor standards, policies and procedures and processes. Participation in the formulation of annual budgets and capital plans for IFPRI offices in Africa. Provide management oversight to ensure that proper financial controls are in place and processes are compliant with correct accounting procedures, providing strategic direction in developing options for addressing any weaknesses. Monitor projects in African locations on an as required basis. Facilitate decision-making on human resource (HR) matters relating to IFPRI offices in Africa (policies and procedures, labor law compliance, staffing, recruitment, conflict resolution, etc.) Work to build the capacity of finance, administrative staff members throughout IFPRI offices in Africa through regular training sessions and mentoring support. Contribute to the internal and external audit preparations for IFPRI offices in Africa and provide support on the implementation of audit recommendations and actions. Required Qualifications: Bachelor’s degree plus twelve years of relevant professional experience or Master’s degree plus ten years of relevant experience.  Minimum of four years management experience. Excellent verbal, written and interpersonal skills. Strong customer service skills. Ability to work effectively with all levels of organizations, including regional partners and donors. Ability to work autonomously, yet keep others informed. Ability to work in a multicultural setting. Excellent attention to details. Fluency in French is highly preferred.  ​Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch Employee will lift between 0-10 pounds Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary : The Director General’s Office (DGO) of the International Food Policy Research Institute (IFPRI) seeks an Administrative Coordinator (AC) for one-year, non-exempt, renewable appointment. The Executive Assistant to Director General will be responsible for the AC’s work plan and performance evaluation, subject to the approval of the Director General. This position is based at IFPRI headquarters in Washington, D.C. Essential Duties The AC’s main duties and responsibilities include (a) providing administrative support to the Executive Assistant and other DGO staff (as needed), and (b) coordinating logistics for the following: Travel arrangement:  Travel planner form, visa applications, request for itineraries, issuance of air and/or train tickets, cash advances/honoraria, and preparation of travel expense reports.    Meetings:  Coordinate arrangements for organizing special events, including lunches, meetings and conferences.  This function will include room reservation, organizing meeting materials, presentation requirements, setting up teleconference and virtual calls, and catering. Visitors:  Coordinating visits of high-level guests to IFPRI such as who else from staff will join the meeting, ordering of food for breakfast or lunch as necessary, office/hotel reservation, pick-up and return of office keys, computer connections, assigned office name tag/labeling, and arrangement for brown bag/seminar/presentation. DG’s contact database:  Ensure that the database is current through regular maintenance/updating and accurate data entry of business cards from the DG’s travels. Office supplies:  Maintain adequate supply of commonly used/requested items for the division’s use. Service Center assistance, which includes but not limited to the following: Photocopying/printing/scanning Letters/mails - for fax, pick-up and distribution, maintain an updated pigeonhole assignment for DGO staff. Orderliness and adequate supplies are available for printers, photo-copying machine and coffee service. Files:  Create and maintain a complete, updated and functional filing system for DGO records and perform periodic filing of DG documents and archiving. Other duties and responsibilities that may be required from time to time. It is expected that the AC will: Handle multiple tasks and prioritizes work with minimal supervision. Pay attention to detail and follows through to closure. Be able to work in a fast-paced, multicultural environment, and follow established procedures. Perform other duties/assignments as necessary. Required Qualifications : Bachelor’s degree or associate’s degree plus three years of administrative work experience, or high school diploma plus four years of relevant experience. Excellent oral and written English language skills. Solid composition, grammar and proofreading skills with the ability to compose correspondence. Demonstrated experience handling confidential matters. Demonstrated expertise with financial information. Demonstrated proficiency with computers:  Experience with MS Office, especially Microsoft Word, Outlook, Excel and PowerPoint required. Excellent typing skills required; 50-65 wpm preferred. Demonstrated ability to work productively within a multi-cultural team environment. Ability to handle multiple tasks and prioritize work responsibly with minimal supervision. Demonstrated ability to pay attention to detail and follow-through to closure. Demonstrated experience working in a fast-paced work environment.   Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range : The expected salary range for this job requisition is between $23.37 - $28.65/hour. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week.   IFPRI Washington D.C. has a hybrid work environment that allows staff members a minimum of two days (preference for 3 days) in-office work and the remaining two to three days remote work. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.  

Job Summary: The Market, Trade, and Institutions Unit of the International Food Policy Research Institute (IFPRI) seeks an Administrative Coordinator I to provide administrative support. This is a one-year, non-exempt, renewable appointment and is located at IFPRI’s Headquarters in Washington, D.C.     Essential Duties: Specific duties and responsibilities include but are not limited to: Document Support : Edit and/or transcribe reports, manuscripts, and other documents as needed, for the unit staff. Project Logistical Coordination : Draft and monitor contracts for collaborators and services. Accounting Support : Prepare travel and field expense reports.  File & monitor project budgets, collaborator and donor-approved budget expenditures, and sub-contracts. Travel arrangement:  Prepare hotel and travel requests for staff and visitors, assist in coordinating visa applications, request for itineraries, and issuance of air and/or train tickets, cash advances/honoraria, and preparation of travel expense reports.   Coordinate with Travel Office & Accounting for processing travel requests. Meetings : Coordinate arrangements for organizing special events, including lunches, meetings, conferences, and other training events.  This function will include room reservation, organizing meeting materials, presentation requirements, setting up teleconferences, catering, and taking/taping and/or transcribing minutes of meetings, as needed. Appointment schedule & Visitors’ Support : Manage appointment scheduling for Research fellows as requested and provide logistical support for visitors, to include office/hotel reservation, pick-up, and return of office keys, computer connections, assigned office name tag/labeling, and arrangement for brown bag/seminar/presentation. Contact Data Base Support : Maintain various administrative/unit database including Collaborator & Project main list, staff contact/emergency file, and other master files. Outposted Staff Administrative Support :   Provide administrative support to outposted staff, as applicable. Mail Support :   If requested, manage incoming & outgoing mail and monitor equipment inventory.  Perform other duties as assigned.   Required Qualifications: Bachelor's degree; or Associate's degree plus three years of relevant experience; or high school diploma plus four years of relevant experience. Excellent oral and written English language skills. Solid composition, grammar and proofreading skills with the ability to compose correspondence. Demonstrated experience handling confidential matters. Demonstrated expertise with financial information. Familiarity with monitoring/managing project budgets and contracts. Demonstrated proficiency with computers:  Experience with MS Office, especially Microsoft Word, Outlook, Excel and PowerPoint required.  Excellent typing skills required; 50-65 wpm preferred. Demonstrated ability to work productively within a multi-cultural team environment. Ability to handle multiple tasks and prioritize work responsibly with minimal supervision. Demonstrated ability to pay attention to detail and follow-through to closure. Demonstrated experience working in a fast-paced work environment. Preferred Qualifications: Proficiency in a second language of the U.N. system Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range : The expected salary range for this job requisition is between $23.37 - $28.65/hour. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. IFPRI Washington D.C. has a hybrid work environment that allows staff members a minimum of two days (preference for 3 days) in-office work and the remaining two to three days remote work. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity

Job Summary: The International Food Policy Research Institute (IFPRI), an international non-profit, research organization with over 600+ employees worldwide, seeks a Director of Finance and Administration to oversee the institute’s annual budget of USD 100+ million and lead the finance and administration services across the institute including Finance, IT Services, Travel and Facilities. The Director of Finance and Administration is a member of the Senior Management Team and reports to the Director General. The ideal candidate should be an excellent leader, people person, strategic communicator and relationship builder who can thrive in a complex, fast-changing environment. This is a three-year, full-time, exempt, renewable appointment and involves international travel, particularly to developing countries. This position could be based at IFPRI’s headquarters located in Washington, DC (preferred), Nairobi, Kenya or New Delhi, India. Essential Duties: Specific duties include but are not limited to: Provides information and advice to the IFPRI’s Board and senior management to ensure that the financial and physical resources of the institute are managed optimally and sustainably. Ensures that an effective framework is in place for informed decision making including the appropriate financial and risk management strategies, internal and external audits, compliance policies, corporate financial planning and reporting. Oversees the preparation and timely distribution of the Institute’s annual budget, long-term forecasts, including base case and downside scenario planning, and regular financial and management reports in accordance with internal, external and statutory obligations Directly supervises the senior corporate services managers (Finance, IT Services, Facilities, and Travel). Leads, manages and supports all managers in carrying out their duties by providing them with information, advice, general support and capacity building as needed. Monitors budget and expense trends; recommends and implements corrective actions as required. Reviews financial policies, procedure and practices; recommends improvements to financial processes and controls. Develops and implements systems that ensure the smooth operations of central administration. Work closely with the CGIAR Corporate Service Heads and at the One CGIAR System Office. Oversees all space and lease functions. Primarily responsible for IFPRI’s risk management system including oversight of IFPRI’s operations in Africa and Asia. Ensures that Finance and Corporate Service units in all IFPRI locations are appropriately staffed, well led and managed for performance. Ensure continuous improvement in the service delivery from these units. Required Qualifications: CPA/MBA or equivalent; minimum of fifteen years of relevant experience at the senior management level. Demonstrated leadership, management, and supervisory skills including the ability to recommend or make decisions, including difficult ones, in a complex, changing environment. Excellent planning and organizational skills, as well as attention to detail. Broad knowledge of finance and corporate service functions. Senior level experience in contract administration. Managerial experience in a non-profit, research, and/or international organization. Excellent written and verbal English communication skills.  Demonstrated ability to work in multi-cultural settings and to build productive relationships with diverse internal and external stakeholders. Willingness and ability to travel internationally, particularly to developing countries (15-20%). Essential personal qualities: integrity, responsiveness and decisiveness. Preferred Qualifications: Knowledge of or experience with the CGIAR Understanding of US GAAP AND IFRS Experience in donor relations Proficiency in a second language of the U.N. system Physical Demand and Work Environment: Employee will sit in an upright position for a long period of time.  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary ranges for this job requisition are between $ 188,900 - $231,400.  In determining your salary, we will consider your experience and other job-related factors. Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a Finance & Administrative Coordinator for its Development Strategies and Governance Unit (DSG). This is a one-year, renewable appointment and is located at IFPRI’s South Asia Office in India. This position will work within the DSG department in providing support with travel organization, contract drafting & monitoring, revision of deliverables, financial reports, and invoices; workshops, edit narratives; close contracts and projects. Interested applicants must have work authorization to work in India. Essential Duties and Responsibilities Project Logistical Coordination : Provide logistical coordination for project activities, to include drafting and monitoring of project subcontracts, for complex Divisional projects. Monitor deadlines and coordinate the receipt of collaborator deliverables and submission of donor deliverables as requested. Accounting Support : Prepare travel and field expense reports.  File & monitor project budgets, collaborator and donor-approved budget expenditures, and sub-contracts. Submit and monitor collaborator invoices upon submission/approval of deliverables. Monitor weekly unit payments and submit updates to vendors and/or PM/PL/ project coordinators. Follow-up and process invoices from centers that host Group staff.   Assist, as needed, on provision of monthly General Ledgers (GLs)/Project Summary Report (PSRs) to PM/PLs.  Submit/correct project-related expense adjustments (as needed) Contact Data Base Support:   Maintain various administrative/unit database including Collaborator & Project main list, staff contact/emergency file, and other master files. Monitor SAC calendar to identify: Project end-dates and eventual closeout. Provide project budget burn rates to projects leaders upon request. Electronic filing of documents. Closeout collaborator and sub-contractor contracts after detailed verification that all deliverables have been received and all funds have been disbursed, filling in the checklist, obtaining the Project Leader signature, and importing the Close Out Form onto D4D. Timely preparation of periodic financial reports and invoices for a range of donors. Monitor billed and unbilled receivables for delinquent payments and billable cost. Data Entry in Tally and Finalization of accounts books as per Indian Accounting standards. Review monthly project status reports. Address internal and external inquiries regarding project financial matters. Assist with annual statutory audit. Other duties as assigned. Required Qualifications: Bachelor’s degree in accounting/finance plus two years of relevant experience or associate’s degree plus five years of relevant experience. Preference would be given to Intermediate/pursuing CA/CS/CWA. Knowledge of Tally is preferable. Demonstrated proficiency with computers: experience with MS Office, especially Microsoft Word, Outlook, Excel, and PowerPoint required. Strong analytical skills. Demonstrated ability to work productively within a multi-cultural team environment. Excellent oral and written communications skills. Demonstrated ability to pay diligence and follow-through to closure. Demonstrated experience working in a fast-paced work environment. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activity such as: preparing and analyzing data and figures; viewing computer terminal; extensive reading. 

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.

Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.

While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:

The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource

The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.

Tenable offers fastest, broadest coverage of CISA’s KEV catalog

At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.

Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.

FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure

The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.

How Tenable’s library of compliance audits can help with Enhanced Logging

Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.

FY 2024 NOFO continues to require applicants to address program objectives in their applications

As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:

• Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

How Tenable can help agencies meet Objective 2 of the program

Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).

Source: Tenable, October 2024

Tenable One deployment options offer flexibility for SLT agencies

Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:

• Centralized risk-based vulnerability program managed by a state Department of Information Technology (DoIT)
• Multi-entity projects
• Decentralized deployments of Tenable One managed by individual municipalities,
• Managed Security Service Provider (MSSP) models that allow agencies to rapidly adopt solutions by utilizing Tenable’s Technology Partner network.

Whole-of-state approach enables state-wide collaboration and cooperation

A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.

FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices

As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.

How Tenable One can help agencies meet the CISA CPGs

The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.

Learn more

• $1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
• Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
• How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives
• New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA's CPGs
• Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

1. 4Critical
2. 82Important
3. 1Moderate
4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

• .NET and Visual Studio
• Airlift.microsoft.com
• Azure CycleCloud
• Azure Database for PostgreSQL
• LightGBM
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft PC Manager
• Microsoft Virtual Hard Drive
• Microsoft Windows DNS
• Role: Windows Hyper-V
• SQL Server
• TorchGeo
• Visual Studio
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows CSC Service
• Windows DWM Core Library
• Windows Defender Application Control (WDAC)
• Windows Kerberos
• Windows Kernel
• Windows NT OS Kernel
• Windows NTLM
• Windows Package Library Manager
• Windows Registry
• Windows SMB
• Windows SMBv3 Client/Server
• Windows Secure Kernel Mode
• Windows Task Scheduler
• Windows Telephony Service
• Windows USB Video Driver
• Windows Update Stack
• Windows VMSwitch
• Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's November 2024 Security Updates
• Tenable plugins for Microsoft November 2024 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

TORONTO – The Ontario Securities Commission (OSC) today released a new report that studied the impact of gamification on investors.

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

Toronto ─ On October 21, the Canadian Securities Administrators (CSA), the Canadian Public Accountability Board (CPAB), and the Office of the Superintendent of Financial Institutions (OSFI) co-hosted the sixth annual Canadian Audit Quality Roundtable.

TORONTO – Participating Canadian securities regulators today published the results of their 10th consecutive annual review of disclosures relating to women on boards and in executive officer positions, as well as the underlying data that was used to prepare the report.

TORONTO – The Canadian Securities Administrators (CSA) today published

TORONTO - The Canadian Securities Administrators (CSA) today published its biennial

SAINT JOHN, NB - In recognition of Financial Literacy Month’s theme “Money on your Mind?

Here is a Storify round up of the SpotOn London session: Tackling the terabyte: how should

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher

"When 18-year-old Klaus gets himself kicked out of the Umbrella Academy and his allowance discontinued, he heads to a place where his ghoulish talents will be appreciated— Hollywood. But after a magical high on a stash stolen from a vampire drug lord, Klaus needs help, and doesn't have his siblings there to save him." -- Provided by publisher.

"When Kristen Radtke was in her twenties, she learned that, as her father was growing up, he would crawl onto his roof in rural Wisconsin and send signals out on his ham radio. Those CQ calls were his attempt to reach somebody— anybody— who would respond. In Seek You, Radtke uses this image as her jumping off point into a piercing exploration of loneliness and the ways in which we attempt to feel closer to one another. She looks at the very real current crisis of loneliness through the lenses of gender, violence, technology, and art. Ranging from the invention of the laugh-track to Instagram to Harry Harlow's experiments in which infant monkeys were given inanimate surrogate mothers, Radtke uncovers all she can about how we engage with friends, family, and strangers alike, and what happens— to us and to them— when we disengage. With her distinctive, emotionally charged drawings and unflinchingly sharp prose, Kristen Radtke masterfully reframes some of our most vulnerable and sublime moments." -- Provided by publisher.

"A deadly typhoon, a mysterious creature and a girl who won't quit. In 2020, a large creature rampages through Tokyo, destroying everything in its path. In 1959, Asa Asada, a spunky young girl from a huge family in Nagoya, is kidnapped for ransom— and not a soul notices. When a typhoon hits Nagoya, Asa and her kidnapper must work together to survive. But there's more to her kidnapper and this storm than meets the eye. When Asa's mother goes into labor yet again, Asa runs off to find a doctor. But no one bats an eye when she doesn't return— not even as a storm approaches Nagoya. Forgotten yet again, Asa runs into a burglar and tries to stop him on her own, a decision that leads to an unlikely alliance." -- Provided by publisher.