Sophia Antipolis, 11 June 2024

ETSI, the Standards People, are putting high emphasis on enhancing education to help prepare the next generation of standards professionals master tech standardization.

The European standardization organization provides a comprehensive set of high-quality educational materials on ICT standardization aimed at universities, NSOs and member organizations for training purposes. This comprises a textbook on ‘Understanding ICT Standardization’ which is complemented by a modular slide set allowing components to be used in a range of engineering, business, and law courses.

ETSI is pleased to announce a new collaboration with the Utrecht University Summer School on ‘Global Power and Technology’ covering ‘Competition, Innovation & Technological Advancement through Standardization in the EU’, taking place on 15-19 July 2024 in the Netherlands.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Sophia Antipolis, 30 September 2024

Direct communications between vehicles, pedestrians and infrastructure based on 3GPP and ETSI TC ITS standards have been tested during the 4th C-V2X Plugtests™ interoperability event in Malaga, Spain, hosted by DEKRA (September 10- 13, 2024).

In partnership with 5GAA, this Cellular Vehicle-to-Everything (C-V2X) and ITS technologies event attracted the participation of 24 companies and 82 experts – both onsite and via remote connections – with 94% of the planned tests, based on over 60 test scenarios, successfully completed.

Read More...

Starts: Fri, 22 Nov 2024 19:00:00 -0500
11/22/2024 05:00:00PM
Location: Montreal, Canada

Starts: Sat, 30 Nov 2024 20:00:00 -0500
11/30/2024 05:00:00PM
Location: Lac-Brome (Knowlton), Canada

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

Starts: Sat, 30 Nov 2024 19:00:00 -0500
<div>Join us for a magical evening of holiday cheer at the <b>McGill Alumni Association of Calgary</b>'s <b>Holiday Soirée</b>!</div><div><br /></div><div>Immerse yourself in the historic ambiance of Lougheed House as we celebrate the season with festive decorations, delightful canapés, and a cash bar.&nbsp;</div><div><br /></div><div>This is your chance to dress up, socialize, make new friends, and reconnect with old ones-all while enjoying a fun evening with our community. <br /><br /></div><div><i>Get ready to be enchanted by the spirit of the holidays! <br /></i></div>
Location: Calgary, Canada

Teaching about Native American religion is a challenging task to tackle with students at any level.

The Puritans were a varied group of religious reformers who emerged within the Church of England during the middle of the sixteenth century.

New essay by Joel E. Cohen just added to Nature Transformed: The Environment in American History, TeacherServe from the National Humanities Center.

New essay by William L. Andrews just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by Lucinda MacKethan just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by Trudier Harris, "The Image of Africa in the Literature of the Harlem Renaissance," added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

New essay by Steven F. Lawson, "Segregation," added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

National Instrument 93-101 Derivatives: Business Conduct (the Rule) will come into force on September 28, 2024 (the Effective Date), pursuant to section 143.4 of the Securities Act (Ontario).

This document is only available as a PDF.

This document is only available as a PDF.

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

1. Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting is amended by this Instrument.

This document is only available in PDF format.

This document is only available as a PDF.

This document is only available as a PDF.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as Manager of Administration & Corporate Services for a one-year, renewable appointment in the Finance and Administration Division. The Manager of Administration & Corporate Services AFR is responsible for the overall coordination of administrative matters between IFPRI's headquarters in Washington DC and the IFPRI regional and country/project offices in Africa. The position provides management and operational support to IFPRI regional and country/project offices in Africa including related administrative aspects of current and new corporate partnerships in Africa. This position is based in Dakar, Senegal.  Essential Duties: Specific Duties include but are not limited to: Lead finance and administration functions of the Dakar office, providing operational support and oversight of day-to-day office activities.  Provide management support and oversight of the financial and administrative operations of IFPRI Regional and country/project offices in Africa, including functions such as budgeting, contracts and grants, human resources, facilities and IT management. Work closely with key administrative departments at IFPRI headquarters for accounting, human resources, computer services and facilities/office services, in the development of and roll-out of IFPRI-wide policy and procedure changes, providing guidance and training as needed to regional and country offices to ensure that the quality of operational support meets IFPRI operations standards. Regular analysis of operations capacity of IFPRI offices in Africa, identifying and making recommendations regarding opportunities for improvement in IFPRI’s administrative operations and processes, and undertaking new initiatives as agreed. Build strong relationships with Country Office Heads and Country Administrative and Finance Managers, providing advice, guidance, and support in all areas of operations and ensuring compliance with IFPRI policies and procedures. Financial reporting oversight for IFPRI regional and country offices in Africa, and supervision and management of the Hub Finance and Administration unit team, ensuring compliance with IFPRI and donor standards, policies and procedures and processes. Participation in the formulation of annual budgets and capital plans for IFPRI offices in Africa. Provide management oversight to ensure that proper financial controls are in place and processes are compliant with correct accounting procedures, providing strategic direction in developing options for addressing any weaknesses. Monitor projects in African locations on an as required basis. Facilitate decision-making on human resource (HR) matters relating to IFPRI offices in Africa (policies and procedures, labor law compliance, staffing, recruitment, conflict resolution, etc.) Work to build the capacity of finance, administrative staff members throughout IFPRI offices in Africa through regular training sessions and mentoring support. Contribute to the internal and external audit preparations for IFPRI offices in Africa and provide support on the implementation of audit recommendations and actions. Required Qualifications: Bachelor’s degree plus twelve years of relevant professional experience or Master’s degree plus ten years of relevant experience.  Minimum of four years management experience. Excellent verbal, written and interpersonal skills. Strong customer service skills. Ability to work effectively with all levels of organizations, including regional partners and donors. Ability to work autonomously, yet keep others informed. Ability to work in a multicultural setting. Excellent attention to details. Fluency in French is highly preferred.  ​Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch Employee will lift between 0-10 pounds Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary : The Director General’s Office (DGO) of the International Food Policy Research Institute (IFPRI) seeks an Administrative Coordinator (AC) for one-year, non-exempt, renewable appointment. The Executive Assistant to Director General will be responsible for the AC’s work plan and performance evaluation, subject to the approval of the Director General. This position is based at IFPRI headquarters in Washington, D.C. Essential Duties The AC’s main duties and responsibilities include (a) providing administrative support to the Executive Assistant and other DGO staff (as needed), and (b) coordinating logistics for the following: Travel arrangement:  Travel planner form, visa applications, request for itineraries, issuance of air and/or train tickets, cash advances/honoraria, and preparation of travel expense reports.    Meetings:  Coordinate arrangements for organizing special events, including lunches, meetings and conferences.  This function will include room reservation, organizing meeting materials, presentation requirements, setting up teleconference and virtual calls, and catering. Visitors:  Coordinating visits of high-level guests to IFPRI such as who else from staff will join the meeting, ordering of food for breakfast or lunch as necessary, office/hotel reservation, pick-up and return of office keys, computer connections, assigned office name tag/labeling, and arrangement for brown bag/seminar/presentation. DG’s contact database:  Ensure that the database is current through regular maintenance/updating and accurate data entry of business cards from the DG’s travels. Office supplies:  Maintain adequate supply of commonly used/requested items for the division’s use. Service Center assistance, which includes but not limited to the following: Photocopying/printing/scanning Letters/mails - for fax, pick-up and distribution, maintain an updated pigeonhole assignment for DGO staff. Orderliness and adequate supplies are available for printers, photo-copying machine and coffee service. Files:  Create and maintain a complete, updated and functional filing system for DGO records and perform periodic filing of DG documents and archiving. Other duties and responsibilities that may be required from time to time. It is expected that the AC will: Handle multiple tasks and prioritizes work with minimal supervision. Pay attention to detail and follows through to closure. Be able to work in a fast-paced, multicultural environment, and follow established procedures. Perform other duties/assignments as necessary. Required Qualifications : Bachelor’s degree or associate’s degree plus three years of administrative work experience, or high school diploma plus four years of relevant experience. Excellent oral and written English language skills. Solid composition, grammar and proofreading skills with the ability to compose correspondence. Demonstrated experience handling confidential matters. Demonstrated expertise with financial information. Demonstrated proficiency with computers:  Experience with MS Office, especially Microsoft Word, Outlook, Excel and PowerPoint required. Excellent typing skills required; 50-65 wpm preferred. Demonstrated ability to work productively within a multi-cultural team environment. Ability to handle multiple tasks and prioritize work responsibly with minimal supervision. Demonstrated ability to pay attention to detail and follow-through to closure. Demonstrated experience working in a fast-paced work environment.   Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range : The expected salary range for this job requisition is between $23.37 - $28.65/hour. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week.   IFPRI Washington D.C. has a hybrid work environment that allows staff members a minimum of two days (preference for 3 days) in-office work and the remaining two to three days remote work. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.  

Job Summary: The Market, Trade, and Institutions Unit of the International Food Policy Research Institute (IFPRI) seeks an Administrative Coordinator I to provide administrative support. This is a one-year, non-exempt, renewable appointment and is located at IFPRI’s Headquarters in Washington, D.C.     Essential Duties: Specific duties and responsibilities include but are not limited to: Document Support : Edit and/or transcribe reports, manuscripts, and other documents as needed, for the unit staff. Project Logistical Coordination : Draft and monitor contracts for collaborators and services. Accounting Support : Prepare travel and field expense reports.  File & monitor project budgets, collaborator and donor-approved budget expenditures, and sub-contracts. Travel arrangement:  Prepare hotel and travel requests for staff and visitors, assist in coordinating visa applications, request for itineraries, and issuance of air and/or train tickets, cash advances/honoraria, and preparation of travel expense reports.   Coordinate with Travel Office & Accounting for processing travel requests. Meetings : Coordinate arrangements for organizing special events, including lunches, meetings, conferences, and other training events.  This function will include room reservation, organizing meeting materials, presentation requirements, setting up teleconferences, catering, and taking/taping and/or transcribing minutes of meetings, as needed. Appointment schedule & Visitors’ Support : Manage appointment scheduling for Research fellows as requested and provide logistical support for visitors, to include office/hotel reservation, pick-up, and return of office keys, computer connections, assigned office name tag/labeling, and arrangement for brown bag/seminar/presentation. Contact Data Base Support : Maintain various administrative/unit database including Collaborator & Project main list, staff contact/emergency file, and other master files. Outposted Staff Administrative Support :   Provide administrative support to outposted staff, as applicable. Mail Support :   If requested, manage incoming & outgoing mail and monitor equipment inventory.  Perform other duties as assigned.   Required Qualifications: Bachelor's degree; or Associate's degree plus three years of relevant experience; or high school diploma plus four years of relevant experience. Excellent oral and written English language skills. Solid composition, grammar and proofreading skills with the ability to compose correspondence. Demonstrated experience handling confidential matters. Demonstrated expertise with financial information. Familiarity with monitoring/managing project budgets and contracts. Demonstrated proficiency with computers:  Experience with MS Office, especially Microsoft Word, Outlook, Excel and PowerPoint required.  Excellent typing skills required; 50-65 wpm preferred. Demonstrated ability to work productively within a multi-cultural team environment. Ability to handle multiple tasks and prioritize work responsibly with minimal supervision. Demonstrated ability to pay attention to detail and follow-through to closure. Demonstrated experience working in a fast-paced work environment. Preferred Qualifications: Proficiency in a second language of the U.N. system Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range : The expected salary range for this job requisition is between $23.37 - $28.65/hour. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. IFPRI Washington D.C. has a hybrid work environment that allows staff members a minimum of two days (preference for 3 days) in-office work and the remaining two to three days remote work. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity

Job Summary: The International Food Policy Research Institute (IFPRI), an international non-profit, research organization with over 600+ employees worldwide, seeks a Director of Finance and Administration to oversee the institute’s annual budget of USD 100+ million and lead the finance and administration services across the institute including Finance, IT Services, Travel and Facilities. The Director of Finance and Administration is a member of the Senior Management Team and reports to the Director General. The ideal candidate should be an excellent leader, people person, strategic communicator and relationship builder who can thrive in a complex, fast-changing environment. This is a three-year, full-time, exempt, renewable appointment and involves international travel, particularly to developing countries. This position could be based at IFPRI’s headquarters located in Washington, DC (preferred), Nairobi, Kenya or New Delhi, India. Essential Duties: Specific duties include but are not limited to: Provides information and advice to the IFPRI’s Board and senior management to ensure that the financial and physical resources of the institute are managed optimally and sustainably. Ensures that an effective framework is in place for informed decision making including the appropriate financial and risk management strategies, internal and external audits, compliance policies, corporate financial planning and reporting. Oversees the preparation and timely distribution of the Institute’s annual budget, long-term forecasts, including base case and downside scenario planning, and regular financial and management reports in accordance with internal, external and statutory obligations Directly supervises the senior corporate services managers (Finance, IT Services, Facilities, and Travel). Leads, manages and supports all managers in carrying out their duties by providing them with information, advice, general support and capacity building as needed. Monitors budget and expense trends; recommends and implements corrective actions as required. Reviews financial policies, procedure and practices; recommends improvements to financial processes and controls. Develops and implements systems that ensure the smooth operations of central administration. Work closely with the CGIAR Corporate Service Heads and at the One CGIAR System Office. Oversees all space and lease functions. Primarily responsible for IFPRI’s risk management system including oversight of IFPRI’s operations in Africa and Asia. Ensures that Finance and Corporate Service units in all IFPRI locations are appropriately staffed, well led and managed for performance. Ensure continuous improvement in the service delivery from these units. Required Qualifications: CPA/MBA or equivalent; minimum of fifteen years of relevant experience at the senior management level. Demonstrated leadership, management, and supervisory skills including the ability to recommend or make decisions, including difficult ones, in a complex, changing environment. Excellent planning and organizational skills, as well as attention to detail. Broad knowledge of finance and corporate service functions. Senior level experience in contract administration. Managerial experience in a non-profit, research, and/or international organization. Excellent written and verbal English communication skills.  Demonstrated ability to work in multi-cultural settings and to build productive relationships with diverse internal and external stakeholders. Willingness and ability to travel internationally, particularly to developing countries (15-20%). Essential personal qualities: integrity, responsiveness and decisiveness. Preferred Qualifications: Knowledge of or experience with the CGIAR Understanding of US GAAP AND IFRS Experience in donor relations Proficiency in a second language of the U.N. system Physical Demand and Work Environment: Employee will sit in an upright position for a long period of time.  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary ranges for this job requisition are between $ 188,900 - $231,400.  In determining your salary, we will consider your experience and other job-related factors. Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a Finance & Administrative Coordinator for its Development Strategies and Governance Unit (DSG). This is a one-year, renewable appointment and is located at IFPRI’s South Asia Office in India. This position will work within the DSG department in providing support with travel organization, contract drafting & monitoring, revision of deliverables, financial reports, and invoices; workshops, edit narratives; close contracts and projects. Interested applicants must have work authorization to work in India. Essential Duties and Responsibilities Project Logistical Coordination : Provide logistical coordination for project activities, to include drafting and monitoring of project subcontracts, for complex Divisional projects. Monitor deadlines and coordinate the receipt of collaborator deliverables and submission of donor deliverables as requested. Accounting Support : Prepare travel and field expense reports.  File & monitor project budgets, collaborator and donor-approved budget expenditures, and sub-contracts. Submit and monitor collaborator invoices upon submission/approval of deliverables. Monitor weekly unit payments and submit updates to vendors and/or PM/PL/ project coordinators. Follow-up and process invoices from centers that host Group staff.   Assist, as needed, on provision of monthly General Ledgers (GLs)/Project Summary Report (PSRs) to PM/PLs.  Submit/correct project-related expense adjustments (as needed) Contact Data Base Support:   Maintain various administrative/unit database including Collaborator & Project main list, staff contact/emergency file, and other master files. Monitor SAC calendar to identify: Project end-dates and eventual closeout. Provide project budget burn rates to projects leaders upon request. Electronic filing of documents. Closeout collaborator and sub-contractor contracts after detailed verification that all deliverables have been received and all funds have been disbursed, filling in the checklist, obtaining the Project Leader signature, and importing the Close Out Form onto D4D. Timely preparation of periodic financial reports and invoices for a range of donors. Monitor billed and unbilled receivables for delinquent payments and billable cost. Data Entry in Tally and Finalization of accounts books as per Indian Accounting standards. Review monthly project status reports. Address internal and external inquiries regarding project financial matters. Assist with annual statutory audit. Other duties as assigned. Required Qualifications: Bachelor’s degree in accounting/finance plus two years of relevant experience or associate’s degree plus five years of relevant experience. Preference would be given to Intermediate/pursuing CA/CS/CWA. Knowledge of Tally is preferable. Demonstrated proficiency with computers: experience with MS Office, especially Microsoft Word, Outlook, Excel, and PowerPoint required. Strong analytical skills. Demonstrated ability to work productively within a multi-cultural team environment. Excellent oral and written communications skills. Demonstrated ability to pay diligence and follow-through to closure. Demonstrated experience working in a fast-paced work environment. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activity such as: preparing and analyzing data and figures; viewing computer terminal; extensive reading. 

Job Summary The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as an Associate Research Fellow or Research Fellow. This is a two-year, renewable, exempt appointment based at IFPRI’s Washington, DC Office.  The ideal candidate will have demonstrated aptitude with modeling water resources and hydrologic systems at multiple scales, experience in developing and operating modeling suites that link biophysical and economic models, and interest/experience in the analysis of risk and uncertainty. The successful candidate will work on interdisciplinary teams to conduct research, produce high-impact publications and disseminate knowledge that (for example): assists national level policy-making units confront the challenges posed by climate change and water constraints; fosters regional strategies for resilient growth and development in a context of climate change; works with CGIAR partners on research and/or model development, particularly in IWMI; and assists key agri-food system actors in low- and middle-income countries (LMICs) and other constituencies in the formation of investment plans in water resources, including in relation to food and energy. Specific areas of research are expected to be developed in accordance with the intersection of the interests and skills of the successful candidate and the objectives of the Foresight and Policy Modeling Unit. It is anticipated that about 80 percent of the job will be dedicated to applied research, and the remaining 20 percent will be allocated to capacity-building, policy engagement, and outreach activities supporting evidence-based decision-making. Essential Duties  Specific duties include but are not limited to:  ·          Lead development, maintenance, and improvement of IFPRI’s water data and modeling systems compatible with global (IMPACT) and national levels (RIAPA). ·          Contribute to scenario development, modeling and analytics supporting a variety of foresight-related research projects. ·          Lead focused studies on water-related issues relevant for food system transformation globally and in LMICs. ·          Work with other modelers in the Foresight and Policy Modeling unit to maintain and improve water modeling components of established modeling frameworks. ·          Conduct research in the service of the CGIAR’s mission to advance positive transformation of food, land, and water systems. ·          Support efforts to strengthen the capacity of partner organizations and networks to conduct scholarly research and communicate evidence-based policy recommendations. ·          Prepare project reports, research papers, presentations, and peer-reviewed journal articles in collaboration with CGIAR researchers, other collaborators, and partners. ·          Regularly communicate research outputs via policy seminars, policy briefs, and peer-reviewed publications to a broad spectrum of stakeholders, including researchers, academics, policymakers, and government officials. ·          The successful candidate will work with a multi-disciplinary and multi-cultural team of researchers and is expected to engage in a broad range of research projects and activities consistent with the research program of the Foresight and Policy Modeling Unit. Required Qualifications ·          PhD in Water Resources Engineering, Hydrology, or closely related field ·          Significant expertise in using water resources systems and hydrologic models and experience or interest to link these to economic and other simulation models at global, regional and national levels to evaluate policies related to food, land, and water systems. ·          Demonstrated capabilities in quantitative analysis and ability to use spatial data and methods in innovative and policy-relevant ways to examine water resource management issues in the context of climate change and other major drivers. ·          Ability or willingness to work in the GAMS modeling environment and code, other math/statistical programming languages, and GIS. ·          Experience using river basin modeling tools, (e.g. Mike Hydro Basin, WEAP, and Riverware). ·          Strong interpersonal skills and ability to work well both with a team and independently. ·          Ability to work in a dynamic environment, take initiatives to resolve issues and effectively work with minimal supervision. ·          Excellent written and verbal communication skills in English. ·          Willingness to travel extensively (including internationally) as required. Preferred Qualifications ·          Ability to work in Python. ·          Relevant research experience as applied to LMIC country contexts in Africa, Asia, and/or Latin America. ·          Demonstrated ability to produce high-quality written reports, oral presentations, blog posts, and/or other forms of written and oral communications associated with scholarly research outputs. Additional requirements at the Research Fellow level ·          At least 3 years of post-PhD experience relevant to the job and demonstrated fundraising experience. ·          Strong publication record in peer-reviewed journals. ·          Major external recognition within professional peer network based on publications and other leadership activities. ·          Demonstrated leadership skills and successful experience building and managing teams. Physical Demand & Work environment ·          Employee will sit in an upright position for a long period of time ·          Employee will lift between 0-10 pounds. ·          Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range :  The expected salary range for this job requisition is between $85,600 - $107,000. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.    

Job Summary: The Director General’s Office (DGO) of the International Food Policy Research Institute (IFPRI) seeks a highly motivated Proposal Coordinator   to join its team. The ideal candidate will be innovative, self-motivated and goal-oriented, with experience creating and executing fundraising strategies and developing successful proposals to secure restricted and unrestricted funding from foundations and government and multilateral agencies.  The incumbent will be responsible for supporting senior staff and research leads with strategic resource mobilization, proposal development, and coordination efforts across the institute. This locally recruited position is a one year, renewable appointment and is located at IFPRI’s headquarters in Washington, DC.    Essential Duties: Specific duties include but are not limited to: Fundraising Assist in advising staff on the development and implementation of fundraising strategies Perform competitive intelligence gathering through research and analytics to identify new donors and funding prospects, including private industry, foundations, high-net worth individuals, multilateral agencies, and government Advise staff on strategies for approaching donor prospects and draft outreach & communication materials Manage cultivation and stewardship for select foundations and individual donors   Proposal Development & Coordination Proactively liaise with research units and corporate services to facilitate proposal development efforts, streamline the process, strengthen the output, and track progress and staff input throughout the proposal process Work closely with and support research units from project concept to full proposal development, incorporating input from multi-disciplinary staff Provide high quality review for key proposals to ensure output complies with proposal requirements, and facilitate professional service support (grant writer, editor, etc.), in collaboration with research units and finance Continually assess and propose improvements for practices/procedures/systems involving IFPRI’s proposal pipeline and funder/funding intelligence Other duties: Assist with partnership-related activities and event coordination as needed.     Required Qualifications: Bachelor’s degree plus 10 years of relevant work experience or master’s degree or equivalent certification plus 8 years of experience, preferably 4 years of experience in a business development team supporting international development clients, including USAID and US government contracting. At least 2 years of management experience. Experience developing and/or implementing fundraising strategies for nonprofit organizations, including prospect research; outreach to funding sources; and donor cultivation and stewardship Experience developing successful proposals/grants targeting various funding sources (government, private industry, foundation and individuals), preferably in agriculture, nutrition and/or relevant fields Highly effective and versatile communication skills—both written and oral. Ability to effectively synthesize scientific/programmatic content for multiple audiences High level of professionalism, including the ability to diplomatically coordinate individuals with various disciplines to accomplish common objections Self-motivated, with proven ability to work independently and multi-task to accomplish key goals and complete projects Strong analytical skills Comfortable in a global team, including working well with team members and collaborators located in multiple time zones and countries Willingness and ability to travel as needed   Preferred Qualifications: Master’s degree Proficiency in a second language of the U.N. system International experience, especially in Africa, Asia and Latin America Working knowledge of Microsoft Office and donor databases Background, or interest in, international development   Physical Demand & Work environment: Employee will sit in an upright position for a long period of time Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading   Salary Range: The expected salary range for this job requisition is between $85,600- $104,900. In determining your salary, we will consider your experience and other job-related factors. Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to fill the position of Senior Research Coordinator for a 2-year, exempt appointment. This position will be based at IFPRI’s office in Lilongwe, Malawi. The Senior Research Coordinator will play a leading role in developing and implementing policy research and engagement strategies, as well as capacity strengthening. Essential Duties: Specific duties and responsibilities include but are not limited to: Policy engagement/influence and capacity strengthening ·          Lead efforts of IFPRI to promote evidence-based policy planning and implementation in Malawi, including the promotion of policy dialogue and mutual learning. ·          Engage with other relevant continental and regional processes to seek opportunities for influencing and strengthening policy processes in Malawi. ·          Strengthen leadership and develop policymaking capacity in Malawi. ·          Develop and strengthen links between IFPRI and Malawi’s relevant Ministries, Departments and Agencies (MDAs). ·          Represent IFPRI in regional meetings and interactions. ·          Develop new partnerships with strategic partners, as and when appropriate. ·          Engage at international level with relevant platforms and processes.   Research development, facilitation and management ·          Develop, implement and manage programs of research at IFPRI in Malawi. ·          Liaise with IFPRI partner organizations to ensure the policy workstream is responsive and complementary to other work streams. ·          Identify funding opportunities for proposals for policy-relevant research. ·          Develop new policy-relevant research to address knowledge gaps/research needs that exist, or emerge. ·          Link with platforms and initiatives to harmonize and strengthen research plans and outputs. ·          Link to and collaborate with (as appropriate) other external partners and stakeholders. ·          Support the dissemination and publication of research results in policy briefs and other targeted publications. ·          Support the Malawi Country Program Leader in internal and external (including donor) reporting and proposal development.   Required Qualifications: ·          PhD plus 5 years’ experience in public policy, economics, political science or quantitative social science. Strong track record of policy research and engagement, and a strong understanding of development policies and practice. Specific experience in Malawi is an advantage. ·          Experience in cross-sectoral policy engagement on agricultural commercialization, urbanization and rural transformation.   ·          Demonstrated leadership and experience in effective interactions in a multicultural and international development setting with other researchers and with policymakers, donors, and civil society in Africa, and preferably in Malawi, facilitating impact of research and capacity strengthening. Experience with CGIAR institutions is desirable. ·          Experience with development of capacity strengthening strategies and programs in Africa, and preferably in Malawi. ·          Major external recognition within peer professional network ·          Willingness to travel extensively as required ·          Excellent written and spoken English communication skills with demonstrated excellence in written and oral presentations. Knowledge of Chichewa is an advantage. ·          Demonstrated leadership skills and strong experience in working in and influencing development institutions. ·          Demonstrated ability to critically assess own and others’ research Physical Demand & Work environment: ·          Employee will sit in an upright position for a long period of time with little opportunity to move/stretch ·          Employee will lift between 0-10pounds ·          Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading   Salary Range : The expected salary range for this job requisition is between $115,800 - $144,800. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Jenny Evans has created a Storify summary of her SpotOn London session: Collaborating and building your online

Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference,

It ain’t a party if you can’t join us Towards the end of April, SpotOn

Julia Schölermann is the organiser for this year’s SpotOn London session on, What should the scientific

The place we’re in as a society is a crowded field of scattered tools and

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.

Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.

While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:

The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource

The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.

Tenable offers fastest, broadest coverage of CISA’s KEV catalog

At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.

Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.

FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure

The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.

How Tenable’s library of compliance audits can help with Enhanced Logging

Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.

FY 2024 NOFO continues to require applicants to address program objectives in their applications

As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:

• Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

How Tenable can help agencies meet Objective 2 of the program

Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).

Source: Tenable, October 2024

Tenable One deployment options offer flexibility for SLT agencies

Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:

• Centralized risk-based vulnerability program managed by a state Department of Information Technology (DoIT)
• Multi-entity projects
• Decentralized deployments of Tenable One managed by individual municipalities,
• Managed Security Service Provider (MSSP) models that allow agencies to rapidly adopt solutions by utilizing Tenable’s Technology Partner network.

Whole-of-state approach enables state-wide collaboration and cooperation

A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.

FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices

As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.

How Tenable One can help agencies meet the CISA CPGs

The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.

Learn more

• $1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
• Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
• How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives
• New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA's CPGs
• Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

• Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
• Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
• Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
• Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

• Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
• Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
• Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
• Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security in a Unified Cloud Security Solution
• Infographic: When CNAPP met DSPM
• Demo Video

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

1. 4Critical
2. 82Important
3. 1Moderate
4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

• .NET and Visual Studio
• Airlift.microsoft.com
• Azure CycleCloud
• Azure Database for PostgreSQL
• LightGBM
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft PC Manager
• Microsoft Virtual Hard Drive
• Microsoft Windows DNS
• Role: Windows Hyper-V
• SQL Server
• TorchGeo
• Visual Studio
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows CSC Service
• Windows DWM Core Library
• Windows Defender Application Control (WDAC)
• Windows Kerberos
• Windows Kernel
• Windows NT OS Kernel
• Windows NTLM
• Windows Package Library Manager
• Windows Registry
• Windows SMB
• Windows SMBv3 Client/Server
• Windows Secure Kernel Mode
• Windows Task Scheduler
• Windows Telephony Service
• Windows USB Video Driver
• Windows Update Stack
• Windows VMSwitch
• Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's November 2024 Security Updates
• Tenable plugins for Microsoft November 2024 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013

This has been cross-posted from the nature.com guest blog, Soapbox Science. Liz Neeley is the