Thursday, May 20, 2021

Pen Test

A pen test: what's it?

A penetration test is a cybersecurity technique organizations use to identify, test and highlight vulnerabilities in their security posture. These penetration tests are often carried out by ethical hackers. These in-house employees or third parties mimic the strategies and actions of an attacker in order to evaluate the hackability of an organization's computer systems, network or web applications. Organizations can also use pen testing to test their adherence to compliance regulations.

Ethical hackers are information technology (IT) experts who use hacking methods to help companies identify possible entry points into their IT infrastructure. By using different methodologies, tools and approaches, companies can perform simulated cyber attacks to test the strengths and weaknesses of their existing security systems. Penetration, in this case, refers to the degree to which a hypothetical threat actor, or hacker, can penetrate an organization's cybersecurity measures and protocols.

There are three main pen testing strategies, each offering pen testers a certain level of information they need to carry out their attack. For example, white box testing provides the tester all of the details about an organization's system or target network; black box testing provides the tester no knowledge of the system; and gray box penetration testing provides the tester partial knowledge of the system.

Pen testing is considered a proactive cybersecurity measure because it involves consistent, self-initiated improvements based on the reports generated by the test. This differs from non-proactive approaches, which lack the foresight to improve upon weaknesses as they arise. A non-proactive approach to cybersecurity, for example, would involve a company updating its firewall after a data breach occurs. The goal of proactive measures, like pen testing, is to minimize the number of retroactive upgrades and maximize an organization's security.

Pen testing is often conducted with a particular goal in mind. These goals typically fall under one of the following three objectives:

  1. identify hackable systems
  2. attempt to hack a specific system
  3. carry out a data breach

Each objective focuses on specific outcomes that IT leaders are trying to avoid. For example, if the goal of a pen test is to see how easily a hacker could breach the company database, the ethical hackers would be instructed to try and carry out a data breach. The results of a pen test will not only communicate the strength of an organization's current cybersecurity protocols, but they will also present the available hacking methods that can be used to penetrate the organization's systems.

Why is pen testing important?

The rate of distributed denial-of-service, phishing and ransomware attacks is dramatically increasing, putting all internet-based companies at risk. Considering how reliant businesses are on technology, the consequences of a successful cyber attack have never been greater. A ransomware attack, for instance, could block a company from accessing the data, devices, networks and servers it relies on to conduct business. Such an attack could result in millions of dollars of lost revenue. Pen testing uses the hacker perspective to identify and mitigate cybersecurity risks before they are exploited. This helps IT leaders implement informed security upgrades that minimize the possibility of successful attacks.

Technological innovation is one of, if not the greatest, challenge facing cybersecurity. As tech continues to evolve, so do the methods cybercriminals use. In order for companies to successfully protect themselves and their assets from these attacks, they need to be able to update their security measures at the same rate. The caveat, however, is that it is often difficult to know which methods are being used and how they might be used in an attack. But, by using skilled ethical hackers, organizations can quickly and effectively identify, update and replace the parts of their system that are particularly susceptible to modern hacking techniques.

How to do penetration testing

Pen testing is unique from other cybersecurity evaluation methods, as it can be adapted to any industry or organization. Depending on an organization's infrastructure and operations, it may want to use a certain set of hacking techniques or tools. These techniques and their methodologies can also vary based on the IT personnel and their company standards. Using the following adaptable six-step process, pen testing creates a set of results that can help organizations proactively update their security protocols:

  1. Preparation. Depending on the needs of the organization, this step can either be a simple or elaborate procedure. If the organization has not decided which vulnerabilities it wants to evaluate, a significant amount of time and resources should be devoted to combing the system for possible entry points. In-depth processes like this are usually only necessary for businesses that have not already conducted a complete audit of their systems. Once a vulnerability assessment has been conducted, however, this step becomes much easier.
  2. Construct an attack plan. Prior to hiring ethical attackers, an IT department designs a cyber attack, or list of cyber attacks, that its team should use to perform the pen test. During this step, it is also important to define what level of system access the pen tester has.
  3. Select a team. The success of a pen test depends on the quality of the testers. This step is often used to appoint the ethical hackers that are best suited to perform the test. Decisions like these can be made based on employee specialties. If a company wants to test its cloud security, a cloud expert may be the best person to properly evaluate its cybersecurity. Companies also often hire expert consultants and certified cybersecurity experts to carry out pen testing.
  4. Determine the stolen data type. What is the team of ethical hackers stealing? The data type chosen in this step can have a profound impact on the tools, strategies and techniques used to acquire it.
  5. Perform the test. This is one of the most complicated and nuanced parts of the testing process, as there are many automated software programs and techniques testers can use, including Kali Linux, Nmap, Metasploit and Wireshark.
  6. Integrate the report results. Reporting is the most important step of the process. The results must be detailed so the organization can incorporate the findings.




Posted by at No comments:

Tuesday, May 18, 2021

AI In Education: Current status and Potential

Artificial intelligence (AI) and machine learning are part of the emerging technologies that have begun to alter education tools and institutions and changing what the future might look like in education. It is expected that artificial intelligence in Education in the West will grow by 47.5% from 2017-2021 according to the Artificial Intelligence Market in the US Education Sector report. Even though most experts believe the critical presence of teachers is irreplaceable, there will be many changes to a teacher’s job and to educational best practices. 

This paper seeks to provide an overview of research on AI applications in higher education through a systematic review. The primary emphasis of this study is on educational implications of emerging technologies on the way students learn and how institutions teach and evolve. The synthesis of results presents four areas where AI is applied: 1. Teacher and AI collaboration, 2. Differentiated and individualized learning, 3. Universal access for all students, and 4. Tutoring and support outside the classroom. In the process, this study highlights certain challenges for institutions of higher education and student learning in the adoption of these technologies for teaching, learning, student support, and administration and explore further directions for research.

Teacher and AI collaboration: where are the educators?  

Whilst AI has been around for about 30 years, it is still unclear for educators how to make pedagogical advantage of it on a broader scale, and how it can actually impact meaningfully on teaching and learning in higher education.  Nevertheless, AI has already been applied to education primarily in some tools that help develop skills and testing systems. As AI educational solutions continue to mature, the hope is that AI can help fill needs gaps in learning and teaching and allow schools and teachers to do more than ever before. AI can drive efficiency, personalization and streamline admin tasks to allow teachers the time and freedom to provide understanding and adaptability—uniquely human capabilities where machines would struggle. By leveraging the best attributes of machines and teachers, the vision for AI in education is one where they work together for the best outcome for students. Since the students of today will need to work in a future where AI is the reality, it’s important that our educational institutions expose students to and use the technology.     

Differentiated and individualized learning

Adjusting learning based on an individual student’s particular needs has been a priority for educators for years, but AI will allow a level of differentiation that’s impossible for teachers who have to manage 30 students in each class. There are several Universities such as Intelligent Computer Tutoring Group (ICTG) of University of Canterbury in NZ and Carnegie Learning in the US currently developing intelligent instruction design and digital platforms that use AI to provide learning, testing and feedback to students from pre-K to college level that gives them the challenges they are ready for, identifies gaps in knowledge and redirects to new topics when appropriate. As AI gets more sophisticated, it might be possible for a machine to read the expression that passes on a student's face that indicates they are struggling to grasp a subject and will modify a lesson to respond to that. The idea of customizing curriculum for every student's needs is not viable today, but it will be for AI-powered machines.  

Universal access for all students     

Artificial intelligence tools can help make global classrooms available to all including those who speak different languages or who might have visual or hearing impairments. Presentation Translator is a free plug-in for PowerPoint that creates subtitles in real time for what the teacher is saying. This also opens up possibilities for students who might not be able to attend school due to illness or who require learning at a different level or on a particular subject that isn’t available in their own school. AI can help break down silos between schools and between traditional grade levels.   

Automate Assessment Tasks     

An educator spends a tremendous amount of time grading homework and tests. AI can step in and make quick work out of these tasks while at the same time offering recommendations for how to close the gaps in learning. Although machines can already grade multiple-choice tests, they are very close to being able to assess written responses as well. As AI steps in to automate admin tasks, it opens up more time for teachers to spend with each student. 

Tutoring and support outside the classroom       

Ask any parent who has struggled to help their teenager with algebra, and they will be very excited about the potential of AI to support their children when they are struggling at home with homework or test preparations. Tutoring and studying programs are becoming more advanced thanks to artificial intelligence, and soon they will be more available and able to respond to a range of learning styles.    

There are many more AI applications for education that are being developed including AI mentors for learners, further development of smart content and a new method of personal development for educators through virtual global conferences. Education might be a bit slower to the adoption of artificial intelligence and machine learning, but the changes are beginning and will continue. 

Posted by at No comments:

Monday, May 17, 2021

Analytics: the way forward

Analytics is a data analysis methodology which is not complete without predictive modelling, machine learning algorithms, deep learning, business process automation and other statistical methods to analyse business information from a variety of data sources. This is taking data science beyond traditional business intelligence (BI) methods to predict patterns and estimate the likelihood of future events. This in turn can help an organization be more responsive and significantly increase its accuracy in decision-making.

It's a valuable resource to enterprises because it enables an organization to get greater functionality from its data assets, regardless of where the data is stored or what format it's in. It also can help address some of the more complex business problems that traditional BI reporting cannot.

For example, to create a contextual marketing engine, a consumer packaged goods manufacturer might need to ask the following questions:

  1. When is a customer likely to exhaust their supply of an item?
  2. What time of the day or week are they most receptive to marketing advertisements?
  3. What level of profitability is achievable when marketing at that time?
  4. What price point are they most likely to purchase at?

By combining consumption models with historical data and artificial intelligence (AI), advanced analytics can help an organization determine precise answers to those questions.

What are the benefits of such an approach to analytics?
In addition to enabling greater use of data assets and providing decision-makers with greater confidence in data accuracy, advanced analytics offers the following benefits:

  1. Accurate forecasting. Using advanced analytics can confirm or refute prediction and forecast models with a greater level of accuracy than traditional BI tools that still carry an element of uncertainty.
  2. Faster decision-making. With predictions that feature a high level of accuracy, executives can act more quickly, confident their business decisions will achieve the desired results and that favourable outcomes can be repeated.
  3. Deeper insight. Advanced analytics offers a deeper level of actionable insight from data, including customer preference, market trends and key business processes, which empowers stakeholders to make data-driven decisions that can directly affect their strategy.
  4. Improved risk management. The higher level of accuracy provided by advanced analytics predictions can help businesses reduce their risk of costly mistakes.
  5. Anticipate problems and opportunities. Advanced analytics uses statistical models to reveal potential problems on the business' current trajectory, or identify new opportunities, so stakeholders can quickly change course and achieve better outcomes.
What are some techniques as go analytics?
Advanced analytics can help provide organizations with a competitive advantage. Some commonly used advanced analytics techniques include the following:

  1. Data mining. This process sorts through large data sets to identify patterns and establish relationships to solve problems through data analysis.
  2. Sentiment analysis. This technique uses natural language processing, text analysis and biometrics to identify the emotional tone behind a body of text.
  3. Cluster analysis. This process matches pieces of unstructured data based on similarities found between them.
  4. Complex event processing. This technique uses technology to predict high-level events likely to result from specific sets of low-level factors.
  5. Big data analytics. This is the process of examining large volumes of structured, semi-structured and unstructured data to uncover information such as hidden patterns, correlations, market trends and customer preferences.
  6. Machine learning. The development of machine learning has dramatically increased the speed at which data can be processed and analyzed, facilitating disciplines like predictive analytics.
  7. Data visualization. This process of presenting data in graphical format makes data analysis and sharing more accessible across organizations.
What are some use cases for such analytics approach?
The following are just a few examples of business processes that can benefit from advanced analytics software.

  1. Marketing metrics. With advanced analytics, marketing organizations can create customized, targeted marketing campaigns and avoid wasting money on ineffective strategies. Analyzing future outcomes also can help an organization identify opportunities to up-sell and optimize the marketing funnel.
  2. Supply chain optimization. Advanced analytics can help an organization factor demand, cost fluctuations and changing consumer preferences to create an agile supply chain that can quickly adapt to changing market conditions.
  3. Risk management. By examining particular data sets and data streams in real time, advanced analytics can help data scientists identify patterns that may indicate high levels of risk, for example by identifying possible payment fraud or insurance liabilities.
  4. Business operations. Advanced analytics can help organizations streamline their operations and adapt them to better suit predictions on changing market conditions or trends and ultimately increase revenue.
Posted by at No comments:

Sunday, May 16, 2021

Kaizen: Continuous improvement

In Japanese Kaizen is what comes to mean "continuous improvement". it is based on the idea that small, ongoing positive changes can reap significant improvements in contrast to approaches that use radical or top-down changes to achieve transformation. Kaizen, as an approach, was developed to lower defects, eliminate waste, boost productivity, encourage worker purpose and accountability and promote innovation. Kaizen is based on the belief that everything can be improved, and nothing is the status quo.

10 principles of Kaizen

The 10 principles that address the Kaizen mindset are commonly referenced as core to the philosophy in order to enable the right mindset throughout a company.  The 10 principles are:

  1. Let go of assumptions.
  2. Be proactive about solving problems.
  3. Don't accept the status quo.
  4. Let go of perfectionism and take an attitude of iterative, adaptive change.
  5. Look for solutions as you find mistakes.
  6. Create an environment in which everyone feels empowered to contribute.
  7. Don't accept the obvious issue; instead, ask "why" five times to get to the root cause.
  8. Cull information and opinions from multiple people.
  9. Use creativity to find low-cost, small improvements.
  10. Never stop improving.

There are several reasons why Kaizen can be an advantage for an organization:
  1. Kaizen's focus on gradual improvement can create a gentler approach to change in contrast to big efforts that may be abandoned due to their tendency to provoke change resistance and pushback.
  2. Kaizen encourages scrutiny of processes so that mistakes and waste are reduced.
  3. With fewer errors, oversight and inspection needs are minimized.
  4. Employee morale improves because Kaizen encourages a sense of value and purpose.
  5. Teamwork increases as employees think beyond the specific issues of their department.
  6. Client focus expands as employees become more aware of customer requirements.
  7. Systems are in place to ensure improvements are encouraged both in the short and long terms.

Examples of Kaizen

Toyota is arguably the most famous for its use of Kaizen, but other companies have successfully used the approach. Here are three examples:

  • Lockheed Martin. The aerospace company is a well-known proponent of Kaizen. It has used the method to successfully reduce manufacturing costs, inventory and delivery time.
  • Ford Motor Company. When lean devotee Alan Mulally became CEO of Ford in 2006, the automaker was on the brink of bankruptcy. Mulally used Kaizen to execute one of the most famous corporate turnarounds in history.
  • Pixar Animation Studios. Pixar applied the continuous improvement model to reduce the risks of expensive movie failure by using quality control checks and iterative processes.




Posted by at No comments:

Sunday, May 9, 2021

The Benefits of ISO/IEC 27001

 TISO/IEC 27001 provides a set of principles and controls used to secure the information that an organization stores and processes. So it is primarily a system of processes, technology, documents and people that assist in managing, auditing, monitoring and improving an organization’s information security. The ISO/IEC 27001 standard is to help synchronize all security processes in one place, continually and cost-effectively.

Several benefits of implementing ISO/IEC 27001:

  • Secure information: The ISO/IEC 27001 – ISMS does not just cover digital assets, but it also includes all sorts of information that are part of your organization including all personal data - both hard copy or digital.
  • Improved security threat response: ISO/IEC 27001 is built around common risk assessments and as a result there are processes against cyberthreats and risks.
  • Increased cyberattack resilience is gaurenteed as an ISMS is centrally managed. That means, there is a reduced risk of cyberattacks because it encompasses both that the staff is trained as well as by ensuring that the software is kept up to date.
  • Compliance with laws and regulations of an ISMS by default ensures because the data being managed is not only secured but also compliant with laws and regulations.
  • Marketing advantageas the ISO/IEC 27001 standard can ensure that your potential and existing clients see you as a reliable company with a strong reputation.
  • Reduce costs: Companies that are gradually growing have to deal with scalability and the integration of various new services throughout their journey. Implementing ISO 27001 means that the tasks and responsibilities are well defined and in a well-structured manner which in turn will ensure that an organization runs in a smooth and organized way.

Posted by at No comments:

Monday, May 3, 2021

Using Peer Feedback for Student Academic Achievement : What works & What doesn't

Using Peer Feedback for Student Academic Achievement concerns, formally speaking, with students' understanding and evaluation of peer's academic performance as well as their own for self-regulated learning, has recently drawn increasing scholarly attention. However, we still know little about how to foster student feedback in useful ways. 

Of the several issues for student feedback mechanism to effectively work, the first and foremost may be student feedback literacy. In other words, the question of how well students can provide valid feedback to their peers depends on:

  1. first of all, how well students are trained and equipped to actually evaluate peer's academic progress and
  2. secondly, how well student can express themselves both verbally and in writing and whether or not they have the language and knowledge to do so
However, the question of this bolg here is whether students provide each other some academic feedback at all. The answer is YES, particularly surrounding the issues around the assessments of their course. McDonnell and Curtis (2014) collected data from focus group interviews and reflective commentaries by students and teachers. They report that students provide each other feedback which is value-based, fairness-centred and is an emotionally dynamic process. They thereby became more engaged in the assessments. This democratic feedback process also increased the students’ self-confidence in challenging others’ perspectives and defending their own views, thus building their sense of identity as competent reviewers. In addition, this feedback processes, though done informally, facilitated students’ understanding of assessment criteria very well.

Posted by at No comments:

ISO/IEC 27001. Information Security Management System

 ISO/IEC 27001 is one of the world's most popular standards. It demonstrates a company can be trusted with information because it has sufficient controls in place to protect it. Many tech giants, financial institutions, health services providers, insurance companies, education institutions, manufacturing and service companies, large and small business around the world have this standard in place in order to have it as a proof of their capability to protect the confidentiality, integrity and availability of the information they process.

The management system requirements of ISO/IEC 27001 cover macro issues of 

  1. the context of the organization, 
  2. leadership, 
  3. information security policy and objectives, 
  4. information security risk assessment and treatment, 
  5. competence and awareness, 
  6. documented information, 
  7. operational planning and control, 
  8. internal audit, 
  9. management review, 
  10. nonconformity and corrective action 

Then there is these controls from Annex A of ISO/IEC 27001 - there are 114 information security controls. The topics include aspects such as: 
  1. Information security policies, 
  2. organization of information security, 
  3. mobile devices and teleworking, 
  4. security of human resources, 
  5. asset management, 
  6. classification of information, 
  7. media handling, 
  8. access control, 
  9. user responsibilities, 
  10. system and application access control, 
  11. cryptography, 
  12. physical and environmental security, 
  13. equipment security, 
  14. operations security, 
  15. protection from malware, 
  16. backup, 
  17. logging and monitoring, 
  18. control of operational software, 
  19. technical vulnerability management, 
  20. communications security, 
  21. network security management, 
  22. information transfer, 
  23. system acquisition, 
  24. development and maintenance, 
  25. security in development and support, 
  26. supplier relationships, 
  27. incident management, 
  28. information security as part of business continuity management, 
  29. redundancies and compliance.
Here are some links:
https://www.iso.org/isoiec-27001-information-security.html
https://www.iso.org/certification.html
Posted by at No comments:

Sunday, May 2, 2021

Self-regulated (Personalised) Learning During COVID-19

Overview

According to a recent report from UNESCO (2020), more than 1.9 billion students -children and youth- from 190 countries are forced to transfer their education from face-to-face to online form to fight the outbreak of COVID-19. This sudden shift created 

  1. crisis in terms of course design, evaluation tools and teaching strategies (Affouneh et al., 2020)
  2. a high level of stress, anxiety, and uncertainty among educators

However, several emerging technologies came to the rescue in higher education settings whether using these tools on campus, blended, or fully in online environments (Czerkawski & Lyman, 2016). These technologies reshaped student engagement for learning through new features that enable learners and instructors to communicate synchronously and asynchronously (Bergdahl et al., 2020; Khlaif & Farid, 2018).

There has been an abundance of research on online learning before the COVID-19 crisis to understand the factors influencing student’s engagement in online learning which could differ from the factors  influencing student’s engagement in online learning during a crisis like the COVID-19 pandemic.

  1. What are the factors that influence student personalised learning during an environment such as COVID-19 in developed countries?
  2. How do these factors influence the implementation and continuity of online classes in an emergency remote environment in developed countries? 

Teachers’ presence and quality of content were the major factors that influence student engagement and their learning normally. In online leaning, on the other hand, several factors such as infrastructure factors, cultural factors, digital inequality, and digital privacy influence student engagement in online leaning. 

Definition of Personalised Learning

Different definitions of student engagement have been proposed by many researchers.

Personalised learning has been variously defined and interpreted in practice. Larry Cuban provides a useful discussion of the range of personalised learning offerings, including examples from practice.

Personalised learning refers to the various educational programsmes, instructional methods, and academic support strategies to address the distinct learning needs of each individual student. The goal of personalised learning is to help each student achieve academic success by first understanding the learning needs, interests, and aspirations of individual students, and then providing customised learning. The foundation of personalised learning is for each and every student to become involved in making decisions about their education: what they would like to learn and how.

Personalisation of learning is conceptualised in a range of ways:

  1. Personalisation of content; students engaging with content, topics and areas that are of particular interest to them.
  2. Personalisation of pace and progress; students progressing through the content and curriculum levels at their own pace.
  3. Personalisation of process; instructional approaches and learning environments vary based on the students’ needs and interests.

Personalisation often includes the following tenets:

  • Learning is competency based, with students moving on once they have demonstrated mastery of a concept.
  • Learning is flexible, and is not restricted to traditional schooling structures or timetables
  • Students are encouraged to demonstrate agency and to take a level of ownership over their learning journey
  • Students’ interests, strengths and passions are incorporated into their learning

To summarise, Bond (2020) defines PL as "the energy and effort that students employ within their learning community, observable via any number of behavioural, cognitive or affective indicators across a continuum" . In addition, Dixson (2015) defines it as the effort that the learner makes to acquire knowledge and build his/her critical thinking skills through staying involved in the learning process. Moreover, Wong and Chong (2018) defined PL as a unique collection of comprised active and collaborative learning, participation in enriching learning activities, communication with teachers and among learners, involvement in educational experiences, and feeling supported.

-------------------------------------------------------------
Affouneh, S., Salha, S., & Khlaif, Z. N. (2020). Designing quality e-learning environments for emergency remote teaching in coronavirus crisis. Interdisciplinary Journal of Virtual Learning in Medical Sciences, 11(2), 135–137.

Czerkawski, B. & Lyman, B. (2016). An Instructional Design Framework for Fostering Student Engagement in Online Learning Environments. Tech Trends 60, 532–539 (2016). https://doi.org/10.1007/s11528-016-0110-z


Posted by at No comments:
Subscribe to: Posts (Atom)