Bob YoungMay 5, 2025

Drawing attention to just one good quote in the article: “And it also taught many of them the importance of segmenting their networks as much as possible to contain possible damage from malware infection.”

Sadly, there’s still a long ways to go before all organizations understand the importance of not only network segmentation, but also data segmentation.

About a year ago I was at a state government industry forum (I won’t name the state) where they boasted about their ambitious goal of moving everything to the cloud and centralizing all departments’ data. In one of the breakout sessions during the Q&A period, I stood up and asked, “How are you planning to address the security risks you’re creating by total centralization?” The person on the panel who took my question said that one system they could control completely was more secure than ten or twenty systems that might have varying degrees of security. I refrained from telling them that they just admitted they sucked at project management.

#CallMeIfYouNeedMe #FIFONetworks

#cybersecurity #DataArchitecture #DataClassification

https://www.linkedin.com/pulse/notpetyas-8th-anniversary-global-industries-still-risk-notpetya-like-lqz7c/

On NotPetya’s 8th anniversary, global industries are still at risk of NotPetya-like attacks

Spring 2017 featured a pair of major enterprise and industrial malware attacks that kept me really busy, and many cybersecurity practitioners even busier. I had just started to get noticed for my cybersecurity news blogging.

Frank LesniakMay 16, 2024

My #PowerShell Summit talk with Danny Stutz is live. What's cool about our talk is that it's the first time PowerShell has been used for #datascience - at least as far as my research has shown! We analyze free text data in a zero-shot (untrained) way using #OpenAI embeddings and K-means clustering. If you don't know what that means, don't worry - we didn't either 😂 (we're not data scientists!). But we did a decent job explaining it, and the demo gods were with us that day!

https://youtu.be/XJXtxXtMIbE?si=JuuvTUxkiKkKJWev

If you're a PowerShell enthusiast, we also have many "goodies" in our code, such as wrapper functions to make installing and using #NuGet packages easier or automatically handling retries to hashtag#API calls. Check it out: https://github.com/franklesniak/AutoCategorizerPS.

If you give the talk a watch or check out our code, let us know your thoughts in the comments.

#PSHSummit #dataclassification #datainsights #dotnet

Mastering Data Insights: Zero-Shot Classification with OpenAI and... by Frank Lesniak, Danny Stutz

YouTube
Show threadCoach Pāṇini ®May 11, 2024
@pluralistic
“Our electrically configured world has forced us to move from the habit of #DataClassification to the mode of #PatternRecognition.”
- Marshall McLuhan, 1967
Paco HopeFeb 16, 2024
Corollary: If you're a #security team and your best advice is "don't use #AI" or "don't use an #LLM" you can go jump in the sea. It has its uses, it has to be done carefully, and the checklists and #dataclassification are not going to save you. You have to put on your hip waders and wade into it and figure out what to do. It's hard, but there might be benefits. If your only advice is "no" then they're just gonna route around you and do it anyway, and that's probably worse than having you on their team helping.
F0rm4tFeb 4, 2024

𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬 𝐟𝐨𝐫 𝐆𝐞𝐧𝐀𝐈 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 (𝐎𝐩𝐞𝐧𝐀𝐈) 𝐢𝐧 𝐀𝐳𝐮𝐫𝐞

LLM apps pose significant security challenges that need to be addressed by developers and administrators of GenAI applications. These challenges include:

➡ Protecting the confidentiality and integrity of the data used to train and query the LLMs

➡Ensuring the availability and reliability of the LLMs and their services

➡Preventing the misuse or abuse of the LLMs by malicious actors or unintended users

➡Monitoring and auditing the LLMs' outputs and behaviors for quality, accuracy, and compliance

➡Managing the ethical and social implications of the LLMs' outputs and impacts

Learn Best Practices of Security for GenAI Applications in Azure:

✔ 𝐃𝐚𝐭𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

✔𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

✔𝐀𝐜𝐜𝐞𝐬𝐬 𝐚𝐧𝐝 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

✔𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

✔𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲

https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885

#llm #azure #openai #ai #azureopenai #privacy #security #api #data #network #access #identity #application #security #cybersecurity #soc #rbac #mfa #ids #monitoring #firewall #dataclassification #encryption

Security Best Practices for GenAI Applications (OpenAI) in Azure

This article presents an in-depth guide on security best practices for GenAI applications that use LLM models within the Azure platform. Aimed at developers..

TECHCOMMUNITY.MICROSOFT.COM
Hans Brender, Mr.OneDriveApr 25, 2023

The Microsoft podcast "Three Steps to Master Information Governance in Your Hybrid Work Environment" discusses steps for successfully managing information in a hybrid work environment.

The three steps are
▶️data classification
▶️policy creation and enforcement
▶️compliance monitoring and reporting.

https://bit.ly/3oHxOaf

#Microsoft #InformationGovernance #DataClassification #PolicyEnforcement

Three steps to master information governance in your organization

This month's episode of Uncovering Hidden Risks will discuss Information Governance and the industry trends we are seeing in this space. Information governance is the overall strategy for managing information at an organization. It is a discipline that spans several markets, including data governanc...

TECHCOMMUNITY.MICROSOFT.COM
Hans Brender, Mr.OneDriveApr 24, 2023

Using the Graph API to Extract Sensitivity Labels

This article is about the use of sensitivity labels in SharePoint Online. Sensitivity Labels provide a way to classify and protect documents. By using Sensitivity Labels in SharePoint Online, organizations can improve the protection of sensitive data on their intranet and meet compliance requirements. https://bit.ly/41UHc8E

#SharePointOnline #Compliance #DataClassification #Office365 #Microsoft #CloudSecurity #Security #Practical365

How to Use the Extract Sensitivity Labels Graph API

A Graph API is available to extract details of the sensitivity labels assigned to SharePoint Online documents. This article explores how to extract the information from files in a document library and use it to create a report. The nice thing is that once you have the data, you can slice and dice it any way you wish in Excel, Power BI, or whatever tool you prefer.

Practical 365
OPSEC Cybersecurity News LiveFeb 13, 2023
Data Classification for NPO’s

https://davinciforensics.co.za/cybersecurity/data-classification-for-npos/

#DataClassification #CyberSecurity #cybersecurity #databreach #breach #NPO
Gareth Emslie 🇿🇦 🇪🇦 🇨🇭Jan 19, 2023
Security and compliance teams have an important role in data protection, and a Zero Trust approach to data security requires knowing what data is present, protecting it with appropriate policies, and monitoring and remediating any issues. Classification of data by sensitivity level is critical to ensure only authorized users have access to sensitive data. https://techcommunity.microsoft.com/t5/educator-developer-blog/implementing-zero-trust-a-guide-to-securing-your-data/ba-p/3717305 #DataProtection #ZeroTrust #DataClassification
Implementing Zero Trust: A Guide to Securing Your Data

Data protection is a critical role for security and compliance teams, and it is essential to make sure that data is secure at all times, including when it is at rest, in use, and when it leaves the organization's control. In this blog post, we will go through the three main components of a data prot...

TECHCOMMUNITY.MICROSOFT.COM