Back to Basics: AI Isn't the Answer to What Ails Us ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

100%

BrianN060,
User Rank: Ninja
2/9/2018 | 12:13:31 PM

A few more points

A good article, with several important best practices.

As for AI (Artificial Intelligence), it's an unfortunate choice for a label, for something that is actually a dynamic artifact of collective human intelligence. You're right about the effective PR.

You can add a couple of more items to your best practices list:

Limit data access, and type of access, on a needs basis. If a knowledge worker doesn't require access of a particular kind, and from a particular source, in order to do their job, they shouldn't have it.
Know what data you have. Very hard to tell if something is missing or has been altered, if you don't know what you have, and where it is.
Limit the proliferation of data. Yes, you need a well thought out plan to recover compromised data; but more backup copies doesn't equate to more security - just the opposite. Also, limit the data used for analysis, using the same needs-based criteria mentioned above. Part of that is not running analysis directly on line-of-business/transactional data.

Each of these goals is easier to implement if your organization uses the proper modeling methodologies.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Tor Weaponized to Steal Bitcoin

Dark Reading Staff 10/18/2019

Data Privacy Protections for the Most Vulnerable -- Children

Dimitri Sirota, Founder & CEO of BigID, 10/17/2019

State of SMB Insecurity by the Numbers

Ericka Chickowski, Contributing Writer, 10/17/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

White Papers

The 2019 Security Buyer's Guide

IDC Workbook: Cloud Security Roadmap

9 Ways Cybercriminals Disrupt Business Operations

7 Experts Discuss Evaluating MSSPs

How to Combat Fileless Attacks

More White Papers

Video

All Videos

Cartoon

Latest Comment: Check outthe latest from Dark Reading cartoonist John Klossner!

Cartoon Archive

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-18387
PUBLISHED: 2019-10-23

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

CVE-2019-18212
PUBLISHED: 2019-10-23

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

CVE-2019-18213
PUBLISHED: 2019-10-23

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...

CVE-2019-18384
PUBLISHED: 2019-10-23

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.

CVE-2019-18385
PUBLISHED: 2019-10-23

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]