Author: blogmirnet

Get the most from AI with new data and analytics best practices

  Predictions 2024: Data and Analytics—Forrester report    
  Get the report   
  Data and analytics are the foundation of successful AI deployment. Learn how to maximize the value of your AI by providing the right data using the data and analytics best practices in this Forrester report. Read the Predictions 2024: Data and Analytics report on the future of data and analytics in the AI era to: Explore five predictions about the future of data and analytics that’ll help you prepare for changes coming to the AI landscape.Learn how to optimize your data management strategy to ensure your org is ready to scale for generative AI data.Discover how improving data quality will enhance the accuracy of AI and machine learning models by 20% and improve decision-making.  

Join us at Configure Security Operations Using Microsoft Sentinel training day

Microsoft Security Microsoft Security Virtual Training Day:
Configure Security Operations Using Microsoft Sentinel Microsoft Security Virtual Training Day: Configure Security Operations Using Microsoft Sentinel   Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft Security Virtual Training Day from Microsoft Learn. Join us at Configure Security Operations Using Microsoft Sentinel to learn best practices for hunting, detecting, and investigating threats and managing incidents with Microsoft Sentinel. You’ll also learn how to deploy an instance efficiently and how to work with data connectors, analytic rules, and workbooks more effectively. You will have the opportunity to: Learn how to plan and configure a Microsoft Sentinel instance. See how to deploy and configure Microsoft Sentinel content hub solutions. Discover how to automatically search for threats across your infrastructure by creating Microsoft Sentinel analytics rules. Explore Microsoft AI capabilities. Join us at an upcoming Configure Security Operations Using Microsoft Sentinel event:
Delivery Language: English
Closed Captioning Language(s): English   August 08, 2024 | 
12:00 PM – 5:15 PM | (GMT-05:00) Eastern Time (US & Canada)   August 22, 2024 | 
12:00 PM – 5:15 PM | (GMT-05:00) Eastern Time (US & Canada)    

Visit the Microsoft Virtual Training Days website to learn more about other event opportunities.   Unsubscribe | Privacy Statement   Microsoft Corporation
One Microsoft Way
Redmond, WA 98052  

Strengthen your Zero Trust posture with a unified approach

  Stay ahead of modern threats with new unified solutions   Cybercriminals have embraced emerging technologies like AI as quickly as the rest of the world. In today’s rapidly evolving threat landscape, your Zero Trust strategy has become more essential than ever. In this blog, you’ll learn how to bolster your Zero Trust strategy with innovative solutions that’ll help you stay ready for changes to the threat landscape—like the tenfold increase in password attacks in 2023.1 Read the blog to learn: New approaches to Zero Trust that protect against emerging threats.How to proactively secure access to any application or resource from any location.How Microsoft helps organizations extend Zero Trust requirements to all endpoints, apps, and data. 1 Microsoft Digital Defense Report 2023, Microsoft Threat Intelligence, October 2023.  
  Learn more   

NEW BLOG | Protecting Trained Models in Privacy-Preserving Federated Learning

This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. 

The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning system, these techniques must be combined with an approach for output privacy, which limit how much can be learned about individuals in the training data after the model has been trained.

As described in the second part of our post on privacy attacks in federated learning, trained models can leak significant information about their training data—including whole images and text snippets.

Training with Differential Privacy

The strongest known form of output privacy is differential privacy. Differential privacy is…

Read the Blog

Personal Identity Verification (PIV) Interfaces, Cryptographic Algorithms, and Key Sizes: NIST Revises SP 800-73 and SP 800-78

In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) credentials, including those on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201.

SP 800-73-5: Parts 1–3
SP 800-73-5: Parts 1–3, Interfaces for Personal Identity Verification, describe the technical specifications for using PIV Cards. The three parts cover the PIV data model (Part 1), the card edge interface (Part 2), and the application programming interface (Part 3). Major changes to the documents include:

  • Removal of the previously deprecated CHUID authentication mechanism
  • Deprecation of the SYM-CAK and VIS authentication mechanisms
  • Addition of an optional 1-factor secure messaging authentication mechanism (SM-Auth) for facility access applications
  • Additional use of the facial image biometric for general authentication via BIO and BIO-A authentication mechanisms
  • Addition of an optional Cardholder identifier in the PIV Authentication Certificate to identify a PIV credential holder to their PIV credential set issued during PIV eligibility
  • Restriction on the number of consecutive activation retries for each of the activation methods (i.e., PIN and OCC attempts) to be 10 or less
  • SP 800-73-5: Part 3 on PIV Middleware specification marked as optional to implement

SP 800-78-5
SP 800-78-5Cryptographic Algorithms and Key Sizes for Personal Identity Verification, defines the requirements for the cryptographic capability of the PIV Card and supporting systems in coordination with FIPS 201-3. It has been modified to add additional algorithm and key size requirements and to update the requirements for Cryptographic Algorithm Validation Program (CAVP) validation testing, including:

  • Deprecation of 3TDEA algorithms with identifier ‘00’ and ‘03’
  • Removal of the retired RNG from CAVP PIV component testing where applicable
  • Removal of retired FIPS 186-2 key generation from CAVP PIV component testing where applicable
  • Accommodation of the Secure Messaging Authentication key
  • Update to Section 3.1 and Table 1 to reflect additional higher strength keys with at least 128-bit security for use in authentication beginning in 2031
Read More

New Privacy-Preserving Federated Learning Blog Post

Dear Colleagues,

ln the last two posts of our Privacy-Preserving Federated Learning (PPFL) blog series, we covered techniques for input privacy in PPFL in the context of horizontally and vertically partitioned data. However, to complete a PPFL system, these techniques must be combined with an approach for output privacy to limit what can be inferred about individuals after model training.  Want to learn more about output privacy and training with differential privacy?  Found out more in this new post, Protecting Trained Models in Privacy-Preserving Federated Learning!

Protecting Trained Models in Privacy-Preserving Federated Learning by Joseph Near and David Darais
Read the post.  

Read blogs #1 – #6 on our PPFL Blog Series page. We encourage readers to ask questions by contacting us at privacyeng@nist.gov.

Meanwhile—stay tuned for the next PPFL blog post! 

All the best,
NIST Privacy Engineering Program

Read More

Register for the Next NIST Small Business Cybersecurity Webinar: Ransomware Prevention, Detection, Response, and Recovery

Event Date: August 15, 2024

Event Time: 2:00PM – 3:00PM EDT

Event Location: Virtual

Description:

Ransomware is a very serious and increasingly common threat to organizations of all sizes, and it is particularly devastating to smaller organizations that have limited resources. A successful ransomware attack can stop your business in its tracks.

During this NIST small business cybersecurity webinar, we will convene a panel to highlight:

  • Common ways ransomware is delivered to businesses.
  • Challenges small businesses face with ransomware.
  • Common signs of a ransomware attack.
  • What steps to take if your business falls victim to a ransomware attack.
  • What role cyber liability insurance plays in ransomware risk management.
  • Steps small businesses can take, and free resources you can use, to reduce your likelihood of falling victim to ransomware.

Panelists:

  • Bill Fisher, Security Engineer, NIST
  • Nick Lozano, Director of Technology, The Council of Insurance Agents & Brokers
  • Stephanie Walker, Assistant Section Chief of the Cyber Engagement and Intelligence Section, Federal Bureau of Investigation (FBI)
  • Ann Westerheim, Ph.D. Founder and President, Ekaru

Moderator:

  • Daniel Eliot, Lead for Small Business Engagement, NIST
Register Here

NIST Workshop on Privacy-Enhancing Cryptography 2024

WPEC 2024, the NIST Workshop on Privacy-Enhancing Cryptography 2024, will bring together multiple perspectives of PEC stakeholders. The three-day virtual workshop is organized for sharing insights about PEC capabilities, use cases, real-world deployment, initiatives, challenges and opportunities, and the related context of privacy and auditability. The program will cover the following two themes:

  • Private Set Intersection (PSI): for a deep dive into this specific technique, exploring its technicalities, readiness, feasibility, applicability, variants, and broader context.
  • Other PEC techniques: Other PEC techniques: for a broader perspective of PEC (including FHE, MPC, and ZKP, and possible combinations with other privacy-enhancing technologies).
Read More