The GSE exam is given in two parts. The first part is a multiple choice exam which may be taken at a proctored location just like any other GIAC exam. The current version of the GSE multiple choice exam has the passing score set at 75%, and the time limit is 3 hours. Passing this exam qualifies a person to sit for the GSE hands-on lab. The first day of the two day GSE lab consists of a rigorous battery of hands on exercises drawn from all of the domains listed below. The second day consists of on Incident Response Scenario that requires the candidate to analyze data and report their results in a written incident report as well as an oral report.

Generic training that can aid in dealing with unanticipated complex terrorist activities is needed. Terrorist acts can create stressful situations involving volatility, uncertainty, complexity, ambiguity, and delayed feedback and information flow (“VUCAD”). Strategic management simulation technology, based on complexity theory, can be used to assess and train personnel who must deal with the threat of terrorism.

Yet we also need more generic training to handle the VUCAD of terrorism

A more applicable technology is known as “quasi-experimental simulation.”17 While the quasi-experimental approach is a compromise between the free and experimental simulation methods, it tends to combine the advantages of both and mostly eliminates the disadvantages of the other two. In a quasi-experimental simulation, preprogrammed information is restricted to only part of the information: incoming messages that assure that all participants experience the same flow of events. On the other hand, many additional computer-generated responses (typically one-half of the incoming information) to participant actions allow realism (and maintenance of high motivation levels). Yet, because of the constant flow of pre-programmed information that keeps significant events and timing constant for all participants, performance can be numerically scored against established criteria of excellence or can be compared between different participants (or participating teams). The observer (who was necessary in the free simulation) has become obsolete. Performance is computer scored, both in terms of how any participant processes information (for example, is strategy developed?) and in terms of the appropriateness of the actions taken to deal with scenario-generated events

S 25999On June 15, 2010 the DHS Secretary Janet Napolitano announced the adoption of BS 25999 for the PS-Prep program.  BS 25999 (which comes in two parts) is one of three standards for use in the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep). PS-Prep is directed by Title IX of the Implementing the Recommendations of the 9/11 Commission Act of 2007.

With so much government data to work with, developers are creating a wide variety of applications, mashups, and visualizations. From crime statistics by neighborhood to the best towns to find a job to seeing the environmental health of your community–these applications arm citizens with the information they need to make decisions every day. Enjoy these highlights of the hundreds of applications available.

Do you wonder why people don’t understand the idea you’re trying to get across in a meeting? Are you mentoring another developer and struggling to understand why the still don’t get it? Do you run training courses and wonder why the attendees only learn 10% of the material? We are all teachers whether as informal mentors, coaches, trainers or parents. Yet only professional educators receive training in this area. Nearly two years ago I started reading neuroscience (Norman Doidge’s “The Brain that Changes Itself”), for fun. Along the way I acquired an interest in neuroscience and wondered how its lessons could be applied to Agile Software Development and beyond.

CHAPTER 4 FRAMEWORK FOR SCADA UTILITY SURVIVABILITY MODELING * 4.1 Risk Modeling * 4.2 Internet Survey * 4.3 Survivability * 4.4 Taxonomy for Assessing Computer Security * 4.5 Definitions and Terms for a Taxonomy * 4.6 Understanding the Taxonomy * 4.7 Hierarchical Holographic Modeling (HHM) * 4.8 Recent Uses of the HHM in Identifying Risks * 4.9 Risk Modeling Using HHM * 4.10 Goal Development and Indices of Performance * 4.11 Event Tree and Fault Tree Analysis * 4.12 Distributions from Event Tree Analysis * 4.13 Partitioned Multiobjective Risk Method * 4.14 Multiobjective Tradeoff Analysis * 4.15 Evaluation *

Bea categorizes disasters into four groups. One such group is when an organization simply ignores warning signs through overconfidence and incompetence. He thinks the BP spill falls into that category. Bea pointed to congressional testimony that BP ignored problems with a dead battery, leaky cement job and loose hydraulic fittings.

This course advances the concept that humans and their organizations are an integral part of the engineering paradigm and that it is up to engineering to learn how to better integrate considerations of people into engineering systems of all types. This course focuses this concept on the assessment and management of the risks associated with engineered systems during their life-cycle (concept development through decommissioning). Risks (likelihoods and consequences) are addressed in the contexts of the desired quality from an engineered system including serviceability (fitness for purpose), safety (freedom from undue exposure to harm), compatibility (on time, on budget, with happy customers including the environment), and durability (freedom from unexpected degradations in the other quality characteristics). Reliability is introduced to enable assessment of the wide variety of hazards, uncertainties, and variabilities that are present during the life-cycle of an engineered system. Proactive (get ahead of the challenges), Reactive (learn the lessons from successes and failures), and Interactive (realtime assessment and management of unknown knowables and unknown unknowables) strategies are advanced and illustrated to assist engineers in the assessment and management of risks.

Another technique that Twine uses is graph analysis. This idea, explains Spivack, is similar to the thinking behind the "social graph" that Mark Zuckerberg, the founder of Facebook, extols: connections between people exist in the real world, and online social-networking tools simply collect those connections and make them visible. In the same way, Spivack says, Twine helps make the connections between people and their information more accessible. When data is tagged, it essentially becomes a node in a network. The connections that each node has to other nodes (which could be other data, people, places, organizations, projects, events, et cetera) depend on their tags and the statistical relevance they have to the tags of other nodes. This is how Twine determines relevance when a person searches through his or her information. The farther away a node is, the less relevant it is to a user's search

nCircle Suite360 Intelligence Hub™ is the reporting and analytics platform for nCircle’s integrated auditing solutions. Suite360 aggregates the detailed information gathered by nCircle IP360, nCircle Configuration Compliance Manager (CCM) and PCI scan results, utilizing advanced analytics to provide a comprehensive, unified, and enterprise-wide view of security and compliance.

Complex Event Processing (CEP) is a technology which has been used for many years in the Aerospace and Defence Industry for Situational Awareness and Data Fusion modules in Command, Control, Communications, Computing and Intelligence Systems (aka C4I).   Currently CEP is being rediscovered as a foundation for new class of extremely effective Business Intelligence, Security and System/Network/SCADA Monitoring solutions in industries like Financial Services, Telecommunications, Oil and Gas, Manufacturing, Logistics etc.

As of today, the Common Vulnerabilities and Exposures (CVE) database, hosted by Mitre Corporation (http://cve.mitre.org/) for the Department of Homeland Security (DHS), contains 34,542 entries. That may not seem like a large number, but any one of those entries can translate to multiple instances in the field. While the contents of this database are very important in the IT world to help security practitioners ply their trade, build rule sets, etc., there is a glaring lack of information on industrial control systems (ICS). A search of the CVE database using “SCADA” or “DCS” or “PLC” as a search ...

By leveraging the proprietary data in Delphi™, the world’s largest database of industrial system vulnerabilities, Wurldtech has created a solution specifically designed to help reduce the cost and complexity of mitigation activities for process control networks by integrating specific vulnerability intelligence into common security enforcement devices such as firewalls and intrusion detections systems. This allows common IT infrastructure to be tailored for industrial network environments and continuously updated with specific rule-sets and signatures, protecting control systems immediately, substantially reducing the frequency of patching activities and reducing overall costs. This update and support service is called AchillesINSIDE™.

AggFlow, the world's most sophisticated plant simulation and flow analysis software, has been developed specifically for the aggregate and mining industry to maximize production and improve profitability.

Complex loops refeeding material or recycling loops can be displayed and calculated within the material flow networks.

STAN (short for subSTance flow ANalysis) is a freeware that helps to perform material flow analysis according to the Austrian standard ÖNorm S 2096 (Material flow analysis - Application in waste management).

Sankey Helper v2.4 helps you design Sankey diagrams from Excel data ... in Excel !