Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.

Abstract: A mobile device includes non-private memory that can store software programs and a private memory that can store copies of the software programs as well as exclusively store trusted programs that are not stored in the non-private memory. The mobile device includes a processor configured to execute the software programs of the non-private memory when the mobile device is in a non-private mode, execute a trusted program only when the mobile device is in a private mode, and enable switching between the non-private mode and the private mode in response to a reboot of the mobile device.

Abstract: Systems and methods are described for facilitating assessment of security awareness of a candidate prior to a decision on whether or not to hire the candidate. Security awareness of the candidate in association with an application for a job may be assessed using responses to one or more simulated phishing communications provided by the candidate. Responses to the one or more simulated phishing communications may be used to determine a risk score for the candidate. Further, the risk score for the candidate may be used to make a decision on whether or not to hire the candidate.

Abstract: Systems and methods for data aggregation and processing are provided in manner that is decentralized and preserves privacy. A data aggregation and computation system may include an interface, a controller, and one or more clusters of computation nodes. The interface may receive an inquiry from a requesting entity for computing information regarding an individual based on pieces of information held by a plurality of entities. The controller may communicate an identifier for the individual to a processor system associated with each of the entities based on the inquiry. The clusters of computation nodes may each receive encrypted data fragments from each of the processor systems, the data fragments comprising unrecognizable fragments that no individual processor system can re-assemble to recover the information, perform secure, multi-party computations based on the data fragments, and generate a result based on the secure, multi-party computations for the individual.

Abstract: A method, computer program product, and system includes a processor(s) obtaining an authorization failure from a target application because an access request was denied based on insufficient permissions of a user. The processor(s) institutes a mock interface with a visual appearance of the target application. The mock interface displays predefined data and the target application displays dynamic data, from the server(s) executing the target application. The processor(s) obtains, via the mock interface, a request to change the permissions of the user to the target application, which includes a selection, by the user, through the mock interface, of one or more individual permissions displayed in the mock interface. The processor(s) automatically generates a customized security policy comprising the selection, where based on applying the customized security policy, repeating the access request results in authorized access to the target application.

Abstract: A combined visualization configuration is stored and provided by a visualization manager to a thin client HMI. Based upon the configuration, the thin client HMI accesses individual visualizations from automation components, such as automation controllers, motor controllers, camera, and so forth. Policies may be established for users and their roles, and for particular thin client HMIs, and for particular locations of or around a machine or process being monitored and/or controlled. Based on the policies, the individual visualizations are combined and may be changed if one or more of the factors changes. Interactions with the individual visualizations of the combined visualization result in signals back to the automation components originating the visualizations.

Abstract: The present disclosure describes systems and methods for determining a subsequent action of a simulated phishing campaign. A campaign controller identifies a starting action for a simulated phishing campaign directed to a user of a plurality of users. The simulated phishing campaign includes a plurality of actions, one or more of the plurality of actions to be determined during execution of the simulated phishing campaign The campaign controller responsive to the starting action, communicates a simulated phishing communication to one or more devices of a user. The campaign controller determines a subsequent action of the plurality of actions of the simulated phishing campaign based at least on one of a response to the simulated phishing communication received by the campaign controller or a lack of response within a predetermined time period and initiating, responsive to the determination, the subsequent action of the simulated phishing campaign.

Abstract: A method for dynamically authenticating and granting access to a computing system may be provided. The method comprises deriving at least one authentication question from at least one identified fact contained in a received text data. The at least one identified fact is stored in a knowledge base relating to a user profile. The method comprises conducting a textual authentication dialog. The textual authentication dialog comprises presenting the at least one authentication question and determining, based on natural language processing, that a received response comprises the at least one identified fact from which the at least one authentication question has been derived. The method comprises granting access to the computing system based on the textual authentication dialog.

Abstract: An arithmetic apparatus includes an interface and a circuity. The interface is connected to an information processing apparatus that is connected to a client apparatus and that processes data in an encrypted state. The circuitry acquires, from the information processing apparatus, encryption input data or encryption target data encrypted with a first encryption key. The circuitry decrypts the acquired, encryption input data or encryption target data with a first decryption key. Then, the circuitry executes a predetermined arithmetic operation on the decrypted arithmetic operation target data, encrypts data of an arithmetic operation result obtained by the predetermined arithmetic operation with the first encryption to key, and outputs the encrypted data of the arithmetic operation result to the information processing apparatus.

Abstract: The disclosed subject matter relates to systems, methods, and media for media session concurrency management with recurring license renewals. More particularly, the disclosed subject matter relates to using recurring license renewals for concurrent playback detection and concurrency limit enforcement for video delivery services and managing server resources for handling such recurring license renewals.

Abstract: Data that includes user data and application data that is generated during a remote desktop session to a cloud computing system is stored in cloud storage according to a risk level of the remote desktop session. The storage device has provisioned therein a plurality of storage containers, including first and second storage containers, where the first storage container stores less percentage of the user data than the second storage container. The first storage container is selected for storing the user data if the determined risk level of the remote desktop session is at a first level and the second storage container is selected for storing the user data if the determined risk level of the remote desktop session is at a second level that is lower than the first level.

Abstract: Described herein are a secure system for sharing private data and related systems and methods for incentivizing and validating private data sharing. In some embodiments, private data providers may register to selectively share private data under controlled sharing conditions. The private data may be cryptographically secured using encryption information corresponding to one or more secure execution environments. To demonstrate to the private data providers that the secure execution environment is secure and trustworthy, attestations demonstrating the security of the secure execution environment may be stored in a distributed ledger (e.g., a public blockchain). Private data users that want access to shared private data may publish applications for operating on the private data to a secure execution environment and publish, in a distributed ledger, an indication that the application is available to receive private data.

Abstract: Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).

Abstract: Methods and systems are disclosed for an internet isolation system implemented using a browser application. The host computer system may be configured to receive a request to communicate with a first network destination. The host computer system may determine whether the first network destination is trusted or untrusted. The host computer system may instantiate a browser application. The browser application may be configured to, on a condition that the first network destination is determined to be trusted, enable communication with the first network destination via a first browser process executed in a workspace of the host computer system. The browser application may be configured to, on a condition that the first network destination is determined to be untrusted, implement an isolated computing environment using an internal isolation firewall and enable communication with the first destination via a second browser process executed in the isolated computing environment.

Abstract: Systems and methods are provided for reducing attack surface of a software environment by removing code of an unused functionality. A security hardening module may identify a portion of code of a software, the software comprising at least one of: an operating system and an application. The security hardening module may determine whether the portion is being utilized, and in response to determining that the process is not being utilized, the security hardening module may generate a live patch that removes the portion from the code and may modify, during runtime, the software using the live patch without restarting the software.

Abstract: Some embodiments are directed to a data sampling device for obtaining a sample of records from a remote dataset satisfying a private criterion using multi-party computation. One or more sample providing devices store respective subdatasets of the remote dataset. The data sampling device determine a candidate size for a sample providing device; requests the sample providing device to determine a candidate sample of the candidate size from the subdataset of the sample providing device; perform a multi-party computation with the sample providing device to obtain a set of indices of records from the candidate sample satisfying the private criterion; sample a subset of the set of indices; and obtains from the sample providing device records of the candidate sample corresponding to the subset of the set of indices.

Abstract: A data manager in an enterprise provides data management of users' personal data, which is used by enterprise applications to support operations in the enterprise. The data manager obtains personal data from the enterprise applications via the use of corresponding connector modules. The data manager communicates with each connector module, which then communicates with its corresponding enterprise application to obtain personal data used by that application. The data manager can also communicate with a central database that can store personal data used by the enterprise applications. The central database can serve as a central store of personal data for the enterprise applications.

Abstract: Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.

Abstract: Methods, systems, and apparatus, including computer-readable media encoded with computer program instructions, for a decentralized application ecosystem and data sharing platform. In some implementations, a system stores data for different individuals in different logical data storage areas. The system stores data indicating a set of predetermined data classifications, and for at least some of the data storage areas, the system determines and stores data classifications for data stored in an encrypted form in the data storage area. The system provides an application programming interface (API) that enables multiple different applications to access the data storage areas over a communication network. The system is configured to (i) provide access through the API to the data of data storage areas, conditioned on applications providing authorization tokens, and (ii) provide access through the API to the data classifications in the metadata that is not conditioned on providing authorization tokens.