A social employee is a worker operating within a social business model. Following an organization's social computing guidelines, social employees use social media tools both for internal workflow and collaboration purposes and for external engagement with customers, prospects and stakeholders through a combination of social media marketing, content marketing, social marketing, and social selling. Social employee programs are considered to be as much about culture and engagement as they are about business processes and best practices. In addition to increased leads and sales, social employee best practices are said to improve business outcomes important to social media marketing, such as increased connections and web traffic, improved brand identification and "chatter", and better customer advocacy. == Overview == The term "social employee" was first introduced to describe those exhibiting the emerging characteristics of workers operating under a social business model. The term is often used interchangeably with similar designations like "employee advocate" or "social employee advocate". Crucial to the perceived value of the social employee is the concept of the digital footprint. While organizations are able to generate large bases of followers through social media, research shows that brand marketing and engagement efforts through these networks are not as effective as those of individual employees. In fact, some research indicates that employee experts are more trusted than any other member of an organization. Because of this, social employee programs are designed to train, empower, and support employee engagement efforts in the hopes of authentically engaging larger communities, increasing the frequency of shares, reviews, and other forms of "earned media" and expanding the brand's presence on the web. == The personal or employee brand == A foundational concept of the social employee is the idea of the personal or employee brand. This concept first gained popular attention in a 1997 FastCompany article by business leader Tom Peters titled "The Brand Called You". In the article, Peters argued that the premium placed on branding impacted workers' lives to such an extent that creating and cultivating a distinct personal brand had become a professional necessity. According to Peters, doing so built trust, loyalty, visibility, influence, and employability. With increased adoption of social media tools by both businesses and consumers in the early 21st century, many business leaders became increasingly concerned with social engagement, both internally among employees and externally with customers and other stakeholders. While many in the business community acknowledged the potential social tools had for improved collaboration, productivity, and brand messaging, the concern that employees would misrepresent their brand, disclose proprietary information, or otherwise damage their company's reputation or ability to conduct business persisted. As a result, many began to advocate for employee branding as a solution to this problem. This helped give new meaning to the concept of brand ambassadorship, positioning everyday employees in public, and potentially high-profile, engagement roles. == Characteristics == === Engaged === Because social employee advocacy is dependent on the perceived authenticity of the employee, engagement is highly valued in social organizations. Further, data show the measurable impact of employee engagement on organizational productivity and profitability: Happy employees were found to be 12 percent more productive. In one study, engaged employees were found to be 38 percent more likely to produce at above-average rates. In another, organizations with engaged employees had a 19 percent higher than average shareholder return, while organizations with disengaged employees experienced shareholder return that was 44 percent below average. Engaged companies were found to outperform disengaged companies by up to 202 percent. Companies with strong focus on culture were found to have an average 13.9 percent turnover rate, while those with a low focus experience were found to have a 48.4 percent turnover rate. === Flexible job environment and work–life balance === The number of professionals working mobile or remote has risen considerably since 2010. While estimates vary, one study found that number of organizations with mobile or remote employees is expected to rise from 24 percent in 2012 to 89 percent by 2020. Other research has estimated that by 2020, 105.4 million professionals will work remotely in America, about 72.3 percent of the total workforce. This change has been linked to a rise in social technologies, including biometrics, wearables, near-field communications, and augmented reality. Social employees have also put a greater emphasis on work–life balance, with many believing that advances in technology can directly support efforts in this area. Purported benefits of this shift include a more flexible workforce, reduced business costs, and greater organizational leverage in attracting and retaining top talent. === Buys into the brand's story === In 2009, thought leader Simon Sinek presented a speech called "How Great Leaders Inspire Action" at a TEDxPugetSound event. Sinek's central argument in this speech was, "People don't buy what you do. They buy why you do it." This concept—that the story behind a business or product offering is a more compelling sales tool than the product itself—is frequently cited in social media marketing as a way to build authentic connections with stakeholders. However, others have argued that for employees to share a brand's story authentically, they must be engaged in that story themselves, and as a result, many companies have made storytelling part of their culture programs. === Collaborative === An implicit tenet in social business is that social technologies aren't a barrier to productivity, but rather a path to increased connectivity. The shift in enterprise software systems like IBM Connections to incorporate social communication models, such as mentions, wikis, and newsfeeds, reflects the changing communication dynamics within business. With an increase in diversity and sophistication in collaborative software platforms, social organizations have sought to find new creative ways to utilize these tools and secure employee buy-in around them. Crowdsourcing has also become popular in social businesses. Examples include AT&T's program The Innovation Pipeline (TIP), begun in 2009, which has generated over 28,000 ideas that have led to over 75 projects with funding exceeding $44 million. IBM has also put considerable resources into such processes, producing its social computing guidelines through employee crowdsourcing, as well as its Connections platform through the Technology Adoption Program (TAP), a more formalized crowdsourcing initiative. Another popular form of internal collaboration is the hack day, or hackathon. Organizations such as Netflix, Facebook, and IBM use hack days to pull employees out of their day-to-day work environments and encourage them to collaborate in nontraditional ways in an attempt to drive disruptive innovation. Social employees are often encouraged to seek external collaboration opportunities with customers and prospects. For example, Procter & Gamble introduced the Live Well Collaborative to connect with external stakeholders and develop products and services for the 50+ demographic. === Social listener === A social listener is someone who engages in social listening, or social media monitoring, for professional means. Social employees can use social media monitoring for a variety of reasons, including professional development, industry news and trends, and gauging market sentiment. Some have argued that social listening is one of the most important components of social business, as it enables organizations to collect rich market data, make more informed strategic decisions, and respond to customer needs more authentically. === Customer-centric === Advocates of customer-centricity in social business argue that social media has changed the dynamic from one-way brand messaging to shared interactions between brand and customer. Brand and customer engagement is seen as a means of creating more lasting connections with customers and prospects and empowering them to become brand promoters. Customer-centric interactions are seen to have distinct value to brands, as research shows that prospects are far more likely to trust brand-related messaging from a friend or family member than they are from a brand. As a means of building social employees, some social advocates have also called for a broader definition of customer to include the employees themselves. In the book The Pursuit of Social Business Excellence, authors Vala Afshar and Brad Martin made the following argument: A social business operates with the guiding principle that each employee's responsi
Adversarial machine learning
Adversarial machine learning is the study of the attacks on machine learning algorithms, and of the defenses against such attacks. Machine learning techniques are mostly designed to work on specific problem sets, under the assumption that the training and test data are generated from the same statistical distribution (IID). However, this assumption is often violated in practical high-stake applications, where users may intentionally supply fabricated data that violates the statistical assumption. Most common attacks in adversarial machine learning include evasion attacks, data poisoning attacks, Byzantine attacks and model extraction. == History == At the MIT Spam Conference in January 2004, John Graham-Cumming showed that a machine-learning spam filter could be used to defeat another machine-learning spam filter by automatically learning which words to add to a spam email to get the email classified as not spam. In 2004, Nilesh Dalvi and others noted that linear classifiers used in spam filters could be defeated by simple "evasion attacks" as spammers inserted "good words" into their spam emails. (Around 2007, some spammers added random noise to fuzz words within "image spam" in order to defeat OCR-based filters.) In 2006, Marco Barreno and others published "Can Machine Learning Be Secure?", outlining a broad taxonomy of attacks. As late as 2013 many researchers continued to hope that non-linear classifiers (such as support vector machines and neural networks) might be robust to adversaries, until Battista Biggio and others demonstrated the first gradient-based attacks on such machine-learning models (2012–2013). In 2012, deep neural networks began to dominate computer vision problems; starting in 2014, Christian Szegedy and others demonstrated that deep neural networks could be fooled by adversaries, again using a gradient-based attack to craft adversarial perturbations. Further work would show that adversarial attacks are harder to produce in uncontrolled environments, due to the different environmental constraints that cancel out the effect of noise. For example, any small rotation or slight illumination on an adversarial image can destroy the adversariality. In addition, researchers such as Google Brain's Nick Frosst point out that it is much easier to make self-driving cars miss stop signs by physically removing the sign itself, rather than creating adversarial examples. Frosst also believes that the adversarial machine learning community incorrectly assumes models trained on a certain data distribution will also perform well on a completely different data distribution. He suggests that a new approach to machine learning should be explored, and is currently working on a unique neural network that has characteristics more similar to human perception than state-of-the-art approaches. While adversarial machine learning continues to be heavily rooted in academia, large tech companies such as Google, Microsoft, and IBM have begun curating documentation and open source code bases to allow others to concretely assess the robustness of machine learning models and minimize the risk of adversarial attacks. === Examples === Examples include attacks in spam filtering, where spam messages are obfuscated through the misspelling of "bad" words or the insertion of "good" words; attacks in computer security, such as obfuscating malware code within network packets or modifying the characteristics of a network flow to mislead intrusion detection; attacks in biometric recognition where fake biometric traits may be exploited to impersonate a legitimate user; or to compromise users' template galleries that adapt to updated traits over time. Researchers showed that by changing only one-pixel it was possible to fool deep learning algorithms. Others 3-D printed a toy turtle with a texture engineered to make Google's object detection AI classify it as a rifle regardless of the angle from which the turtle was viewed. Creating the turtle required only low-cost commercially available 3-D printing technology. A machine-tweaked image of a dog was shown to look like a cat to both computers and humans. A 2019 study reported that humans can guess how machines will classify adversarial images. Researchers discovered methods for perturbing the appearance of a stop sign such that an autonomous vehicle classified it as a merge or speed limit sign. A data poisoning filter called Nightshade was released in 2023 by researchers at the University of Chicago. It was created for use by visual artists to put on their artwork to corrupt the data set of text-to-image models, which usually scrape their data from the internet without the consent of the image creator. McAfee attacked Tesla's former Mobileye system, fooling it into driving 50 mph over the speed limit, simply by adding a two-inch strip of black tape to a speed limit sign. Adversarial patterns on glasses or clothing designed to deceive facial-recognition systems or license-plate readers, have led to a niche industry of "stealth streetwear". An adversarial attack on a neural network can allow an attacker to inject algorithms into the target system. Researchers can also create adversarial audio inputs to disguise commands to intelligent assistants in benign-seeming audio; a parallel literature explores human perception of such stimuli. Clustering algorithms are used in security applications. Malware and computer virus analysis aims to identify malware families, and to generate specific detection signatures. In the context of malware detection, researchers have proposed methods for adversarial malware generation that automatically craft binaries to evade learning-based detectors while preserving malicious functionality. Optimization-based attacks such as GAMMA use genetic algorithms to inject benign content (for example, padding or new PE sections) into Windows executables, framing evasion as a constrained optimization problem that balances misclassification success with the size of the injected payload and showing transferability to commercial antivirus products. Complementary work uses generative adversarial networks (GANs) to learn feature-space perturbations that cause malware to be classified as benign; Mal-LSGAN, for instance, replaces the standard GAN loss with a least-squares objective and modified activation functions to improve training stability and produce adversarial malware examples that substantially reduce true positive rates across multiple detectors. == Challenges in applying machine learning to security == Researchers have observed that the constraints under which machine-learning techniques function in the security domain are different from those of common benchmark domains. Security data may change over time, include mislabeled samples, or reflect adversarial behavior, which complicates evaluation and reproducibility. === Data collection issues === Security datasets vary across formats, including binaries, network traces, and log files. Studies have reported that the process of converting these sources into features can introduce bias or inconsistencies. In addition, time-based leakage can occur when related malware samples are not properly separated across training and testing splits, which may lead to overly optimistic results. === Labeling and ground truth challenges === Malware labels are often unstable because different antivirus engines may classify the same sample in conflicting ways. Ceschin et al. note that families may be renamed or reorganized over time, causing further discrepancies in ground truth and reducing the reliability of benchmarks. === Concept drift === Because malware creators continuously adapt their techniques, the statistical properties of malicious samples also change. This form of concept drift has been widely documented and may reduce model performance unless systems are updated regularly or incorporate mechanisms for incremental learning. === Feature robustness === Researchers differentiate between features that can be easily manipulated and those that are more resistant to modification. For example, simple static attributes, such as header fields, may be altered by attackers, while structural features, such as control-flow graphs, are generally more stable but computationally expensive to extract. === Class imbalance === In realistic deployment environments, the proportion of malicious samples can be extremely low, ranging from 0.01% to 2% of total data. This unbalanced distribution causes models to develop a bias towards the majority class, achieving high accuracy but failing to identify malicious samples. Prior approaches to this problem have included both data-level solutions and sequence-specific models. Methods like n-gram and Long Short-Term Memory (LSTM) networks can model sequential data, but their performance has been shown to decline significantly when malware samples are realistically proportioned in the training set, demonstrating the limitations in
Apple Intelligence
Apple Intelligence is a generative artificial intelligence system developed by Apple Inc. Relying on a combination of on-device and server processing, it was announced on June 10, 2024, at the 2024 Worldwide Developers Conference, as a built-in feature of Apple's iOS 18, iPadOS 18, and macOS Sequoia, which were announced alongside Apple Intelligence. Apple Intelligence is free for all users with supported devices. On macOS, Apple Intelligence is available only on Apple silicon Mac computers; Intel-based Mac computers are not supported. Features include writing tools that assist users with grammar and proofreading, image generation, summaries of system notifications, AI-assisted image retouching in the Photos app, and integration with ChatGPT, the popular chatbot by OpenAI. As of March 2026, Apple Intelligence is not available yet on devices purchased in mainland China or on any device using an Apple Account set to mainland China, even if the device was bought elsewhere. == History == === Background === Apple first implemented artificial intelligence features in its products with the release of Siri in the iPhone 4S in 2011. In the years after its release, Apple engaged in efforts to ensure its artificial intelligence operations remained covert; according to University of California, Berkeley professor Trevor Darrell, the company's secrecy deterred graduate students. The company started expanding its artificial intelligence team in 2015, opening up its operations by publishing more scientific papers and joining AI industry research groups. Apple reportedly acquired more AI companies from 2016 to 2020. In 2017, Apple released the iPhone 8 and the iPhone X with the A11 Bionic processor, which featured its first dedicated Neural Engine for accelerating common machine learning tasks. Despite its investments in artificial intelligence, Siri was criticized both by reviewers and internally at Apple for lagging behind other AI assistants. The rapid development of generative artificial intelligence and the release of ChatGPT in late 2022 reportedly blindsided Apple executives and forced the company to refocus its efforts on AI. In an interview with Good Morning America, Apple CEO Tim Cook stated that generative AI had "great promise" but had some potential dangers, and that it was "looking closely" at ChatGPT. It was first reported in July 2023 that Apple was creating its own internal large language model, codenamed "Ajax". In October 2023, Apple was reportedly on track to release new generative AI features into its operating systems by 2024, including a significantly redeveloped Siri. In an earnings call in February 2024, Cook stated that the company was spending a "tremendous amount of time and effort" into AI features that would be shared "later that year". === Google deal === In January 2026, Apple and Google announced a multi-year partnership under which Apple’s next-generation foundation models are expected to incorporate Google’s Gemini models and cloud infrastructure. According to the companies, the collaboration is intended to support future Apple Intelligence features, including enhancements to Siri, while Apple Intelligence will continue to operate on Apple devices and through Apple’s Private Cloud Compute system, which Apple states is designed to preserve user privacy. On an earnings call, Apple reported to investors that they were integrating an on-device model of the Google Gemini AI to Siri, as the development of their model was beset with setbacks. Apple has previously tested and used other third-party AI models like ChatGPT, but according to a Bloomberg article by Mark Gurman, Apple pushed forward the proposed Google deal; by using Google's Gemini model possessing 1.2 trillion parameters, Apple would integrate a much larger and more complex model than those it previously developed and used. Of note, comparable AI models from other major companies (including OpenAI and Meta) have also been reported to operate at a similar “trillion-parameter” scale and to compete against Gemini-class systems on benchmarks. == Models == Apple Intelligence consists of an on-device model as well as a cloud model running on servers primarily using Apple silicon. Both models consist of a generic foundation model, as well as multiple adapter models that are more specialized to particular tasks like text summarization and tone adjustment. It was launched for developers and testers on July 29, 2024, in U.S. English, with the developer betas of iOS 18.1, macOS 15.1, and iPadOS 18.1, released partially on October 28, 2024, and will fully launch by 2026. According to a human evaluation done by Apple's machine learning division, the on-device foundation model beat or tied equivalent small models by Mistral AI, Microsoft, and Google, while the server foundation models beat the performance of OpenAI's GPT-3, while roughly matching the performance of GPT-4. Apple's cloud models are built on a Private Cloud Compute platform which is allegedly designed with user privacy and end-to-end encryption in mind. Unlike other generative AI services like ChatGPT which use servers from third parties, Apple Intelligence's cloud models are run entirely on Apple servers with custom Apple silicon hardware built for end-to-end encryption. It was also designed to make sure that the software running on said servers matches the independently verifiable software accessible to researchers. In case of a software mismatch, Apple devices will refuse to connect to the servers. On June 10, 2025, Apple announced that Apple's on-device foundation models will be available to third-party applications as part of the Foundation Models API, with support for structured data response and tool calling. == Features == === Writing tools === Apple Intelligence features writing tools that are powered by LLMs. Selected text can be proofread, rewritten, made more friendly, concise or professional, similar to the AI writing features of the popular online English-language writing assistant tool Grammarly. It can also be used to generate summaries, key points, tables, and lists from an article or piece of writing. In iOS 18.2 and macOS 15.2, a ChatGPT integration was added to Writing Tools through "Compose" and "Describe your change" features. === Real-time Translation === Apple Intelligence enables the real-time translation of messages, photos and videos, and phone calls, through Apple's hardware. For communicating with foreigners, using the Translate app on iPhone to show subtitles in their language or to play back the translated audio naturally in their language, and also by wearing AirPods with Live Translation can now help to understand what someone is saying in users' preferred language in conversation. If both have headphones, simultaneous interpretation can be achieved. === Image Playground === Apple Intelligence can be used to generate images on-device with the Image Playground app. Similarly to OpenAI's DALL-E, it can be used to generate images using AI, using phrases and descriptions to output an image with customizable styles such as Animation and Sketch. In Notes, users can access Image Playground on iPad through the Image Wand tool in the Apple Pencil palette without having to open the Image Playground app. Rough sketches made with Apple Pencil can be transformed into images. As part of iOS, iPadOS, and macOS 26, Image Playground now integrates with the image generation models built into ChatGPT. === Genmoji === Using Apple Intelligence text-to-image models, users can generate unique "Genmoji" images by typing descriptions (prompting). Users can pick people in photos to have Genmoji generate images that resemble them. Similarly to emoji, Genmoji can be added inline to text messages, tapbacks, stickers and can be shared in Messages as well in third-party applications as inline messages or as stickers. === Siri overhaul === Siri, which used to be Apple's virtual assistant, has been updated to be an LLM chatbot, with enhanced capabilities made possible by Apple Intelligence. The latest iteration features an updated user interface, improved natural language processing, and the option to interact via text by double tapping the home bar without enabling the feature in the Accessibility menu, or double-clicking the command key on macOS. In a later update, Apple Intelligence will add the ability for Siri to use personal context from device activities to answer queries. === Mail === Apple Intelligence adds a feature called Priority Messages to the Mail app, which shows urgent emails such as same-day invitations or boarding passes, with AI generated summaries of the email. The Mail app also gains the ability to categorize incoming mail into Primary, Transactions, Updates, and Promotions based on what the email contains, which Apple claims is done all on-device. === Photos === Apple's Photos app includes a feature to create custom memory movies and enhanced search capabilities. Users can describe
Task Force on Process Mining
The IEEE Task Force on Process Mining (TFPM) is a non-commercial association for process mining. The IEEE (Institute of Electrical and Electronics Engineers) Task Force on Process Mining was established in October 2009 as part of the IEEE Computational Intelligence Society at the Eindhoven University of Technology. The task force is supported by over 80 organizations and has around 750 members. The main goal of the task force is to promote the research, development, education, and understanding of process mining. == About == In 2012, the IEEE World Congress on Computational Intelligence/ IEEE Congress on Evolutionary Computation held a session on Process Mining. Process mining is a type of research that is a mix of computational intelligence and data mining, as well as process modeling and analysis. === Activities and organization === The Task Force on Process Mining has a Steering Committee and an Advisory Board. The Steering Committee, was chaired by Wil van der Aalst in its inception in 2009, defined 15 action lines. These include the organization of the annual International Process Mining Conference (ICPM) series, standardization efforts leading to the IEEE XES standard for storing and exchanging event data, and the Process Mining Manifesto which was translated into 16 languages. The Task Force on Process Mining also publishes a newsletter, provides data sets, organizes workshops and competitions, and connects researchers and practitioners. In 2016, the IEEE Standards Association published the IEEE Standard for Extensible Event Stream (XES), which is a widely accepted file format by the process mining community. As of 2023, Boudewijn van Dongen serves as chair of the Steering Committee. Wil van der Aalst and Moe Wynn both serve as vice-chair of the Steering Committee.
SQL/PSM
SQL/PSM (SQL/Persistent Stored Modules) is an ISO standard mainly defining an extension of SQL with a procedural language for use in stored procedures. Initially published in 1996 as an extension of SQL-92 (ISO/IEC 9075-4:1996, a version sometimes called PSM-96 or even SQL-92/PSM), SQL/PSM was later incorporated into the multi-part SQL:1999 standard, and has been part 4 of that standard since then, most recently in SQL:2023. The SQL:1999 part 4 covered less than the original PSM-96 because the SQL statements for defining, managing, and invoking routines were actually incorporated into part 2 SQL/Foundation, leaving only the procedural language itself as SQL/PSM. The SQL/PSM facilities are still optional as far as the SQL standard is concerned; most of them are grouped in Features P001-P008. SQL/PSM standardizes syntax and semantics for control flow, exception handling (called "condition handling" in SQL/PSM), local variables, assignment of expressions to variables and parameters, and (procedural) use of cursors. It also defines an information schema (metadata) for stored procedures. SQL/PSM is one language in which methods for the SQL:1999 structured types can be defined. The other is Java, via SQL/JRT. SQL/PSM is derived, seemingly directly, from Oracle's PL/SQL. Oracle developed PL/SQL and released it in 1991, basing the language on the US Department of Defense's Ada programming language. However, Oracle has maintained a distance from the standard in its documentation. IBM's SQL PL (used in DB2) and Mimer SQL's PSM were the first two products officially implementing SQL/PSM. It is commonly thought that these two languages, and perhaps also MySQL/MariaDB's procedural language, are closest to the SQL/PSM standard. However, a PostgreSQL addon implements SQL/PSM (alongside its other procedural languages like the PL/SQL-derived plpgsql), although it is not part of the core product. RDF functionality in OpenLink Virtuoso was developed entirely through SQL/PSM, combined with custom datatypes (e.g., ANY for handling URI and Literal relation objects), sophisticated indexing, and flexible physical storage choices (column-wise or row-wise).
Security information management
Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis. == Overview == SIM products generally are software agents running on the computer systems that are monitored. The recorded log information is then sent to a centralized server that acts as a "security console". The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident. The security console is monitored by an administrator who reviews the consolidated information and takes action in response to any alerts issued. The data that is sent to the server to be correlated and analyzed are normalized by the software agents into a common form, usually XML. Those data are then aggregated in order to reduce their overall size. == Terminology == The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' or policy violations by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management (InfoSec). Security information management is also referred to as log management and is different from SEM (security event management), but makes up a portion of a SIEM (security information and event management) solution. == Regulatory compliance == Security information management systems support compliance with regulatory frameworks that require centralized collection and analysis of security data. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires covered entities to implement audit controls that record and examine activity in information systems containing electronic protected health information (45 CFR 164.312(b))."45 CFR § 164.312 - Technical safeguards". Legal Information Institute. Retrieved April 1, 2026. SIM platforms aggregate these audit records to support the required regular review of information system activity records (45 CFR 164.308(a)(1)(ii)(D)). The December 2024 HIPAA Security Rule NPRM proposed requiring regulated entities to deploy automated systems capable of monitoring and recording access to ePHI, including the ability to detect unauthorized access attempts in near real-time."HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information". Federal Register. January 6, 2025. Retrieved April 1, 2026. The Payment Card Industry Data Security Standard (PCI DSS) similarly requires centralized log management and daily review of security events (Requirements 10.4 and 10.6)."PCI DSS v4.0" (PDF). PCI Security Standards Council. March 2022. Retrieved April 1, 2026. NIST Special Publication 800-53 addresses security information management through the AU (Audit and Accountability) control family, which specifies requirements for audit event generation, content, storage, and analysis."NIST SP 800-53 Rev. 5: Security and Privacy Controls". National Institute of Standards and Technology. September 2020. Retrieved April 1, 2026.
Leiden algorithm
The Leiden algorithm is a community detection algorithm developed by Traag et al at Leiden University. It was developed as a modification of the Louvain method. Like the Louvain method, the Leiden algorithm attempts to optimize modularity in extracting communities from networks; however, it addresses key issues present in the Louvain method, namely poorly connected communities and the resolution limit of modularity. == Improvement over Louvain method == Broadly, the Leiden algorithm uses the same two primary phases as the Louvain algorithm: a local node moving step (though, the method by which nodes are considered in Leiden is more efficient) and a graph aggregation step. However, to address the issues with poorly-connected communities and the merging of smaller communities into larger communities (the resolution limit of modularity), the Leiden algorithm employs an intermediate refinement phase in which communities may be split to guarantee that all communities are well-connected. Consider, for example, the following graph: Three communities are present in this graph (each color represents a community). Additionally, the center "bridge" node (represented with an extra circle) is a member of the community represented by blue nodes. Now consider the result of a node-moving step which merges the communities denoted by red and green nodes into a single community (as the two communities are highly connected): Notably, the center "bridge" node is now a member of the larger red community after node moving occurs (due to the greedy nature of the local node moving algorithm). In the Louvain method, such a merging would be followed immediately by the graph aggregation phase. However, this causes a disconnection between two different sections of the community represented by blue nodes. In the Leiden algorithm, the graph is instead refined: The Leiden algorithm's refinement step ensures that the center "bridge" node is kept in the blue community to ensure that it remains intact and connected, despite the potential improvement in modularity from adding the center "bridge" node to the red community. == Graph components == Before defining the Leiden algorithm, it will be helpful to define some of the components of a graph. === Vertices and edges === A graph is composed of vertices (nodes) and edges. Each edge is connected to two vertices, and each vertex may be connected to zero or more edges. Edges are typically represented by straight lines, while nodes are represented by circles or points. In set notation, let V {\displaystyle V} be the set of vertices, and E {\displaystyle E} be the set of edges: V := { v 1 , v 2 , … , v n } E := { e i j , e i k , … , e k l } {\displaystyle {\begin{aligned}V&:=\{v_{1},v_{2},\dots ,v_{n}\}\\E&:=\{e_{ij},e_{ik},\dots ,e_{kl}\}\end{aligned}}} where e i j {\displaystyle e_{ij}} is the directed edge from vertex v i {\displaystyle v_{i}} to vertex v j {\displaystyle v_{j}} . We can also write this as an ordered pair: e i j := ( v i , v j ) {\displaystyle {\begin{aligned}e_{ij}&:=(v_{i},v_{j})\end{aligned}}} === Community === A community is a unique set of nodes: C i ⊆ V C i ⋂ C j = ∅ ∀ i ≠ j {\displaystyle {\begin{aligned}C_{i}&\subseteq V\\C_{i}&\bigcap C_{j}=\emptyset ~\forall ~i\neq j\end{aligned}}} and the union of all communities must be the total set of vertices: V = ⋃ i = 1 C i {\displaystyle {\begin{aligned}V&=\bigcup _{i=1}C_{i}\end{aligned}}} === Partition === A partition is the set of all communities: P = { C 1 , C 2 , … , C n } {\displaystyle {\begin{aligned}{\mathcal {P}}&=\{C_{1},C_{2},\dots ,C_{n}\}\end{aligned}}} == Partition quality == How communities are partitioned is an integral part on the Leiden algorithm. How partitions are decided can depend on how their quality is measured. Additionally, many of these metrics contain parameters of their own that can change the outcome of their communities. === Modularity === Modularity is a highly used quality metric for assessing how well a set of communities partition a graph. The equation for this metric is defined for an adjacency matrix, A, as: Q = 1 2 m ∑ i j ( A i j − k i k j 2 m ) δ ( c i , c j ) {\displaystyle Q={\frac {1}{2m}}\sum _{ij}(A_{ij}-{\frac {k_{i}k_{j}}{2m}})\delta (c_{i},c_{j})} where: A i j {\displaystyle A_{ij}} represents the edge weight between nodes i {\displaystyle i} and j {\displaystyle j} ; see Adjacency matrix; k i {\displaystyle k_{i}} and k j {\displaystyle k_{j}} are the sum of the weights of the edges attached to nodes i {\displaystyle i} and j {\displaystyle j} , respectively; m {\displaystyle m} is the sum of all of the edge weights in the graph; c i {\displaystyle c_{i}} and c j {\displaystyle c_{j}} are the communities to which the nodes i {\displaystyle i} and j {\displaystyle j} belong; and δ {\displaystyle \delta } is Kronecker delta function: δ ( c i , c j ) = { 1 if c i and c j are the same community 0 otherwise {\displaystyle {\begin{aligned}\delta (c_{i},c_{j})&={\begin{cases}1&{\text{if }}c_{i}{\text{ and }}c_{j}{\text{ are the same community}}\\0&{\text{otherwise}}\end{cases}}\end{aligned}}} === Reichardt Bornholdt Potts Model (RB) === One of the most well used metrics for the Leiden algorithm is the Reichardt Bornholdt Potts Model (RB). This model is used by default in most mainstream Leiden algorithm libraries under the name RBConfigurationVertexPartition. This model introduces a resolution parameter γ {\displaystyle \gamma } and is highly similar to the equation for modularity. This model is defined by the following quality function for an adjacency matrix, A, as: Q = ∑ i j ( A i j − γ k i k j 2 m ) δ ( c i , c j ) {\displaystyle Q=\sum _{ij}(A_{ij}-\gamma {\frac {k_{i}k_{j}}{2m}})\delta (c_{i},c_{j})} where: γ {\displaystyle \gamma } represents a linear resolution parameter === Constant Potts Model (CPM) === Another metric similar to RB is the Constant Potts Model (CPM). This metric also relies on a resolution parameter γ {\displaystyle \gamma } The quality function is defined as: H = − ∑ i j ( A i j w i j − γ ) δ ( c i , c j ) {\displaystyle H=-\sum _{ij}(A_{ij}w_{ij}-\gamma )\delta (c_{i},c_{j})} === Understanding Potts Model resolution parameters/Resolution limit === Typically Potts models such as RB or CPM include a resolution parameter in their calculation. Potts models are introduced as a response to the resolution limit problem that is present in modularity maximization based community detection. The resolution limit problem is that, for some graphs, maximizing modularity may cause substructures of a graph to merge and become a single community and thus smaller structures are lost. These resolution parameters allow modularity adjacent methods to be modified to suit the requirements of the user applying the Leiden algorithm to account for small substructures at a certain granularity. The figure on the right illustrates why resolution can be a helpful parameter when using modularity based quality metrics. In the first graph, modularity only captures the large scale structures of the graph; however, in the second example, a more granular quality metric could potentially detect all substructures in a graph. == Algorithm == The Leiden algorithm starts with a graph of disorganized nodes (a) and sorts it by partitioning them to maximize modularity (the difference in quality between the generated partition and a hypothetical randomized partition of communities). The method it uses is similar to the Louvain algorithm, except that after moving each node it also considers that node's neighbors that are not already in the community it was placed in. This process results in our first partition (b), also referred to as P {\displaystyle {\mathcal {P}}} . Then the algorithm refines this partition by first placing each node into its own individual community and then moving them from one community to another to maximize modularity. It does this iteratively until each node has been visited and moved, and each community has been refined - this creates partition (c), which is the initial partition of P refined {\displaystyle {\mathcal {P}}_{\text{refined}}} . Then an aggregate network (d) is created by turning each community into a node. P refined {\displaystyle {\mathcal {P}}_{\text{refined}}} is used as the basis for the aggregate network while P {\displaystyle {\mathcal {P}}} is used to create its initial partition. Because we use the original partition P {\displaystyle {\mathcal {P}}} in this step, we must retain it so that it can be used in future iterations. These steps together form the first iteration of the algorithm. In subsequent iterations, the nodes of the aggregate network (which each represent a community) are once again placed into their own individual communities and then sorted according to modularity to form a new P refined {\displaystyle {\mathcal {P}}_{\text{refined}}} , forming (e) in the above graphic. In the case depicted by the graph, the nodes were already sorted optimally, so no change too