Cloud Computing, Cyber Security, IT Security, Security, Technology

Does President Obama’s bid to bolster cyber security go far enough?

Last night, between highlighting Iran’s reduced stockpile of nuclear material and the Ebola outbreak in West Africa, U.S. president Barack Obama briefly touched on another threat: hackers.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said during his annual State of the Union address. But as the recent Sony Pictures breach–and countless other high-profile cyber attacks–have shown, hackers have proven quite capable of shutting down our networks. That’s why the President also took the opportunity to urge Congress to finally pass cyber security reforms, including legislation that would increase information sharing among private companies and the government, introduce new penalties for cyber criminals and streamline data breach notification laws, requiring companies to notify affected consumers within 30 days of an attack.

Reactions to the President’s bid to pass these reforms erupted on the Internet (and my inbox) even before last night’s address. The cyber security industry in particular had a lot to say. (Keep in mind that, according to research firm Gartner, information security spending will grow over 8% in 2015, reaching $76.9 billion—meaning that these are the very companies who have a lot to gain from the surge of cyber attacks.) While many agreed that the proposals would be a positive step if they were to pass, some argued that the government’s efforts are too little, too late and mostly focus on what happens after a breach has already taken place, rather than how to prevent them.

Read More

Standard
Cybersecurity Boardroom Workshop 2015, How Boards of Directors and CXOs Can Build the Proper Foundation to Address Today's Information Security Challenges
Cloud Computing, Cyber Security, Data Breach, Education, IT Security, Technology

How Boards of Directors and CXOs Can Address Today’s Information Security Challenges at Cybersecurity Boardroom Workshop 2015

Cybersecurity Boardroom Workshop 2015, How Boards of Directors and CXOs Can Build the Proper Foundation to Address Today's Information Security Challenges

Cybersecurity Boardroom Workshop 2015

In the days prior to Thanksgiving 2013, malware designed to steal credit card data at Target was surreptitiously installed. According to Bloomberg BusinessWeek, the company had installed a malware detection tool. Target had specialists in Bangalore to monitor its computers around the clock. Two days after Thanksgiving, the malware was spotted. The team in India got an alert and flagged Target’s security managers. And then?

Nothing happened. Target’s alert system had worked effectively. But then, Target stood by as 40 million credit card numbers flowed out of its computers. Only a few months later, CEO Gregg Steinhafel and CIO Beth Jacob were both out of the company.

Cybersecurity has become widely recognized as a critical corporate challenge. Boards and senior managements are putting it on their agenda, categorizing cybersecurity not as a compartmentalized risk for the information technology team, but as strategic and enterprise-wide.

However, a security program is only as strong as its weakest link. While a survey by the Institute of Internal Auditors found 58% of board members felt they should be actively involved in cybersecurity preparedness, only 14% said they were actively involved. Unfortunately, 65% also said their perception of the risk their organizations faced had increased.

Board members and senior managers need to become more educated about the topic to be able to ask questions that are strategic yet granular enough to address company-specifics. To go further, it will be imperative to join Cybersecurity Boardroom Workshop 2015, the first seminar targeted at strategic and executive leaders for whom cybersecurity readiness is a relatively new yet critically important area to be intelligently conversant about.

Cybersecurity Boardroom Workshop 2015 is specifically designed for board members and senior executives of public and private firms looking for new ways to gain and maintain competitive business advantage. Business executives with responsibility for IT, finance, compliance, risk management and procurement as well as entrepreneurs and innovators are welcome.

By the end of Cybersecurity Boardroom Workshop 2015, to be held in Dubai, March 8-9, Hong Kong, March 12-13, Seoul, March 19-20, Singapore, March 26-27, London, 9-10 April, and New York City, April 16-17, participants will:

  • Understand enterprise cybersecurity and the impact on shareholder value in the short and long term
  • Identify immediate security needs for the organization with actionable steps for senior management
  • Learn how to identify current and future challenges to better enable management to focus on threat reduction and operational reliability
  • Get up to speed on international and domestic approaches and frameworks for effective cybersecurity practices corporate wide

DAY 1: UNDERSTANDING THE CYBER WORLD

Understanding Cybersecurity

  • The trillion dollar global cyber risk environment
  • The enterprise-wide challenge of protecting the organization’s assets
  • The impact of cybersecurity attacks on shareholder value
  • Identity theft and the legal implications of data breaches

Social Engineering: The “Weakest Human Link” in Cybersecurity

  • The responsibility for cybersecurity in the organization
  • Assessing the quality of the cybersecurity workforce
  • Evaluating shortcomings in meeting cybersecurity workforce standards
  • Assessing the effectiveness of current professionalization tools

Understanding the Cybersecurity Testing Method

  • Reconnaissance: How to use tools to find vulnerable systems and devices
  • Packet sniffing: How to gather information from computer systems
  • Port scanning: How port information is exposed on computer systems
  • Password policy and cracking: What to consider when developing password policy
  • Vulnerability: How to reduce attacks by enforcing proactive compliance policies

Basics of Security Architecture for Board Members and CXOs

  • How architecture defines the structure of a system and makes it explicit
  • The fundamentals of layered architecture: presentation, business, data, and service layers
  • How the current computer network infrastructure was not designed originally to be secure
  • Embedding architecting security into systems from inception

DAY 2: RESPONDING TO THE CYBERSECURITY CHALLENGE

Introduction to NIST’s Cybersecurity Framework

  • Describing the enterprise’s current and target cybersecurity posture
  • Identifying and prioritizing opportunities for improvement
  • Assessing and accelerating progress toward the target state
  • Communicating with internal and external stakeholders about cybersecurity risk

The Five Core Functions of NIST’s Cybersecurity Framework

  • Identify: Organizational understanding to manage cybersecurity risk
  • Protect: Safeguards to ensure delivery of critical infrastructure services
  • Detect: How to identify the occurrence of a cybersecurity event
  • Respond: Taking action regarding a detected cybersecurity event
  • Recover: Maintaining plans for resilience and to restore any impaired capabilities

Introduction to Intelligence-driven Cyber Network Defenses

  • How investigations are based upon the scientific method: observing, hypothesis, evaluation, prediction and validation
  • How to leverage cutting edge technology, vigilant people and innovative processes
  • How to continuously improve the enterprise process for defending IT assets
  • How to empower people to resolve the problem with guidance and mentoring

Establishing or Improving a Cybersecurity Program

  • Prioritize and scope: Identifying business/mission objectives and high-level priorities
  • Orient: Identifying related systems and assets, regulatory requirements, and risk approach
  • Create a current profile: Developing a profile by indicating current degree of preparedness
  • Conduct a risk assessment: Analyzing the operational environment in order to discern the likelihood of an attack
  • Create a target profile: Describing the organization’s desired cybersecurity outcomes
  • Determine, analyze, and prioritize gaps: Determining gaps between current and target profiles
  • Implement action plan: Deciding which actions to take in regards to identified gaps

Cybersecurity Boardroom Workshop 2015 is produced by Golden Networking, the premier networking community for business and technology executives, entrepreneurs and investors. Panelists, speakers and sponsors are invited to contact Golden Networking by sending an email to information@goldennetworking.com.

Standard
Cyber Security, Defense, IT Security, Technology

No one at Homeland Security is addressing threat of cyber attacks on government buildings

Federal buildings are unprepared for potential cyber attacks on their security systems, elevators, heating and cooling networks and other critical operations because the Department of Homeland Security doesn’t have a handle on the risks.

At stake are thousands of vulnerable facilities, including the offices of federal employees and structures that house high-risk items such as drugs and weapons.

Those are the findings from a Government Accountability Office report this week that said DHS lacks a strategy for protecting government buildings from hackers, terrorists, corrupt employees and criminal groups who might want to breach their networks.

Read More

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

SONY HACK SIGNALS ‘NEW NORMAL’ IN CYBERSECURITY

The Sony hack copied a multinational company’s financial documents, its employees’ personally identifiable information and years’ worth ofembarrassing – and poorly written, it must be said – emails from high-level executives and released them all for the world to see.

But for many cybersecurity observers, the real eye opener was how the hack illustrates today’s cyber landscape: It’s likely to get worse before it gets better.

A growing collection of high-level computer security experts believe evidence points to aninsider-orchestrated attack, while the U.S. government quickly blamed and sanctioned North Korea, whose leader, Kim Jong-un, is portrayed in an unflattering fashion in the Sony-backed film, The Interview.

Meanwhile, as Sony’s image continues to tarnish with each leaked, scandalous revelation, the company experienced an added layer of suffering other data-breached companies — Target, Neiman Marcus and Home Depot — had avoided.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

Trend Micro Supports Cybersecurity Curriculum with Educational Grant

DALLAS, Jan. 7, 2015 /PRNewswire/ — Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software, has announced a $10,000 donation to the Mission College Center for Innovation and Technology (MC²IT). The grant will provide resources and expertise to advise and help enhance cybersecurity course curriculum. As the security and privacy industry continues to expand and evolve, Trend Micro is committed to encouraging students to enter the cybersecurity field while empowering them with the core competency to do so.

“As part of our responsibility to help keep the world safe for exchanging digital information, Trend Micro is helping MC²IT rebuild existing curriculums while recommending relevant courses,” said Raimund Genes, CTO, Trend Micro. “The addition of these types of courses will help students to become future experts and next generation leaders in cyber security.”

As a member of the MC²IT advisory board, Trend Micro and other security and privacy leaders recognize the challenges presented by a lack of skilled cybersecurity professionals. With the advent of new technology, experts and professionals will need training on how to investigate and manage corresponding threats.

“With the expertise and knowledge that Trend Micro and the security advisory board bring to MC²IT, we can bridge the gap between technology and education,” said Daniel Peck, president, Mission College. “We have the right people collaborating, bringing their passion to the security profession to motivate students and others interested in learning more about technology careers.”

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Air Force evolves its cybersecurity as JIE comes into focus

The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger.

Lt. Gen. Bill Bender, the Air Force’s chief of information dominance and chief information officer, said the use of role-based authentication should be “baked- into” its IT systems in the future.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Ex-Federal Cybersecurity Director Gets 25 Years for Child Porn

A former cybersecurity chief at the Department of Health and Human Services Timothy DeFoggi was sentenced to 25 years in prison on child pornography charges Monday, according to the Department of Justice. “Using the same technological expertise he employed as Acting Director of Cyber Security at HHS, DeFoggi attempted to sexually exploit children and traffic in child pornography through an anonymous computer network of child predators,” Assistant Attorney General Leslie Caldwell said in a statement.

A federal jury in the District of Nebraska convicted DeFoggi of child exploitation and conspiracy to distribute child pornography on Aug. 26. The 56-year-old was a member of a pornography website on the Tor network — a web browser that helps users remain anonymous online — from May 2012 until December 2012 when it was taken down by the FBI, according to the statement. He is the sixth person to be convicted in an ongoing federal investigation into three Tor-network-based child pornography websites, according to the DOJ.

Read More

Standard