SSDLC

SSDLC (Secure Software Development lifecycle) is a process model used by organizations to build secure applications. The SSDLC Process define how to integrate security into the software development process.

Frequently Asked Questions

  • Celebrities
  • Why cyber criminals target celebrities?
    Extort the victim: asking for financial compensation in exchange for not disclosing the information obtained. Get popularity: give themselves the credit of having been able to achieve it and ridicule the victim
  • What is doxing?
    Doxing is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public — without the victim's permission.
  • Common victims of doxing
    Celebrities, politicians, and journalists are amongst those who have been doxed, making them suffer from online mobs, fearing for their safety, and – in extreme cases – death threats. The practice has also spread to prominent company executives.
  • Is doxing illegal?
    The answer is usually no: doxing tends not to be illegal if the information exposed lies within the public domain, and it was obtained using legal methods. That said, depending on your jurisdiction, doxing may fall foul of laws designed to fight stalking, harassment, and threats.
  • What to do if you become a doxing victim

    Report it. Report the attack to the platforms on which your personal information has been posted. Search the relevant platform's terms of service or community guidelines to determine their reporting process for this type of attack and follow it. While filling a form out once, save it for the future (so you do not have to repeat yourself). This is the first step to stop the spread of your personal information.

    Involve law enforcement. If a doxer makes personal threats against you, contact your local police department. Any information pointing to your home address or financial information should be treated as a top priority, especially if there are credible threats attached.

    Document it. Take screenshots or download pages on which your information has been posted. Try to ensure that the date and URL are visible. This evidence is essential for your own reference and can help law enforcement or other agencies involved.

    Protect your financial accounts. If doxers have published your bank account or credit card numbers, report this immediately to your financial institutions(s). Your credit card provider will likely cancel your card and send you a new one. You will also need to change the passwords for your online bank and credit card accounts.

    Lock down your accounts. Change your passwords, use a password manager, enable multi-factor authentication where possible, and strengthen your privacy settings on every account you use.

    Enlist a friend or family member for support. Doxing can be emotionally taxing. Ask someone you trust to help you navigate the issue, so you don't have to deal with it alone.

  • How do celebs get hacked?

    Most of the time, celebrities get hacked the same way anyone else does. They use weak passwords, fall for social engineering tricks, or suffer from data leaks when larger organizations holding their data are breached. Here’s a closer look at the most common techniques hackers use to hack the stars — techniques we can all fall victim to if we’re not careful.

    Social engineering: Social engineering attacks manipulate victims into disclosing sensitive personal information or access to confidential assets. Many hackers will scour a victim’s social media profiles for data they can leverage in an attack.

    Phishing: Phishing attacks use fraudulent emails, text messages, and other communications to deceive victims into disclosing sensitive information.

    Data breaches: By breaching the data vaults of large organizations, hackers can capture usernames, passwords, and all sorts of other valuable personal data. After a data breach, the stolen data is often made available on the dark web, where others can buy it to commit identity theft and fraud.

    Ransomware: One of today’s most dangerous and fastest-growing online threats, ransomware infects your device, hijacks your data, encrypts it, then holds it hostage while demanding a ransom payment. Many victims choose to pay the ransom, which drives up ransom rates while incentivizing the development of more sophisticated ransomware attacks.

    Password cracking:  Even celebrities sometimes get lazy with their passwords. After a 2012 LinkedIn breach, Facebook CEO Mark Zuckerberg was caught reusing his passwords, as hackers were able to access several more of his accounts using the same password. Other hackers have successfully guessed or cracked the passwords of their victims, often by using personal information obtained via phishing.

  • College Students
  • What is cyberbullying?
    Cyberbullying is bullying or harassment that happens online to Kids and Teens. It can happen in an email, a text message, an online game, or comments on a social networking site. It might involve rumors or images posted on someone’s profile or passed around for others to see, or creating a group or page to make a person feel left out.
  • Caution when selling old devices

    Whether you plan to throw away, resell, recycle, or trade in your old computer or phone, you must take steps to ensure your data is permanently erased, overwritten, and inaccessible.

    Avoid taking or storing private photos on your devices. No matter how secure you think your files are, someone may still gain access to them.

    Before ditching your old computer, consider downloading antitheft apps or software to help overwrite your data. On a Mac, the built-in Disk Utility app can wipe and overwrite a drive.

  • What is phishing?
    Phishing is a hacking method in which fraudulent emails, websites, and other forms of electronic communication are used to obtain sensitive information like usernames, passwords, and credit card details. Young people often start seriously handling their own finances for the first time in college, taking on the responsibilities of credit cards, loans, and bank accounts. This abundance of sensitive data, combined with inexperience, makes college students an ideal target for phishing attacks. Cybersecurity awareness is the best way to keep yourself safe.
  • How and when can you get phished?

    When you follow a false link or reply to a fake email: Phishing emails are a tried-and-true method for hackers to obtain personal, private information. In 2017, thousands of Dartmouth University students received a phishing email claiming to be from the university’s president. An embedded link asked recipients to enter their university NetID. This year, college students have been the target of similar COVID-19 phishing scams. These messages claim to be from university financial departments and link to portals requiring students to enter their login credentials. Phishing emails typically appear to come from trusted senders and request that you verify banking details, login credentials, or credit card information. These emails may feature the same layout, color scheme, and language of the real entity, and may link to a site specifically designed to spoof the real thing.

    When you open an infected attachment: Common phishing scams seen on the Bowling Green State University campus include fake fraternity recruitment emails and senders posting as professors in search of student employees. Students may receive several such emails a week, often with suspicious attachments that they are careful not to open. According to one expert analysis, 85% of all malicious emails carry common attachment formats like .DOC, .XLS, .PDF, and .ZIP. In some cases, these attachments may be perfectly harmless, but many contain malware and other nasty features, activated with just a click. Using these tools, phishers can steal sensitive information, demand a ransom for the safe return of your data, or even remotely take over your device.

    When you answer a suspicious phone call: College students love texting and social media, but sometimes we still need to pick up the phone for an old-fashioned call. Phone scams are a popular tactic of phishers looking for financial information, largely because they are proven to work. Nearly 1 in 6 Americans lost money to a phone scam in 2019. In the last few years, major mobile carriers including T-Mobile, AT&T, and Sprint introduced scam protection features to help fight phishing calls. You can see this in action when your caller ID labels an incoming number as “scam likely” or “potential fraud.” This screening feature works by checking callers against a database of reported scam numbers. Unfortunately, some phishing calls still slip through. The most common phone scams targeted at college students relate to financial aid, tuition, and taxes.

    When you follow a malware link in a text: Many phishing attempts depend on tricking the recipient into providing sensitive information, but more malicious phishing texts can contain links to malware that spy on your activity, data, and files without your knowledge. In recent years, hackers have targeted both Apple and Android devices. Once discovered, manufacturers quickly develop software patches that address vulnerabilities and close security loopholes, but for infected users, these patches may be too little, too late.

  • How to protect your digital identity

    · Limit sharing your social security number—whether in a doctor’s office, at school, or online.

    · Use strong and unique passwords on each of your online accounts.

    · Make sure you’re on a secure network or using a VPN, a virtual private network, when banking, shopping, or making other online transactions.

    · Don’t share your login credentials with others.

    · Shred documents containing personal information before discarding.

    · Secure your home Wi-Fi network with a strong password.

  • What damage a cybercriminal can do?
    A successful cybercriminal might be able to delete valuable documents, access financial accounts, steal and sell personal information or demand a ransom to unlock a compromised computer.
  • Executives
  • What can C-level executives do to limit their chances of becoming a statistic?

    Be much more vigilant and obtain better security/usability training to avoid falling prey to scams in the first place Use enterprise-grade VPNs to avoid getting snooped on while traveling.

    Enterprises can adopt more fine-grained security postures (e.g., stricter access controls when traveling) and track the behavior of these high-profile C-level executives’ IT assets (e.g., laptop, tablet) to check for signs of compromise as soon as possible to minimize the damage Use two-factor authentication where possible.

    Don't install the software you weren't expecting to install (for example, if you receive an email to install a software update) Verify unusual requests for sensitive information Have strong, unique passwords for important accounts, such as email, banking, etc. Have a PIN or passcode on your smartphone, in case you lose it

  • Top 5 cybersecurity threats for executives

    Mobile security. Executives and high-ranking officials are often called upon for domestic and international business travel. Their extensive use of mobile platforms while on the road and during their commutes increases the odds of a mobile security threat. Like viruses and spyware that can infect computers, there are security threats specific to devices such as smartphones, tablets, and connected IoT devices. Mobile threats can be divided into four basic categories: application-based threats, web-based threats, network-based threats, and physical threats. Biggest mobile security threats: *Data leakage, *Social engineering, *Wi-fi interference, *Out-of-date devices, *Cryptojacking, *Poor password hygiene, *Physical device breaches

    Increased Likelihood of Cyber Crimes against Businesses. No matter the size of the organization, one of the most prominent challenges executives face is the risk of their business becoming a cyber crime target. Common motives for attacking a principal are financial, revenge, or activist related. Now more than ever, executive digital protection has become a business necessity. And with cyber crimes against businesses on the rise, it’s only a matter of time before executives are face to face with a cybersecurity threat

    Social media. An executive’s social media habits and preferences can be leveraged by a threat actor to gain access to their data, and in turn, damage their organization’s brand. When considering any form of executive digital protection, analyzing the social media usage of the executive and their family should be a key part of the conversation. Hackers can use public information on social media platforms such as LinkedIn, Instagram, Facebook, and other sites to build profiles of targets. This profile can be used to tailor a phishing attack or coerce the target. An attack on an executive can cause a significant amount of brand damage. And being able to protect them on the cyber front is very important.

    Business Email Compromise Scams (BEC). When targeting high level executives, hackers might rely on a combination of attacks: whaling phishing attacks, executive impersonation, and business email compromise. Business email compromise (BEC) scams can combine spear phishing, email spoofing, social engineering, and occasionally malware. BEC scams are an increasing problem for businesses of all sizes, resulting in massive losses to organizations. What makes these messages more devious is that they can usually avoid the spam filter since they’re not a part of a mass-mailing campaign. BEC scams are more targeted in nature, and typically avoid the usual spam indicators that get flagged by most email servers. Insider threats. What can executives do to protect themselves and their company against insider threats?

    To reduce the chances of a breach caused by current employees, former employees, contractors, or business associates, cybersecurity professionals recommend auditing, securing, and regularly patching software as the first step. Applications to secure: *Legacy systems, *Communication and collaboration apps, *Cloud storage and file sharing tools, *Finance and accounting tools, *Social media and intranets

  • Common cybersecurity threats while traveling

    Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are unsecure and can allow cybercriminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.

    Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated anti_x0002_virus software. Cybercriminals may have infected these machines with malicious viruses or installed malicious software.

    Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.

  • The danger of over-focusing on technology

    Non-technical executives often tend to think of cyber risk in terms of technological threats. This is a problem for several reasons. For one thing, when company leaders — who are often nontechnical — believe that cybersecurity is a technology problem, it makes the cyber risk even more frightening than it already is because they don’t understand it. Rather than attempting to manage cyber risk, those executives will outsource it, either relying on their IT or security organization to manage cybersecurity for the entire company or by trying to buy their way out of a breach, investing in solutions that will protect their data and networks.

    Harvard Business Review recently wrote about the pitfalls of cybersecurity efforts that focus only on technology. HBR paints a bleak picture of meetings filled with tech jargon that CEOs and boards accept but don't understand, and threats unaddressed in favor of long mitigation lists.

  • Steps to achieve executive cyber security

    Executive vulnerability assessments. Quantifying executives’ cyber risk vulnerability across the entire network – including their families – is essential. Assessments should cover not only the potential for corporate compromise but also individual and family compromises. Assessments can involve one-on-one discussions and data gathering, including examinations of both the open and dark web to evaluate an executive’s cyber security risk. Organizations can take steps to secure the executive and their family members with individualized cyber security solutions to bolster resilience in this particularly vulnerable threat vector.

    Awareness campaigns. Mitigating executives’ cyber risk can include information governance, training on phishing and social engineering attacks, instruction on reducing exposure, and sharing knowledge of emerging fraud schemes. Resilience begins with executives’ awareness of the problem and guidance on how they can address their own risk. As with any culture change, building organizational cyber resilience works best when executives lead by example: modeling a culture in which every employee believes it is their responsibility to build and maintain a level of cyber vigilance. Implementation of cross-functional governance programs as well as comprehensive cyber awareness training programs – collaborating with learning and development experts in HR – can accelerate cyber risk maturity. Setting cyber maturity goals and expanding accountability for cyber resilience to leaders beyond the chief information security officer are also important.

    Risk transfer. Risk-transfer mechanisms such as cyber insurance can help executives address the impact of identity theft, business email compromise losses, and ransomware attacks. Beyond cover that protects the organization from cyber attack losses, executives might consider adding a layer of personal identity theft protection. Many companies offer such coverage as an employee benefit and, while the market for personal cyber insurance is evolving, companies could consider offering it to board members, executives, and employees.

     
  • Investors
  • Why do bad actors target investors?

    A PE Firms’ most critical asset is information. Vulnerabilities exist in the nature and movement of data, and threat actors seek out weaknesses whilst data is static, in transition, or in motion through interconnected entities.

  • 5 cyber vulnerabilities for investors

    Failure to identify due diligence responsibilities. During the diligence stage of the investment, there may be confusion around which party is responsible for surfacing and mitigating potential security issues. Let’s be clear – the responsibility lies with the investor, who must conduct robust diligence to validate and verify the potential investment’s claims. What’s also clear is that the investment target should be an active participant in this phase of the process, providing supporting information about the organization’s security performance over time. By doing so, the target can showcase the organization’s commitment to managing enterprise risk, which should increase enterprise value.

    Not asking the right questions. For years, cyber diligence consisted of one question: “Have you ever experienced a breach?” For most targets, the answer to that question is a resounding “no,” regardless of the veracity of that statement. Investors need to go beyond this simple question, exploring, for example, the target’s data protection strategy, the types of technologies it has in place to mitigate risk, executive leadership, and employee training, in order to gain a broader understanding.

    Untapped data. While asking more questions is important, investors must also seek out quantitative, objective security performance information. Historically, the due diligence process has largely relied on qualitative data based on written or in-person interviews with executives and board members, which frequently produces subjective, emotionally-driven results. When evaluating the potential risk an organization may inherit through an investment, it’s best to avoid gut feelings and focus on the facts. While there is value to hearing directly from executives, qualitative analysis should be supplemented with objective, straightforward measurements of security successes and challenges throughout the period. Security ratings provide significant, relevant insight here.

    Security monitoring. Cybersecurity is dynamic and things can change quickly. Investors often assess the status of an investment’s cybersecurity environment at the beginning of the relationship and fail to monitor the environment throughout the investment period. Failing to continuously monitor the security environment leads to a lack of visibility into risk and potential threats. Just as sales teams report on leads and revenue quarterly, cybersecurity teams should monitor and report on the state of the organization’s security strategy to interested parties on an ongoing basis.

    Lack of business context. More often than not, those driving the due diligence processes are not cybersecurity professionals, which means that they need cybersecurity metrics to be contextualized against potential business impact. For example, it is not enough to share that one million records were exposed in a data breach; investors also need to know the losses the business incurred as a result. Investors should be sure to ask questions that frame these metrics within the context of business impact, such as, “How will this impact stock price, revenue, and our brand’s reputation?”

  • Attack Methods

    Advanced persistent threats: This method employs a combination of the other methods (discussed below) to evade discovery, whilst gathering information surreptitiously over time. Through this coordinated and subvert approach threat actors are able to precisely target the weakest target personnel in a PE anyone connected to a PE Firm.

    Social Engineering: This method requires gaining the trust of individuals who are the least cybersecurity proficient persons in a PE Firm. Thereby, exploiting a PE Firm’s vulnerabilities by riding on weaknesses in the “human perimeter’s” awareness to cyber risk.

    Phishing: This method, like social engineering, exploits vulnerabilities through weaknesses in the human perimeter. PE Firms forget that their human perimeter also encompasses their service providers, such as third-party custodians or fund administrators. Many PE Firms still depend far too much on email as a form of communication with these providers. The sophistication and quality of these fake notices have greatly improved, making them almost indistinguishable from legitimate sources. Phishing also succeeds by targeting overworked personnel at these service providers, who typically deal with a high volume of emails. This high-stress scenario increases the likelihood of phishing emails being mistaken as legitimate. It is important to invest in penetration testing, multi-factor authentication, and effective workflow design together with service providers

  • What to do in case of identity theft

    Contact your investment firm and other financial institutions immediately.  If you think your personal financial information has been stolen, contact your broker-dealer, investment adviser, or other financial professionals immediately to report the problem.  You should also contact any other financial institutions where you have accounts that may be impacted by the loss of your personal financial information. These may include banks, credit card companies, or insurance companies. Please remember to document any conversations with your investment or financial firms in writing.

    Change your online account passwords.  Immediately change the password for any investment or financial accounts associated with the compromised personal financial information.  Always remember to use strong passwords that are not easy to guess, consisting of at least eight or more characters that include symbols, numbers, and both capital and lowercase letters.

    Consider closing compromised accounts.  If you notice any unauthorized access to your investment account, you may want to ask your investment firm to close the account and move the assets to a new account.  You should consult your investment firm about the best way to handle closing an account if you choose to do so.

    Activate two-step verification, if available.  Your brokerage firm or investment adviser may offer a two-step verification process for gaining access to your online accounts.  With a two-step verification process, each time anyone attempts to log into your account through an unrecognized device (i.e., a device you have not previously authorized on the account), your investment firm sends a unique code to either your e-mail or cell phone.  Before anyone can gain access to your account, they must enter this code and your password.  Activating this added layer of security may help reduce the risk of unauthorized access to your accounts by identity thieves.

    Monitor your investment accounts for suspicious activity.  Closely monitor your investment accounts for any suspicious activity.  Look out for any changes to your account information that you do not recognize (e.g., a change to your address, phone number, e-mail address, account number, or external banking information). You should also confirm that you authorized all of the transactions that appear in your account statements and trade confirmations.  If you find any suspicious activity, immediately report it to your investment firm.  Please remember to document any conversations with your investment firm in writing and provide a copy to your investment firm.

    Place a fraud alert on your credit file.  Placing an initial fraud alert in your credit file provides notice to potential creditors (e.g., banks and credit card companies) that you may have been a victim of fraud or identity theft and will help reduce the risk that an identity thief can use your personal financial information to open new accounts.

    Monitor your credit reports.  After you place an initial fraud alert in your credit file, you are entitled to obtain a free copy of your credit report from each of the credit bureaus.  Check each of your reports for signs of fraud, such as an unknown account, a credit check or inquiry to your credit file that you do not know about, an employer you have never worked for, or unfamiliar personal information.

    Consider creating an identity theft report.  If a breach in your personal financial information results in identity theft, you may want to consider creating an identity theft report.  An Identity Theft Report helps you deal with credit reporting companies, debt collectors, and businesses that opened accounts in your name. Creating an Identity Theft Report involves three steps: 1. Report the identity theft to the Federal Trade Commission (FTC) by completing the FTC’s online complaint form at www.identitytheft.gov 2. Contact your local police department about the identity theft 3. Attach your FTC Identity Theft Affidavit to your police report to make an Identity Theft Report.

    Document all communications in writing.  Remember to document, in writing, and keep copies of any communications you have related to your identity theft.

  • Threat Actors

    Nation States undermine the integrity of another nation’s financial services sector through cyber terrorism. Cyber terrorism propagates harm in the same way as any other crime: physical or digital, economic, psychological, reputational, and social or societal.  Cyberwarfare is characteristically a “persistent form of engagement”. Effective risk mitigation depends on strategic investment into effective controls and continuous alignment with international standards and continually adapting to regulatory obligations.

    Hacktivists, aggrieved about the perceived lack of engagement into environmental, social, or ethical activities, or perceived unethical or immoral activities undertaken by a PE Firm or by stakeholders.

    Organized criminals intend to use personal data or materially non-public data for nefarious purposes.

  • What does cyber risk mean?
    Cyber risk is a broad term. For most people, it represents the risk of loss or harm from breaches or attacks on information systems. That loss can take many forms, including direct financial costs, reputational damage, or operational continuity. Data privacy is commonly associated with cyber risk and is a centerpiece of the EU’s General Data Protection Regulation (GDPR) regulation, which came into force in May 2018. That law has become a de facto global standard; it clarifies and expands upon what sensitive data entails, who has the usage rights and assigns the responsibility to companies to keep customer data safe, with high fines if they fail to do so.
  • Kids
  • What is cyberbullying?
    Cyberbullying is bullying or harassment that happens online to Kids and Teens. It can happen in an email, a text message, an online game, or comments on a social networking site. It might involve rumors or images posted on someone’s profile or passed around for others to see, or creating a group or page to make a person feel left out.
  • What's child grooming?

    Child grooming  (a.k.a. enticement of children or solicitation of children for sexual purposes) "can be described as a practice by means of which an adult 'befriends' a child (often online, but offline grooming also exists and should not be neglected) with the intention of sexually abusing her/him".

     
  • What's cyberstalking?

    Cyberstalking  involves the use of information and communications technology (ICT) to perpetrate more than one incident intended to repeatedly harass, annoy, attack, threaten, frighten, and/or verbally abuse individuals.

    Perpetrators can engage in cyberstalking directly by emailing, instant messaging, calling, texting, or utilizing other forms of electronic communications to communicate obscene, vulgar, and/or defamatory comments and/or threats to the victim and/or the victim's family, partner, and friends, and use technologies to monitor, survey and follow the victim's movements.

    Perpetrators can also engage in cyberstalking indirectly by causing damage to the victim's digital device (by, for example, infecting the victim's computer with malware and using this malware to surreptitiously monitor the victim and/or steal information about the victim) or by posting false, malicious, and offensive information about the victim online or setting up a fake account in the victim's name to post material online (social media, chat rooms, discussion forums, websites, etc.).

     
  • When should parents start talking to their kids about online security?
    Start early. After all, even toddlers see their parents use all kinds of devices. As soon as your child is using a computer, a cell phone, or any mobile device, it’s time to talk to them about online behavior, safety, and security. As a parent, you have the opportunity to talk to your kid about what’s important before anyone else does.
  • What are some of the biggest online risks for kids?

    Inappropriate conduct: The online world can feel anonymous. Kids sometimes forget that they are still accountable for their actions.

    Inappropriate contact: Some people online have bad intentions, including bullies, predators, hackers, and scammers.

    Inappropriate content: You may be concerned that your kids could find pornography, violence, or hate speech online.

  • What’s at stake? (Types of threats)

    Threats to information: Cybercriminals are pros at using a variety of tactics to steal sensitive information, like account passwords.

    Threats to identity: You and your kids need to keep your personal information safe, but it’s difficult to do that if your kids post personal details online.

    Threats to finances: Cybercriminals use many ways to steal your money. That may not matter much to a kid, but it may have to come out of your pocket. It’s also a lesson that should be taught at an early age so that they don’t fall for scams later in life.

  • Children’s Online Privacy Protection Act (COPPA)

    Children’s Online Privacy Protection Act (COPPA) helps parents protect their children’s privacy by giving them specific rights. COPPA requires websites to get parental consent before collecting or sharing information from children under 13. The law covers sites designed for kids under 13 and general audience sites that know certain users are under 13. COPPA protects information that websites collect upfront and information that kids give out or post later.

    Protecting Children’s Privacy Under COPPA - Cybermaterial

  • Chatting with Kids About Being Online by CISA

    The Internet offers a world of opportunities.

    People of all ages are: - Posting video from mobile devices

    - Building online profiles texting each other from their mobile devices.

    -Creating alter egos in the form of online avatars

    -Connecting with friends online they don’t see regularly in person

    -Sending photos to friends

    -Broadcasting what they’re doing to hundreds of people

    Talk to your kids about online threats.

    Read Full CISA Booklet

  • What are some of the biggest online risks for kids?

    Inappropriate conduct: The online world can feel anonymous. Kids sometimes forget that they are still accountable for their actions.

    Inappropriate contact: Some people online have bad intentions, including bullies, predators, hackers, and scammers.

    Inappropriate content: You may be concerned that your kids could find pornography, violence, or hate speech online.

  • When do parents should start talking to their kids about online security?
    Start early. After all, even toddlers see their parents use all kinds of devices. As soon as your child is using a computer, a cell phone, or any mobile device, it’s time to talk to them about online behavior, safety, and security. As a parent, you have the opportunity to talk to your kid about what’s important before anyone else does.  
  • Seniors
  • How to protect yourself from online fraud

    Medical advice:  Be sure to find out who is providing the information, know where you’re going online Many pharmaceutical companies create websites with information to sell products. Look for sites ending in .edu (for education) or .gov (for government).

    Banking Avoid:  accessing your personal or bank accounts from a public computer or kiosk, such as the public library Don’t reveal personally identifiable information such as your bank account number, social security number, or date of birth to unknown sources. When paying a bill online or making an online donation, be sure that you type the website URL into your browser instead of clicking on a link or cutting and pasting it from the email.

    Shopping: Make sure the website address starts with “HTTPS,” s stands for secure Look for the padlock icon at the bottom of your browser, which indicates that the site uses encryption Type new website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.

       
  • Types of Identity Thefts

    Medical Identity Theft. Has someone stolen or gained access to your Medicare/Medicaid or private health insurance ID or card or records? Cybercriminals will use this information to get medical services, prescriptions, or other benefits, or they may send fake bills to your health insurer to receive money/reimbursements.

    Social Security Identity Theft. Is someone using your Social Security number for fraudulent purposes? Social Security fraud and identity theft refers to a fraudster or scammer gaining access to your Social Security number and using it to receive your tax refund, secure employment, obtain a driver’s license, and/or receive unemployment benefits or any other state/federal aid.

    Deceased Identity Theft. Is someone using your deceased loved one’s personal information fraudulently? Deceased identity theft, or “ghosting,” is when a deceased individual’s personal information is used to commit fraudulent acts such as tax refund fraud, medical identity theft, driver’s license identity theft, credit card fraud, and more.

    Financial Identity Theft. Financial identity theft happens when a scammer gains access to your bank accounts, credit cards, retirement accounts, or personal information for their financial gain.

  • Identity theft tips

    Identity theft is the illegal use of someone else's personal information in order to obtain money or credit.

    Don’t use the same password twice.

    Choose a password that means something to you and you only; use strong passwords with eight characters or more that use a combination of numbers, letters, and symbols.

    Do not reveal personally identifiable information online such as your full name, telephone number, address, social security number, insurance policy number, credit card information, or doctor’s name.

    Avoid opening attachments, clicking on links, or responding to email messages from unknown senders or companies that ask for your personal information.

    When making online donations, make sure any charity you donate to is a legitimate non-profit organization and that you type in the web address instead of following a link.

    Be sure to shred bank and credit card statements before throwing them in the trash; talk to your bank about using passwords and photo identification on credit cards and bank accounts.

    Check your bank and credit card statements monthly for unusual charges.

  • What is elder fraud?

    Each year, millions of elderly Americans fall victim to some type of financial fraud or confidence scheme, including romance, lottery, and sweepstakes scams, to name a few. Criminals will gain their targets’ trust and may communicate with them directly via computer, phone, and the mail, or indirectly through the TV and radio. Once successful, scammers are likely to keep a scheme going because of the prospect of significant financial gain. Seniors are often targeted because they tend to be trusting and polite. They also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.

    Additionally, seniors may be less inclined to report fraud because they don’t know how, or they may be too ashamed at having been scammed. They might also be concerned that their relatives will lose confidence in their abilities to manage their financial affairs. And when an elderly victim does report a crime, they may be unable to supply detailed information to investigators.

  • How to properly report an elder fraud
    When writing your report, it’s important to think like a detective and relay financial information and tactical details about the perpetrator. If possible be ready to share: *Dates and times of activity, *Perpetrator’s financial information (bank names, account numbers), *Perpetrator’s IP addresses, *Perpetrator’s email and account names (even if it was a fake one).
  • What can caretakers do to help seniors stay safe online?
    You can assist a senior to stay safe online by helping them install easy-to-use programs and online tools to protect their internet activity.
  • Teens
  • What is cyberbullying?
    Cyberbullying is bullying or harassment that happens online to Kids and Teens. It can happen in an email, a text message, an online game, or comments on a social networking site. It might involve rumors or images posted on someone’s profile or passed around for others to see, or creating a group or page to make a person feel left out.
  • What's child grooming?

    Child grooming  (a.k.a. enticement of children or solicitation of children for sexual purposes) "can be described as a practice by means of which an adult 'befriends' a child (often online, but offline grooming also exists and should not be neglected) with the intention of sexually abusing her/him".

     
  • What's cyberstalking?

    Cyberstalking  involves the use of information and communications technology (ICT) to perpetrate more than one incident intended to repeatedly harass, annoy, attack, threaten, frighten, and/or verbally abuse individuals.

    Perpetrators can engage in cyberstalking directly by emailing, instant messaging, calling, texting, or utilizing other forms of electronic communications to communicate obscene, vulgar, and/or defamatory comments and/or threats to the victim and/or the victim's family, partner, and friends, and use technologies to monitor, survey and follow the victim's movements.

    Perpetrators can also engage in cyberstalking indirectly by causing damage to the victim's digital device (by, for example, infecting the victim's computer with malware and using this malware to surreptitiously monitor the victim and/or steal information about the victim) or by posting false, malicious, and offensive information about the victim online or setting up a fake account in the victim's name to post material online (social media, chat rooms, discussion forums, websites, etc.).

     
  • What are the signs parents should look out for?

    There are several signs to be aware of (although a lot of them are quite common among teens). Generally, parents should look out for increased instances of:

    • Being secretive about who they’ve been talking to online and what sites they visit.
    • A move from expressing moderate views to following more extreme views.
    • A sudden conviction that their religion, culture, or beliefs are under threat and treated unjustly.
    • A conviction that the only solution to this threat is violence or war.
    • Lack of feeling of belonging or a desperate need to find acceptance within a group.
    • Displaying intolerant views to people of other races, religions, or political beliefs.
  • What signs are different from other types of grooming?
    The signs are similar to other types of grooming but what’s slightly different is the script talking. Within other types of grooming, it is less likely to see the same sense of political judgment or entitlement, the same anger or resentment towards a particular group. That’s fairly unique to radicalization.
  • Why could social networking be a concern?
    • Your child may actively search for content that is considered radical, or they could be persuaded to do so by others. Social media sites, like Facebook, Ask FM, and Twitter, can be used by extremists looking to identify, target, and contact young people. It’s easy to pretend to be someone else on the internet, so children can sometimes end up having conversations with people whose real identities they may not know, and who may encourage them to embrace extreme views and beliefs.
    • Often children will be asked to continue discussions, not via mainstream social media, but via platforms, such as Omegle. Moving the conversation to less mainstream platforms can give users a greater degree of anonymity and can be less easy to monitor.
    • People who encourage young people to do this are not always strangers. In many situations, they may already have met them, through their family or social activities, and then use the internet to build rapport with them. Sometimes children don’t realize that their beliefs have been shaped by others, and think that the person is their friend, mentor, boyfriend, or girlfriend and has their best interests at heart.
  • Children’s Online Privacy Protection Act (COPPA)

    Children’s Online Privacy Protection Act (COPPA) helps parents protect their children’s privacy by giving them specific rights. COPPA requires websites to get parental consent before collecting or sharing information from children under 13. The law covers sites designed for kids under 13 and general audience sites that know certain users are under 13. COPPA protects information that websites collect upfront and information that kids give out or post later.

    Protecting Children’s Privacy Under COPPA - Cybermaterial

  • Chatting with Kids About Being Online by CISA

    The Internet offers a world of opportunities.

    People of all ages are: - Posting video from mobile devices

    - Building online profiles texting each other from their mobile devices.

    -Creating alter egos in the form of online avatars

    -Connecting with friends online they don’t see regularly in person

    -Sending photos to friends

    -Broadcasting what they’re doing to hundreds of people

    Talk to your kids about online threats.

    Read Full CISA Booklet

  • What are some of the biggest online risks for kids?

    Inappropriate conduct: The online world can feel anonymous. Kids sometimes forget that they are still accountable for their actions.

    Inappropriate contact: Some people online have bad intentions, including bullies, predators, hackers, and scammers.

    Inappropriate content: You may be concerned that your kids could find pornography, violence, or hate speech online.

  • When do parents should start talking to their kids about online security?
    Start early. After all, even toddlers see their parents use all kinds of devices. As soon as your child is using a computer, a cell phone, or any mobile device, it’s time to talk to them about online behavior, safety, and security. As a parent, you have the opportunity to talk to your kid about what’s important before anyone else does.  
  • Travelers
  • CYBERSECURITY WHILE TRAVELING: TIP CARD

    Cybersecurity should not be limited to the home, office, or classroom. It is important to practice safe online behavior and secure our Internet-enabled mobile devices whenever we travel, as well. The more we travel and access the Internet on the go, the more cyber risks we face. No one is exempt from the threat of cyber crime, at home or on the go, but you can follow these simple tips to stay safe online when traveling.

  • CYBERSECURITY TIPS FOR TRAVELERS

    Before You Go:

    Update your mobile software. Treat your mobile device like your home or work computer. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware.

    Back up your information. Back up your contacts, photos, videos, and other mobile device data with another device or cloud service.

    Keep it locked. Get into the habit of locking your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords.

    While You Are There

    Stop auto-connecting. Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. And Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to.

    Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network. Only use sites that begin with https:// when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.

    Think before you click. Use caution when downloading or clicking on any unknown links. Delete emails that are suspicious or are from unknown sources. Review and understand the details of an application before installing.

    Guard your mobile device. To prevent theft and unauthorized access or loss of sensitive information, never leave your mobile devices–including any USB or external storage devices–unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.

  • COMMON CYBERSECURITY THREATS WHILE TRAVELING

    Unsecured wireless networks. While public wireless networks provide great convenience, allowing people to connect to the Internet from almost anywhere, they are insecure and can allow cyber criminals access to your Internet-enabled devices. Beyond the typical public wireless networks found at airports, restaurants, hotels, and cafes, they are increasingly available in other places, such as on airplanes and in public parks.

    Publicly accessible computers. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated antivirus software. Cyber criminals may have infected these machines with malicious viruses or install malicious software.

    Physical theft of devices. Thieves often target travelers. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms

  • 9 Tips for Travelers

    1. Create A Backup: Backing up your devices' data to another physical device or the cloud before traveling will keep your data safe in case of a data breach or any unfortunate event where you lose your data or devices on the go.

    2. Software Updates: Operating systems in your devices all have built-in security systems that get regular updates from the manufacturer. Keeping your apps and operating system updated will give you better security while you travel. Make sure your devices have the latest security patch installed before leaving home for improved cybersecurity.

    3. Auto And Remote Connectivity: Auto connectivity is an extremely useful feature around the house or workplace, which is why most of our devices have this feature turned on. While traveling, your wireless network and Bluetooth can automatically connect to available networks and devices on the go. This can create problems if you connect to a network or device that is malicious. Turning off your devices' auto and remote connect features while traveling will allow you to only connect when you want to connect.

    4. Physical Security: Keeping your devices physically secure while in hotel rooms, airports, planes or any other mode of transport will help prevent unauthorized access, physical theft, and consequent data breaches. A good practice is to never leave your devices unattended in a public space or on any means of transport.

    5. Locks And Passwords: Using a strong password or PIN is always useful but keeping your device locked at all times is even more important, especially while traveling. If you leave your device unlocked for even a minute or two, it can potentially give hackers enough time to breach your device.

    6. Location Sharing: Immediately updating social media networks with pictures and locations is very common among travelers on vacation. This can sometimes be problematic if a cybercriminal has access to your social media pages. They can track your location and use that information to break into your hotel rooms or even your home and steal valuables while you are away. Always be cautious with what you share on social media, especially when it comes to letting people know where you are, or even where you’re not.

    7. Public Wireless Networks: Connecting to public hot spots or wireless networks that are available in hotels, planes, cafes and transportation can be risky, which is why you must always confirm with the staff the exact procedures and networks to connect. Often, hackers use these public networks to gather sensitive data. If you are connected to a public network, make sure to only use "https" sites and avoid online shopping or accessing any sensitive data to avoid a security breach. If possible, always use your own data network connection or make sure to have a VPN.

    8. Public Computers: More and more public places are allowing access through public computers. Libraries, internet cafes, hotels, and even some restaurants have publicly available computers for you to use and access the internet.

    9. Skimmer Devices: A skimmer device is used by criminals to copy your credit card information without ever touching or using your credit card. Criminals need only hover a skimmer device over your credit card for a few seconds to copy its data and use it for personal gains. They can even do this by hovering the device over your wallet or pocket that contains your card. An easy way to avoid this from happening is to use an RFID wallet or cardholder that prevents data theft by creating a digital wall between your card and the skimmer device.

    Conclusion: The threat of cybercrime is very real, and the probability of that threat increases when we are vulnerable. That is why a good cybersecurity mindset while traveling is a must. Whether you are traveling for work or vacation, be sure to practice these tips and proceed with caution.

  • 8 cyber security tips for business travelers

    1. Lock Devices Down: Most smartphones, laptops, and tablets come equipped with security settings that will enable you to lock the device using a PIN number or fingerprint ID. Do this on every available device. While traveling, change the PIN numbers you regularly use.

    2. Be Cautious of Public Wi-Fi: The laws and regulations that govern cyber security in other countries are typically not going to be the same as those found in the US. Free Wi-Fi access can be very appealing for business or leisure travelers but is also particularly vulnerable to security issues. Avoid unencrypted Wi-Fi networks; ask your hotel about its security protocol before connecting to the Web. Be extra cautious using Internet cafes and free Wi-Fi hotspots; if you must use them, avoid accessing personal accounts or sensitive data while connected to that network.

    3. Disable Auto-Connect: Most phones in the US have a setting that allows a device to automatically connect to Wi-Fi networks as you pass through them on your day-to-day activities. While this is a nice feature when used at home, it’s not something you should allow while traveling abroad. Before you travel, change this setting so that your smartphone and laptop must be manually connected each time you wish to access the Web.

    4. Minimize Location Sharing: It’s very common for travelers to update social networking sites as they move about new counties or cities. The problem with this type of excessive sharing is that it creates a security threat at home. By signaling your every location, you make it easy for a criminal to determine that you’re not in your hotel room or at your home, leaving your personal belongings within these areas vulnerable to a physical intrusion. Limit the information you post online about your specific whereabouts to limit these threats to your personal property.

    5. Install Anti-Virus Protection: This is one of the easiest and most effective ways you can keep your personal information, as well as company information, secure while traveling. In addition to using a trusted brand of security, make sure that you regularly update this software as new versions become available.

    6. Update Operating Systems: Just like your anti-virus software, you should keep your operating system as current as possible. This also goes for apps on your phone; take special care to update apps that you regularly use to conduct financial or personal business.

    7. Update Passwords: If you plan on traveling, change all of the passwords you regularly use. Similarly, if you must create a PIN for a safe or security box in a hotel room, make sure it’s unique and not something you commonly use. Don’t skimp on password creation either—a numerical sequence is not ideal. Take the time to create something that will keep a criminal out of your personal property. Once you return home, you can change all the passwords back.

    8. Disable Bluetooth Connectivity: Just like your phone’s automatic Wi-Fi connectivity, Bluetooth connectivity can present problems. Bluetooth signals can come from anywhere. If your Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device. Keep Bluetooth disabled as much as possible while traveling abroad. In addition to implementing these eight cyber security tips for travelers, you should also check out the laws and regulations governing cyber security in each country you plan to visit. By remaining vigilant during your business travels, you can greatly reduce your risk of suffering a cyber threat.

  • Ethics, Compliance and Audit Services

    Traveling overseas with high tech equipment, confidential, unpublished, or proprietary information or data - Traveling with certain types of high tech equipment including but not limited to advanced GPS units, scientific equipment, or with controlled, proprietary, or unpublished data in any format may require an export license depending on your travel destination. Federal export and sanctions regulations prohibit the unlicensed export of specific commodities, software, technology, and payments to or from certain countries, entities, and individuals for reasons of national security, foreign policy, or protection of trade. University employees are required to comply with United States export and sanctions regulations when traveling abroad with commodities, software, and technology. ECAS can assist with export and sanction determinations related to your international travel. Helpful information may be found below concerning international travel procedures and best practices to ensure compliance with these federal regulations.

  • International Travel Tips and Additional Information

    Presentations and discussions must be limited to topics that are not related to controlled commodities, software, or technology unless that information is already published or otherwise already in the public domain. Verify that your technology or information falls into one or more of the following categories prior to traveling: Research that qualifies as fundamental research Published information Publicly available software Educational information

    Check with your local export control contact prior to traveling with any commodities, software, or technology that fall into one of the following categories: Controlled Unclassified, or Export Controlled or information under any other restriction including 3rd party proprietary information received under a non-disclosure agreement (NDA) Limited Distribution, Proprietary, Confidential, or Sensitive Specifically designed for military, intelligence, space, encryption software, or nuclear related applications Data or information received under a Non-Disclosure Agreement Data or information that results from a project with contractual constraints on the dissemination of the research results Computer software received with restrictions on export to or on access by non-US Persons

  • Women
  • What's cyberstalking?

    Cyberstalking  involves the use of information and communications technology (ICT) to perpetrate more than one incident intended to repeatedly harass, annoy, attack, threaten, frighten, and/or verbally abuse individuals.

    Perpetrators can engage in cyberstalking directly by emailing, instant messaging, calling, texting, or utilizing other forms of electronic communications to communicate obscene, vulgar, and/or defamatory comments and/or threats to the victim and/or the victim's family, partner, and friends, and use technologies to monitor, survey and follow the victim's movements.

    Perpetrators can also engage in cyberstalking indirectly by causing damage to the victim's digital device (by, for example, infecting the victim's computer with malware and using this malware to surreptitiously monitor the victim and/or steal information about the victim) or by posting false, malicious, and offensive information about the victim online or setting up a fake account in the victim's name to post material online (social media, chat rooms, discussion forums, websites, etc.).

     
  • What is catfishing?
    Catfishing is a form of fraud or abuse where someone creates a fake online identity to target a particular victim. Catfishers may lure their victims into providing intimate photos or videos, then blackmail them, or may develop a relationship and then ask for money for a sudden emergency
  • Tips for protecting yourself from cyberstalkers
    • Make your posts 'friends only' so that only people you know get to see them.
    • Don't let social networks post your address or phone number publicly. (You might even want to have a separate email address for social media)
    • If you need to share your phone number or other private information with a friend, do so in a private message - not in a public post
    • Use a gender-neutral screen name or pseudonym for your social media accounts — not your real name.
    • Leave optional fields in social media profiles, like your date of birth, blank.
    • Only accept friend requests from people you have actually met in person. Set your social networks to accept friend requests only from friends of friends.
    • Disable geolocation settings. You may want to also disable GPS on your phone.
  • What is Cyberharassment?

    Cyberharassment involves the use of ICT to intentionally humiliate, annoy, attack, threaten, alarm, offend, and/or verbally abuse individuals. Only one incident is needed for cyberharassment to occur; however, it can involve more than one incident.

    Cyberharassment may also involve targeted harassment, where one or more persons work together to repeatedly harass their target online over a finite period (often a brief period) to cause distress, humiliation, and/or to silence the target. The perpetrators of cyberharassment can hack into the victim's account and steal the victim's personal information, images, and videos.

    Cyberharassment can also involve the posting or other distribution of false information or rumors about an individual to damage the victim's social standing, interpersonal relationships, and/or reputation (i.e., a form of cybersmearing). This false information is posted on websites, chat rooms, discussion forums, social media, and other online sites to damage the reputations of people and businesses. Offenders can also impersonate victims by creating accounts with similar names and, by making use of existing images of the victims, use these accounts to send friend and/or follower requests to victims' friends and family members to deceive them into accepting these requests (a form of online impersonation).

  • What is sextortion?
    It is a form of cyber extortion. It occurs when individuals demand their victims provide them with sexual images, sexual favors, or other things of value. There is no specific federal sextortion offense, but it falls under the federal cyberstalking law.
  • Where to report cyberstalking
    Submit an Internet crime complaint with the Internet Crime Complaint Center - IC3. Complaints filed via the IC3 website are processed and may be referred to federal, state, local or international law enforcement or regulatory agencies for possible investigation.      
  • Corporations
  • Which consequences my corporation can face?
    Beyond causing severe financial damage, cyberattacks can lead to regulatory penalties, lawsuits, reputational damage, and business continuity disruptions.    
  • What are the most common types of cybersecurity threats?
  • Sources of cybersecurity threats

    nation-state attackers, corporate spies, criminal groups, malicious insiders, hackers, hacktivists, terrorist groups.

  • Why corporations need cyber security compliance?
    As organizations continue to migrate to the digital realm, they face a multitude of challenges related to privacy and protection of customer, employee, and shareholder data.
  • What is cyber security compliance?
    Cybersecurity compliance involves a set of guidelines and controls to protect the confidentiality, integrity, and availability of information stored, processed, or transferred.
  • How to protect your organization against cybercrime
    • Companies should no longer be asking why cybersecurity is important, but how can I ensure my organization's cybersecurity practices are sufficient to comply with GDPR and other regulations and to protect my business against sophisticated cyber-attacks. There are three simple steps you can take to increase security and reduce the risk of cybercrime.
    • Educate all levels of your organization about the risks of social engineering and common social engineering scams like phishing emails and typosquatting.
    • Invest in tools that limit information loss, monitor your third-party risk and fourth-party vendor risk, and continuously scan for data exposure and leak credentials.
    • Use technology to reduce costs like automatically sending out vendor assessment questionnaires as part of an overall cyber security risk assessment strategy.
  • Governments
  • How do public data need to be handled?

    We need better technology that delivers more effective security to protect data, combined with ease of use. Such technology needs to be transparent to users while removing them from security decisions. The principle that everything – 100% – should be encrypted all of the time, in storage, in transit, and in use, is the goal. This means that when a file on a running system is copied from one location to another, it remains encrypted.

    Furthermore, strong authentication should be built into the encrypted file so that only authorized individuals can decrypt the data. With this transparent, 100% file encryption, all data will be protected no matter where it gets copied because security is part of the file rather than a feature of its storage location. And by continuing the 100% encrypted principle, IT security experts no longer need to spend hours tweaking data classification rules so that ’important’ data gets more strongly protected.

  • How government agencies are facing cyber security challenges

    The government is now using four new strategies to secure its sensitive information and protect its vital infrastructure:

    • Proactive cyber threat hunting. The federal government is turning to cyber threat hunting as a proactive means of identifying dormant threats because traditional prevention and response measures are often ineffective against determined adversaries. The ability to actively search endpoints and identify sophisticated threats is an ongoing process that requires advanced tools, technology, and people to discover both the external origins of breaches and internal compromises of systems and data. Obtaining and maintaining full visibility of threat actors targeting a specific environment is important to enabling cyber threat hunting operations in complex settings.
    • Increased use and sharing of cyber intelligence data. intelligence gleaned from information sharing is now proactively incorporated into indicators of compromise (IOCs) to search for other signs of malicious activity, such as nefarious users who may be harvesting data and performing privilege escalation. Such activity likely stems from threats that have not been appropriately categorized or that include previously unknown malware. This gives analysts the ability to examine various system artifacts for IOCs linked to nation-state threat actors. New hunting techniques include the use of advanced detection technology to search for specific IOCs and perform sweeps specifically associated with advanced threat actors targeting federal agencies. This technology allows analysts to examine various system artifacts for IOCs linked to nation-state, criminal, and other sophisticated threat actors. In addition to the automated IOC sweeps, analysts collect and analyze data using frequency of occurrence analysis to better discover anomalies that might have gone undetected with previous measures. This technique enables analysts to focus on finding deviations in the environment that IOCs did not detect.
    • Continuous security monitoring, with an emphasis on boundary protection and security event lifecycle management. The Continuous Diagnostics and Mitigation program (CDM) enables government departments and agencies to expand their continuous monitoring and diagnostic capabilities by increasing their sensor capacity, automating data collection, and prioritizing risks. The program was designed to integrate commercial technology with government networks and systems.
    • Automation and orchestration of security operations. Agencies that must defend the federal government’s critical infrastructure with existing tools and capabilities face four major limitations: Lack of skilled staff to analyze the growing number of incidents, Slow incident remediation time, Error-prone and inconsistent manual remediation processes, Inexperienced staff spending less time hunting for new threats and more time remediating false alerts. Security orchestration can help combat these limitations through the process of connecting security tools and integrating disparate security systems to drive automation and reduce human analysis and interactions. It requires that the organization have a mature security environment and appropriately classify actionable incidents.
  • How do Public Data need to be Handled?

    We need better technology that delivers more effective security to protect data, combined with ease of use. Such technology needs to be transparent to users while removing them from security decisions.

    The principle that everything – 100% – should be encrypted all of time, in storage, in transit and in use, is the goal.

    This means that when a file on a running system is copied from one location to another, it remains encrypted. Furthermore, strong authentication should be built into the encrypted file so that only authorised individuals can decrypt the data.

    With this transparent, 100% file encryption, all data will be protected no matter where it gets copied because security is part of the file rather than a feature of its storage location.

    And by continuing the 100% encrypted principle, IT security experts no longer need to spend hours tweaking data classification rules so that ’important’ data gets more strongly protected.

  • Nonprofits
  • Do Nonprofits need Cybersecurity?

    Yes. Because they normally store sensitive information desirable for attacker, and also they can be seen as an easy entry to larger nonprofits or government entities.

  • Why Nonprofits can be Attacked?

    Because many nonprofits store personally identifiable information (PII), including full names, addresses, social security numbers, medical information, driver’s license numbers, email addresses, and more, their IT systems are a target-rich environment.

  • What are the risks of a Data Breach?

    Many nonprofits collect and store sensitive personal information that is protected by law as confidential. When there is a breach of the confidentiality of those data, that poses a risk for the individuals whose data was disclosed, AND for the nonprofit that will now potentially be subject to liability for the breach.

  • What should nonprofits do?

    It makes sense for EVERY nonprofit to - at a minimum - assess the risks of a data security breach, and protect its data from unauthorized disclosure.

  • What cybersecurity steps a nonprofit can take?

    First Step | Risk assessment: assessing your nonprofit’s data risks is to take inventory of all the data your nonprofit collects and identify where it is stored

    Second Step | Are the data your nonprofit maintains "protected" or "confidential"?: Second, know whether the data your nonprofit collects and maintains is covered by federal or state regulations as “personally identifiable information.” If so, forty-seven states’ laws require nonprofits to inform persons whose “personally identifiable information” is disclosed in a security breach, and 31 states have laws that require the disposal of such data in certain ways. Additionally, the Federal Trade Commission's Disposal Rule also requires proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” Protecting personally identifiable information is all about training staff on how to collect/store/dispose of and generally protect this data.

    Third Step | Drill down on the actual risks: Third, consider using the US National Institute of Standards and Technology (NIST) Cybersecurity Framework to help your nonprofit identify risks, and make management decisions to mitigate those risks. This framework is not intended to be a one-size-fits-all approach but to allow organizations to manage cybersecurity risks in a cost-effective way, based on their own environment and needs.

  • How likely is it that hackers will take over your nonprofit’s website?

    That depends on the strength of the security of individual nonprofits’ websites and how consistently users follow strong password protocols.

  • How serious are the risks of a site takeover?

    Typically, the main website remains intact, but the hackers create additional content that can’t be good for your nonprofit’s reputation – or Google analytics. So, on balance, a site takeover does not create the same type of liability risks that other security breaches do, but cleaning up the mess can be time consuming and costly.

  • Is Cyber Liability Insurance needed?

    Insurance policies are available to cover losses from breaches affecting a nonprofit’s own information and losses affecting third parties’ information (such as patients/clients, and donors). The types of losses/expenses that cyber insurance can cover a range from the cost of notifying all the folks whose information may have been comprised; to the cost of content repair, such as repair to a hacked website; to the cost of hiring a PR whiz to help your nonprofit recover its reputation after a severe security breach. There are even some policies that address business interruption in the event a cybersecurity breach is so severe that it forces the nonprofit to temporarily suspend operations

  • What steps a noprofit should take before deciding whether to purchase cyber-liability insurance?

    (1) Understand how a breach of privacy claim could affect your nonprofit

    (2) Work with a knowledgeable insurance agent or broker who not only understands how different cyber liability policies differ in their coverage, but also understands your nonprofit’s operations and activities well enough that s/he can break down your nonprofit’s exposures with you. Choosing insurance products should be a collaborative effort with your nonprofit’s broker/agent

    (3) as with all insurance, take a hard look at the cost of the annual premium.

  • Most Common Risks Associated with the Business of Charit

    Risk #1: Online Donations While technology has made it much easier for nonprofits and charitable organizations to accept donations online, it has also made it that much simpler for a digital pickpocket to steal from the organization.

    While payment is easy for the customer, having an unsecured website could mean leaving an open avenue for a cyberattack.

    Risk #2: Phishing Scams and Ransomware

    Communicating with donors, partner organizations, and clients is a simple process today. Automated emails and newsletters keep interested parties aware of what's going on in the organization. But as you're responding to emails, you could be putting the organization at risk. Clicking a bad link, downloading a seemingly safe Word, Excel, or PowerPoint file, or even just opening a PDF file could put your hard-won funds at risk.

    Cybercriminals use phishing emails, a type of social engineering scam, in an attempt to obtain sensitive information. They may also install ransomware, or ransom malware, on a nonprofit's computer system, blocking access until they receive a sum of money or another action has been completed.

    Risk #3: Volunteers

    Volunteers share their time for many reasons, from being a surviving family member to wanting to give back to the local community. And while many volunteers have good intentions, there are a few that may volunteer their time to gain access to your data stores. Training time is short, onboarding an on-the-job process, and the bad guys can sometimes slip through the cracks, leaving your organization at risk for a cyberattack.

  • Small Businesses
  • Common scams that target small businesses

    Fake Invoices

    Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake, and if you pay, your money may be gone.

    Directory Listing and Advertising Scams

    Con artists try to fool you into paying for nonexistent advertising or a listing in a nonexistent directory. They often pretend to be from the Yellow Pages. They may ask you to provide contact information for a “free” listing or say the call is simply to confirm your information for an existing order. Later, you’ll get a big bill, and the scammers may use details or even a recording of the earlier call to pressure you to pay.

    Utility Company Imposter Scams

    Scammers pretend to call from a gas, electric, or water company saying your service is about to be interrupted. They want to scare you into believing a late bill must be paid immediately, often with a wire transfer or a reloadable card or gift card. Their timing is often carefully planned to create the greatest urgency — like just before the dinner rush in a restaurant.

     

    Government Agency Imposter Scams

    Scammers impersonate government agents, threaten to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.

     

    Tech Support Scams

    Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.

  • Why do bad actors target small businesses?
    Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses. Sometimes the gains to be had from attacking a small business are smaller than what the results could be if a larger enterprise were the focus of a cyber-attack. But, because of the corresponding lack of security controls, bad actors can see small businesses as “easy pickings”. Other times, however, a small business is viewed as a critical component of the attack vector into a large enterprise. Large firms of every type use small business vendors. The SBA incentivizes large companies to use small business suppliers. Cybercriminals have found that attacking a large firm through their small business partners can be a successful strategy.
  • What are the top cyber threats against small businesses?
  • Startups
  • Why do cyber criminals target start-ups?
    Most start-ups don’t have robust cybersecurity infrastructure, which makes them an easy target.
  • Top cyber security threats facing start-ups in 2020
  • Steps that start-up entrepreneurs can take to improve IT security

    VPN. A virtual private network (VPN) creates a private network from a public internet connection ensuring online privacy and anonymity. It should be a part of your cybersecurity toolkit. Secure the network with a VPN to defend against DDoS attacks, malware, snooping, and a wide range of other online threats.

    Antivirus. Use antivirus to protect your system from viruses and malware. Malware may include viruses, trojans, spyware, worms, etc. Antivirus software is essential to cybersecurity as it helps you protect your start-up’s data from hackers and other online threats.

    Backup. A comprehensive backup strategy is a vital part of a start-up’s cybersecurity safety net. Backing up your mission-critical data ensures that it’s available for restore in the event of a breach or a ransomware attack. With a backup, you can always start afresh.

    Risk assessment. A risk assessment is a comprehensive audit of your system. Assess risks and vulnerabilities to find possible entry points. Assessing risks and vulnerabilities helps you know where your business is most vulnerable which, in turn, helps you patch these weaknesses and protect your company data.

  • Causes of cyber attacks
    • Unsecured Wi-Fi connections: This remains one of the main causes of cyber attacks. Unsecured networks give hackers a free pass to confidential log-in details from connected computers.
    • Insecure passwords: Failure to secure your passwords makes them easily accessible to hackers who can gain access to your system and launch cyber attacks against you.
    • Human error: According to Kaspersky, human error is the second most probable cause of a serious security breach, second to malware.
  • Legal ramifications of a data breach
    As a startup owner, you should be not only worried about the financial implications of a data breach, but also the legal consequences that may follow. Government penalties, fines, and in extreme circumstances, jail time, are some of the legal ramifications of not protecting Personally Identifiable Information (PII).
  • Attackers
  • What's the premise of hacktivism?
    Carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online activism, digital activism, or cyberactivism,
  • Types of cyber attackers

    Cyber Criminals (Organized Cybercriminals)

    Cybercriminals are individuals or groups of people who use technology to commit cybercrime to steal sensitive company information or personal data and generate profits.

    Hacktivists

    Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology. Hacktivists are not like cybercriminals who hack computer networks to steal data for cash. They are individuals or groups of hackers who work together and see themselves as fighting injustice.

    State-sponsored Attacker (APT Groups)

    State-sponsored attackers have particular objectives aligned with either the political, commercial, or military interests of their country of origin. These types of attackers are not in a hurry. The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal.

    Insider Threats

    The insider threat is a threat to an organization's security or data that comes from within. These types of threats are usually occurred from employees or former employees, but may also arise from third parties, including contractors, temporary workers, employees, or customers.

    Malicious Insider Threats

    Malicious threats are attempts by an insider to access and potentially harm an organization's data, systems, or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge.

    Cyber Terrorists

    Terrorism, by its very nature, seeks out whatever means possible to proliferate fear, unrest, and discord across the globe. Cyber terrorists utilize an array of cyber weapons to disrupt critical services and commit harmful acts to further their cause. Generally speaking (though far from exclusively), they target the state operations, businesses, and critical services that will cause the most dramatic effect.

  • How profitable is cyber crime?
    The interesting thing is that all the services used by cybercriminals cost money, from malware development all the way through to money muling. All the individuals involved in the criminal ecosystem that supports fraud through a malware campaign require payment. This means that unless the criminals are able to access large numbers of bulk payment systems, and get high-value payouts on each occasion, each criminal is relying on small profit margins from each hack just to keep their business going. They then need to reinvest these profits into developing their botnets and campaigns further in order to have continued success.
  • Which categories are financial cybercrime divided into at this time?

    Individual users: This category focuses on individuals as victims. The threat actors steal and use stolen data, credit card numbers, online financial account information, or ss numbers.

    Enterprises: This category of financial cybercrime focuses on enterprises and business org. Threat actors will attempt to steal research on a new product to sell it to another supplier which deprives the legitimate business of profits.

    Governments: Governments are also the targets of threat actors. If military information can be stolen, it can be sold. Government information can also be stolen and published in front of its citizens to embarrass the government.

  • Who carried out hacktivism attacks?
    People who carried out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but rather to draw attention to a cause that’s important to the hacktivist group.
  • Who do hacktivists target?
    Hacktivists target entities that they believe violate their values or stand in the way of their agenda. Common targets may include Nation-states, Government agencies, Corporations, Religious institutions, Terrorist organizations.
  • What motivates hacktivists?

    Hacktivists generally believe they’re acting altruistically for the public good. Similar to activism in our physical world, online activists seek to bring public attention to a cause that’s important to them in hopes they’ll invoke change. This often means exposing and correcting perceived injustices.

    The nature of the perceived injustices might be political, social, or religious:

    • Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
    • Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
    • Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.
  • What are hacktivism attacks?

    Despite any altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mostly conducted anonymously.

    Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as a form of antagonism, such as the way we might see graffiti on billboards.

    Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today.

  • Types of hacktivism
    Hacktivism comes in many forms, each with its own way to support a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are 10 known types of hacktivism:
    1. Anonymous blogging
    2. RECAP
    3. Website defacement
    4. Website redirects
    5. Website mirroring
    6. Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS)
    7. Virtual sit-ins
    8. Leaks
    9. Doxing
    10. Geo-bombing
     
  • What is the difference between a hacker and a hacktivist?
    Hackers and hacktivists generally use the same tools and techniques to achieve their goals. Unlike hacktivists, hackers are not defined solely by social causes.
  • Nation State (APTs)
  • What's an APT?
    An APT is a cyber-attack launched against a specific company, person, or institution. These attacks are usually deployed by well-trained attackers using advanced technology, strategic tactics, and the necessary (financial) resources. APTs are well-structured and complex.
  • Who is affected by APTs?
    According to Bitkom (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.), medium-sized companies are most seriously affected by IT espionage or sabotage – over 60 percent. Most organizations are already compromised without even being aware of it.
  • Why would someone launch an APT?
    A successful advanced persistent threat can be extremely effective and beneficial to the attacker. For nation-states, there are significant political motivations, such as military intelligence. For smaller groups, APTs can lead to significant competitive advantages or lucrative payouts.  
  • How do I prevent an APT?
    When organizations detect gaps in their security, they intuitively deploy a standalone product to fill that void. A solution filled with standalone products, however, will continue to have inherent gaps. To avoid these security gaps, organizations need to take a holistic approach. This requires a multilayered, integrated security solution. Deploying a portfolio of products that can seamlessly work together is the best way to enhance security.
  • Where does the APT attack come from?
    Most APT groups are affiliated with or are agents of governments of sovereign states. An APT could also be a professional hacker working full-time for the above. These state-sponsored hacking organizations usually have the resources and ability to closely research their target and determine the best point of entry.  
  • Malicious Insiders
  • What are insider threats?
    Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors, or partners who have access to an organization’s systems or data.  
  • How does the insider threat attack happen?
    Malicious insiders have a distinct advantage in that they already have authorized access to your company's network, information, and assets. They may have accounts that give them access to critical systems or data, making it easy for them to locate it, circumvent security controls and send it outside of the organization.
  • Where do the inside attackers come from?
    Inside attackers come from within your organization - they can be insiders in your company with bad intentions, or cyberspies impersonating contractors, third parties, or remote workers. They can work both autonomously or as part of nation-states, crime rings, or competing organizations. While they might also be remote third-party suppliers or contractors located all over the world, they have some level of legitimate access to your systems and data.
  • Why are insider threats so dangerous?
    Detecting insider threats is no easy task for security teams. The insider already has legitimate access to the organization’s information and assets and distinguishing between a user’s normal activity and potentially malicious activity is a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access, they don’t act maliciously most of the time; that’s why it’s harder to detect their harmful activities than it is to detect external attacks. As a result, a data breach caused by an insider is significantly more costly for organizations than one caused by an external attacker.
  • Why are you a target for insider threats?
    • Publicly available information helps foreign intelligence entities identify people with placement and access.
    • Contract information (bid, proposal, award, or strategies).
    • Company website with technical and program information.
    • Connections (partnerships, key suppliers, joint ventures, etc.) with other cleared or non-cleared companies.
    • Employee association with companies or technologies made public through scientific journals, academia, public speaking engagements, social networking sites, etc.
  • What do insider threats target?
    • Company unclassified networks (internal and extranets), partner and community portals, and commonly accessed websites.
    • Proprietary information (business strategy, financial, human resource, email, and product data).
    • Export-controlled technology.
    • Administrative and user credentials (usernames, passwords, tokens, etc.).
    • Foreign intelligence entities seek the aggregate of unclassified or proprietary documents which could paint a classified picture.
  • Hacktivists
  • What's the premise of hacktivism?
    Carrying out hacking attacks as a form of activism. So, you might think of hacktivism as online activism, digital activism, or cyberactivism,
  • Who carried out hacktivism attacks?
    People who carried out hacktivism attacks are hacktivists. They generally claim to operate with altruistic intentions, meaning not to cause malicious harm but rather to draw attention to a cause that’s important to the hacktivist group.
  • Who do hacktivists target?
    Hacktivists target entities that they believe violate their values or stand in the way of their agenda. Common targets may include Nation-states, Government agencies, Corporations, Religious institutions, Terrorist organizations.
  • What motivates hacktivists?

    Hacktivists generally believe they’re acting altruistically for the public good. Similar to activism in our physical world, online activists seek to bring public attention to a cause that’s important to them in hopes they’ll invoke change. This often means exposing and correcting perceived injustices.

    The nature of the perceived injustices might be political, social, or religious:

    • Politically motivated hacktivism seeks to promote or upheave a political agenda, sometimes to the extent of anarchy.
    • Socially motivated hacktivism sets out to expose social injustices, ranging from government censorship to human rights.
    • Religiously motivated hacktivism acts in the name of a religious ideology and may seek to discredit or encourage the belief.
  • What are hacktivism attacks?

    Despite any altruistic intentions, hacktivism attacks are hacking attacks, which means they’re illegal. But they’re also difficult to prosecute because they’re mostly conducted anonymously.

    Unlike traditional hacking attacks, though, hacktivism attacks rarely have true malicious intent. In some cases, you might think of them as a form of antagonism, such as the way we might see graffiti on billboards.

    Still, just as this is vandalism in real life, website defacing is considered cyber vandalism. This is just one example of the types of hacktivism that exist today.

  • Types of hacktivism
    Hacktivism comes in many forms, each with its own way to support a hacktivist’s intentions. That might be promoting free speech and information, crashing websites, or exposing incriminating information. Here are 10 known types of hacktivism:
    1. Anonymous blogging
    2. RECAP
    3. Website defacement
    4. Website redirects
    5. Website mirroring
    6. Denial of Service (DoS) or Distributed Denial of Service attacks (DDoS)
    7. Virtual sit-ins
    8. Leaks
    9. Doxing
    10. Geo-bombing
     
  • What is the difference between a hacker and a hacktivist?
    Hackers and hacktivists generally use the same tools and techniques to achieve their goals. Unlike hacktivists, hackers are not defined solely by social causes.
  • Analyst
  • What is a cybersecurity analyst?
    A cybersecurity analyst is a trained cyber professional who specializes in network and IT infrastructure security. The cybersecurity analyst thoroughly understands cyberattacks, malware, and the behavior of cybercriminals, and actively seeks to anticipate and prevent these attacks. The analyst usually possesses at least a bachelor's degree in cybersecurity or a related field.
  • What is a cybersecurity analyst role?
    A cybersecurity analyst protects an organization from cyber threats and actively develops protocols used to respond to and quell cyberattacks. Cybersecurity analysts protect organizational infrastructure, such as computer networks and hardware devices, from cybercriminals and hackers seeking to cause damage or steal sensitive information.
  • What education does a cybersecurity analyst need?
    Cybersecurity analysts are more entry-level roles in the cybersecurity field. In order to be qualified, you will need a bachelor's degree in cybersecurity and information assurance. This type of degree program will help you learn IT fundamentals as well as critical cybersecurity foundations that will prepare you for the requirements of this job. Scripting and programming, data management, penetration testing, hacking and countermeasures, and more will all be critical elements of your cybersecurity education.
  • How much does a cybersecurity analyst make?
    According to the Bureau of Labor Statistics (BLS), the average annual salary of a cybersecurity analyst is $103,590 ($49.80 per hour) (2020). The longer you are in this field, the more you can make. However, if you have a Master's and a specialized skill set, you may be able to make more. There will be different pay rates for various titles.
  • What skills does a cybersecurity analyst need?

    The job of a cybersecurity analyst is a specialized position that requires a unique skill set. Some of the required skills of a cybersecurity analyst are:

    • Communication: You may understand the threats to your company's network, but you need to be able to explain them in laymen's terms to others. You will have to communicate with others a lot in this job and work with a team that is responsible for security.
    • IT Knowledge: This job requires you to stay up-to-date on trends in the technology world. You need to be aware of the best practices, techniques, and any laws that change.
    • Creativity: You may not think a cybersecurity expert needs to be creative, but this is a must! You need to think of creative ways that bad guys can breach your organization's system, then think of creative solutions to prevent them.
    • Strong Attention to Detail: This is not something that should be overlooked. You need to be detail-oriented for this job, paying strong attention to the smallest adjustments and changes in your organization's network.
    • Reading Comprehension: Reading work-related information.
    • Critical Thinking:  Thinking about the pros and cons of different ways to solve a problem.
    • Active Listening: Listening to others, not interrupting, and asking good questions.
    • Complex Problem Solving: Noticing a problem and figuring out the best way to solve it.
  • How to become an information security analyst?
    Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer to hire analysts with experience in a related occupation.
  • DevSecOps
  • What does it take to be a DevSecOps engineer?

    Becoming an effective DevSecOps engineer requires a distinct set of skills and practical experience. DevSecOps engineers should have a deep understanding of how security impacts each stage of the development pipeline and the final product or service. Just as important is their ability to be team players with good communication skills.

    The ideal DevSecOps engineer has involvement in and appreciation of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. In a continuous integration/continuous delivery (CI/CD) environment, this entails working under pressure with critical task times.

  • What does a DevSecOps engineer do?

    DevSecOps engineers typically test and monitor a company's system for vulnerabilities. Then, they will work in collaboration with program developers (often called DevOps engineers) to create new programs that patch holes in the current security program, add countermeasures to prevent new threats, or simply make the program stronger and more effective.

    They also often need to present the results of their security tests — and the programs they created to respond to those results — with other professionals within the company. Ultimately, they are responsible for keeping the company's digital data safe through monitoring, programming, testing, and communication.

  • What are common DevOps capabilities?
    • Platform familiarity: While the days of worrying about infrastructure systems and servers are over, most engineers should be familiar with infrastructure automation tools (Kubernetes) and have experience working with virtual machines (VMs) and pods.
    • Programming/scripting languages: Most engineers would require familiarity with at least one or two programming languages. Given the variety of languages out there, organizations tend to be very targeted in hiring for specific languages, such as Java, Go, C and Python.
    • Operations: These would be things like configuration management, provisioning, and deployment, which are automated and require programming skills.
    • Security: Some organizations and technology companies have used the term DevSecOps to emphasize the security aspects of DevOps – although security should already be baked into DevOps processes.
    • Integration: This involves integrating different pipelines, through which development teams deploy different features that come together in an application release, which makes release automation and continuous delivery more important than integration.
    • Communication and team management: communication is the most important skill for a DevOps professional.
     
  • What's the DevSecOps engineer salary?
    The average DevSecOps salary in the USA is $143,294 per year or $73.48 per hour. Entry-level positions start at $121,500 per year while most experienced workers make up to $180,000 per year.
  • What to consider before starting a career in DevOps?
    A career in DevOps is not for the faint of heart. It's a demanding undertaking that requires skilled professionals who know how to solve problems and work in a team setting. DevOps practitioners must be able to adapt to changing circumstances, collaborate with colleagues, and empathize with customers and other stakeholders. Before deciding on a career in DevOps, candidates should have a clear sense of the DevOps job market and what it takes to be a DevOps professional.
  • What are common DevOps roles?

    A DevOps team is made up of skilled professionals who work closely together but carry out different roles or are cross-trained to perform multiple roles. The roles might vary from one team to the next, or they might go by different names, but they can all play an important part in the DevOps effort. Some of the more common DevOps roles include the following:

    • DevOps engineer: Oversees DevOps operations and the software development lifecycle, while fostering a collaborative environment and cross-team communication.
    • Release manager: Oversees the continuous integration/continuous delivery (CI/CD) pipeline, as well as other operations associated with building and deploying applications.
    • Automation engineer: Responsible for planning and delivering automation solutions that eliminate manual, repetitive tasks and support the CI/CD pipeline.
    • Software developer: Writes and updates application code, along with unit tests and IaC instruction sets, where applicable.
    • Software tester: Ensures products meet defined QA standards and can be safely released to customers.
    • Security engineer: Focuses on application and infrastructure security, with an eye toward data integrity and compliance.
    • DevOps evangelist: Promotes an organization's DevOps initiatives and articulates its benefits, relying heavily on interpersonal communication.
    • User experience (UX) engineer: Ensures products meet UX expectations and UX goals align with test and release goals.
  • Forensics
  • What job can you get in digital forensics?
    • Digital forensic investigator
    • Computer expertise technician
    • Information security analyst
    • Digital forensics analyst
    • Digital/computer forensics engineer
    • Information systems security analyst
    • Forensic computer analyst
    • Cybersecurity consultant
    • Computer/digital forensic technician.
  • What does a digital forensics analyst do?
    Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, encrypted, or deleted information related to the case. They also safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.
  • Where does a digital forensics expert work?
    Digital forensics experts commonly work in the criminal justice system. Many private industries also employ them, including companies in financial services, information technology, computing, network security, and defense sectors. Privately employed digital forensics analysts help buttress an organization’s internal cybersecurity team and provide an added safeguard in the event of a hack or cybercrime.
  • How does digital forensics work?

    Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for. In general, these procedures include the following three steps:

    • Data collection: Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website.
    • Analysis: Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power.
    • Presentation: The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.
  • Do digital forensics analysts need certifications?

    Candidates do not need a formally issued license to become a computer forensics analyst, but employers often prefer candidates who hold one or more of the following:

    • Global Information Assurance Certifications: GIAC certifications focus on incident response capabilities, and include seven unique programs as of 2020.
    • Computer Hacking Forensic Investigator: Offered by the world-renowned EC-Council, the CHFI designation appeals to professionals interested in investigating cybercrime.
    • Certified Forensic Computer Examiner: Delivered by the IACIS, the CFCE program includes two phases: a peer review phase and a certification phase. Candidates must recertify every three years to maintain valid standing.
    • Access Data Forensics Certifications: Access Data offers numerous specialized certifications for professionals who aspire to work in law enforcement settings.
  • How much does a digital forensics analyst make?
    According to the Bureau of Labor Statistics (BLS May 2019), the median salary for information security analysts was $99,730 in 2019. Those in the lowest 10 percent earned $57,810 or less, while those in the highest 10 percent earned $158,860 annually or more.
  • What job can you get in Digital Forensics?
    Digital forensic investigator Computer expertise technician Information security analyst Digital forensics analyst Digital/computer forensics engineer Information systems security analyst Forensic computer analyst Cybersecurity consultant Computer/digital forensic technician.
  • What does a Digital Forensics Analyst Do?

    Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, encrypted, or deleted information related to the case. They also safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.

  • How does Digital Forensics work?

    Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for.

    In general, these procedures include the following three steps:

    Data collection: Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website.

    Analysis: Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power.

    Presentation: The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.

  • Where does a Digital Forensics expert work?

    Digital forensics experts commonly work in the criminal justice system. Many private industries also employ them, including companies in financial services, information technology, computing, network security, and defense sectors. Privately employed digital forensics analysts help buttress an organization’s internal cybersecurity team and provide an added safeguard in the event of a hack or cybercrime.

  • SIEM
  • What is a SIEM?

    Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

     
  • WHAT IS A SIEM TOOL?

    A SIEM tool is a centralized system used to collect, store and analyse logs. Logs are generated in an infrastructure and originate from sources such as applications, hosts and network traffic.

  • WHAT CAN A SIEM TOOL DO FOR MY COMPANY?

    A SIEM tool is used to monitor and analyze the activities that are taking place in the infrastructure of your company. By analyzing the events, suspicious behavior can be detected. Analyzing the detected suspicious behavior. swiftly and correctly plays an essential role in recognizing a (potential) cyberattack in an early stage. Detecting these early, allows your company to act fast and take the necessary measures.

  • HOW DOES A SIEM TOOL WORK?
    The following steps will be performed by the SIEM and cyber security personnel continuously: 1. Log collection: Logs and event data that is generated by applications, hosts, network devices and network traffic is collected by the SIEM. 2. Log processing: The collected data is processed so that it can be stored in a structured matter. This process is also known as parsing. 3. Log analysis: The stored data is used to provide an overview on the dashboard, report and potentially trigger an alert. On this data, real-time analysis will be performed in which detection rules can trigger an alert. This happens when certain conditions are met, that could indicate suspicious behaviour. Default detection rules might be available. However, customized detection rules can be created by a cyber security expert to meet specific security needs. 4. Alert analysis: This step needs to be performed by a cyber security expert. Alerts are cues that might be an indication of compromise. When an alert is triggered, the SIEM can notify cyber security personnel to perform further analysis in order to determine whether a legitimate cyberattack is happening.
  • WHICH SIEM TOOLS ARE THERE AND WHAT ARE THE MAIN DIFFERENCES BETWEEN THEM?
    There are many SIEM solutions available today. They each differ slightly with regards to the type of log sources that are supported. Additionally, SIEMs differ in the monitoring capacity, price and “location” where they are deployed. Location refers to the place in your company’s infrastructure in which a SIEM is deployed. There are two main types: · On-premise: One of the two main categories is the on-premise SIEMs. This traditional option usually requires machines on location that need to be deployed and maintained. An example of a SIEM that requires on-premise machines is the LogRhythm NextGen SIEM. · Cloud based: Nowadays there are also cloud based SIEMs available. This type of SIEM does not require on-premise hardware as it is deployed in the cloud. Azure Sentinel is an example of a cloud based SIEM by Microsoft
  • WHAT ARE IMPORTANT THINGS TO KEEP IN MIND WHEN I CONSIDER WORKING WITH A SIEM TOOL?
    The following things needs to be kept in mind when you consider working with a SIEM: · The SIEM solution needs to be a fit for your company’s infrastructure. It is important to think about whether your company wants to install on-premise machines on which the SIEM is deployed or to use a cloud based SIEM solution. It is also important to think about what kind of log data is being generated and whether it is supported by the SIEM solution you consider. · Cost and maintenance for SIEM solutions can differ. The price, and how the cost is calculated, can differ for each SIEM solution. For instance, for cloud based SIEM solutions there can be costs based on the amount of data ingested into the cloud. Additionally, some SIEM solutions have licence-based subscriptions, or a combination of both. It is important to note that when a SIEM is deployed in the cloud, the costs for maintenance and hardware are small compared to a SIEM solution that is deployed on-premise. · The detection rules in the SIEM needs to be configured to meet your company’s security needs. The SIEM’s default detection rules can be used and usually cover a wide range of known attacks. However, each company has its own crown jewels that need protection. This could require custom-made rules to detect specific attacks. Therefore, in addition to this, it is possible to create customized detection rules. It is important that this process is done by a cyber security expert in order to meet specific security needs your company may have. · Specialised knowledge and experience are required to follow up on the alerts in the SIEM. A frequent misunderstanding is that a SIEM tool can prevent a cyberattack. This is not the case. Instead, a SIEM tool can detect cyber incidents in an early stage so that further escalation can be prevented. When suspicious behavior is detected, it needs to be analyzed swiftly by a cyber security expert in order to determine whether and which further actions are required.
  • CAN I USE A SIEM TOOL BY MYSELF (SO NOT AS A SERVICE) AND WHY, WHY NOT?

    To be certain that an alert is followed up properly and that further escalation of a cyber incident is avoided, cyber security expertise is required. An expert is needed to understand what is going on and how to respond accordingly. Hence, it is vital that a SIEM is only staffed internally when there are enough security experts available with the required knowledge, if this requirement cannot be met it is advised to outsource it to a security partner.

  • WHAT IS SIEM AS A SERVICE?

    SIEM As A Service comprises outsourcing the deployment, maintenance, and configuration of a SIEM in accordance with your company’s security needs. It is advisable that the outsourcing company has the required cyber security expertise. It is therefore important to be critical when looking for a security partner, this will ensure that the SIEM is correctly configured and your company’s security risks are covered.

  • What is security information management (SIM)?

    Security information management (SIM) is the practice of collecting, monitoring, and analyzing security-related data from computer logs. A security information management system (SIMS) automates that practice. Security information management is sometimes called security event management (SEM) or security information and event management (SIEM).

  • Why is SIEM important?
    SIEM is important because it makes it easier for enterprises to manage security by filtering massive amounts of security data and prioritizing the security alerts the software generates. SIEM software enables organizations to detect incidents that may otherwise go undetected. The software analyzes the log entries to identify signs of malicious activity. In addition, since the system gathers events from different sources across the network, it can recreate the timeline of an attack, enabling a company to determine the nature of the attack and its impact on the business. A SIEM system can also help an organization meet compliance requirements by automatically generating reports that include all the logged security events among these sources. Without SIEM software, the company would have to gather log data and compile the reports manually. A SIEM system also enhances incident management by enabling the company's security team to uncover the route an attack takes across the network, identify the sources that were compromised and provide the automated tools to prevent the attacks in progress.
  • CCPA
  • What is the CCPA?
    The California Consumer Privacy Act (CCPA) was passed in 2018.  It provides for many consumer privacy rights and imposes many responsibilities on companies that collect and use personal data.  The CCPA is one of the strongest state privacy laws in the United States.  It also goes far beyond many federal laws.
  • When does it go into effect?
    The CCPA goes into effect on January 1, 2020.
  • Whom does the CCPA apply to?
    The regulation doesn’t apply to all businesses.  One of the following conditions must apply:
    • A business must have annual gross revenues exceeding $25 million; or
    • A business must obtain the personal information of 50,000 or more California residents, households, or devices annually; or
    • A business must derive 50% or more of its annual revenues from selling California residents’ personal information.
  • Does it apply to businesses outside the state of California?
    To be covered, companies must do business in California and collect and maintain personal data from California residents. If an organization isn’t doing business in California, it isn’t covered by the CCPA – even if it gathers data about Californians.
  • Does it apply to non-profits or the government?
    It only applies to “businesses,” which are for-profit companies.  Other types of organizations, such as non-profit or government entities, are not covered.
  • What must businesses disclose if a consumer makes a verified request?
    Businesses must disclose: · categories of personal information collected · categories of sources from which information was collected · purposes for which the information was collected · categories of third parties with whom the information is shared Consumers have the right to request the specific pieces of personal information collected about them.
  • What must be done to comply with the CCPA?

    Responsibilities include:

    · Provide two or more ways for consumers to request information (except businesses operating exclusively online with a direct relationship to the consumer can use just email)

    · Train employees about how to administer consumer rights under the CCPA.

    · Can’t discriminate against consumers by denying goods or services or charging difference prices to consumers who exercise their CCPA rights.

    Exception: A business may do so if that difference is reasonably related to the value provided to the businesses by the consumer’s data.

    · Businesses must have a written agreement with the service providers to restrict use of personal information beyond specified purposes.

    · For transfers of personal information to third parties that aren’t service providers, there are strict restrictions on use of the data by these third parties.

  • What is “personal information” under the CCPA?

    The law defines “personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”  This definition is similar to the GDPR’s definition of “personal data” in that it includes information that is identifiable — that could be linked directly or indirectly to people.  But it diverges in that it excludes “publicly available information” — “information that is lawfully made available from federal, state, or local government records.”

  • What is a “sale” of personal information under the CCPA?

    A “sale” of personal information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

  • What is a “service provider” under the CCPA?

    A “service provider” is “a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract prohibits the entity receiving the information from retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by this title, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the services specified in the contract with the business.”

  • GDPR
  • What's the European data protection supervisor (EDPS)
    The EDPS is an independent EU body responsible for monitoring the application of data protection rules within European Institutions and for investigating complaints.
  • What does the Data Protection Officer do?
    The Data Protection Officer is responsible for monitoring and the application of data protection rules in the European Commission. The data protection officer independently ensures the internal application of data protection rules in cooperation with the European data protection supervisor.
  • What's personal data under GDPR?

    Any information that relates to you, as an identified or identifiable, living individual, falls under the GDPR. This includes for example your name, home address, ID card number, Internet Protocol (IP) code, and information on your health.

  • What's sensitive data under GDPR?

    If the personal data you collect includes information on an individual’s health, race, sexual orientation, religion, political beliefs, or trade union membership, it is considered sensitive.

    Your company can only process this data under specific conditions and you may need to implement additional safeguards, such as encryption.

  • When do the GDPR rules apply?
    The rules apply when your data is collected, used and stored digitally or in a structured filing system on paper.
  • What information companies should give you after collecting your data?

    When processing your data organizations have to provide you with clear information relating to the use of your data, this includes information such as:

    • the legal basis for processing your data

    • for what purposes your data will be used

    • how long your data will be stored

    • with whom they’ll share your data

    • your basic data protection rights

    • your right to lodge a complaint

    • whether your data will be transferred outside the EU

    • how to withdraw your consent, if you have given it

    • the contact details of the organisation responsible for processing your data and their Data Protection Officer if there is one

  • What rights the citizens have under GDPR?

    The right to access your data. You have the right to request access to the personal data an organization has about you, free of charge, and obtain a copy in an accessible format. The right to object. If an organization is processing your personal data you may have the right to object. However, in some circumstances, public interest may prevail. For example, this could be the case for scientific or historical research. You also have the right to object at any time to receiving direct marketing.

    The right to correct your data. Errors in your personal data can have a significant impact on your life, particularly when applying for loans, insurance, credit, and so on. If you believe that personal data held by an organization might be incorrect, incomplete, or inaccurate you can ask for it to be corrected. This must be done without undue delay. The right to have data deleted and to be forgotten. Where your consent has been requested to process your data, you can ask the organization to stop processing it by withdrawing your consent. They must do so if they’ve not relied on any other legal grounds for processing your data. It must be as easy to withdraw consent as it is to give it. If your data is no longer needed or is being processed unlawfully then you can ask for the data to be erased. Organizations must delete personal data collected from a child that is processed through an app or a website on request.

    The right to have a say when decisions are automated. Some organizations, such as banks, tax offices, and hospitals, use algorithms to make decisions about you using your personal data. It’s efficient for them, but not always transparent and these decisions may affect you legally or have another significant impact on your life. Automated decisions are allowed in some circumstances, for example when a particular law allows it.

    The right to move your data. If your data is used by a company after you gave your consent or signed a contract, then you can ask for it to be returned to you or transmitted to another company whose services you would like to use – this is called the right to ‘data portability. The original supplier, such as a social media company, bank, or even healthcare provider, has to transmit the data to the new supplier. Moving data should help you access other markets and suppliers more easily, and so give you more choice. The right to know who is processing what and why. When collecting your data a company must tell you what purpose your data will be used for. They must also make sure that only relevant data is processed and the data is not kept longer than necessary.

  • What step business can take to get ready for the General Data Protection Regulation?

    CHECK THE PERSONAL DATA YOU COLLECT AND PROCESS, THE PURPOSE FOR WHICH YOU DO IT, AND ON WHICH LEGAL BASIS

    INFORM YOUR CUSTOMERS, EMPLOYEES, AND OTHER INDIVIDUALS WHEN YOU COLLECT THEIR PERSONAL DATA

    KEEP THE PERSONAL DATA FOR ONLY AS LONG AS NECESSARY

    SECURE THE PERSONAL DATA YOU ARE PROCESSING

    KEEP DOCUMENTATION ON YOUR DATA PROCESSING ACTIVITIES

    MAKE SURE YOUR SUB-CONTRACTOR RESPECTS THE RULES

    CHECK IF YOU ARE CONCERNED BY THE PROVISIONS BELOW

  • Does the GDPR apply to me?

    In summary, the GDPR applies to any business that processes personal data by automated or manual processing (provided the data is organized according to criteria).

    Even if your business only processes data on behalf of other companies, you still need to abide by the rules.

    The GDPR applies if:

    "your company processes personal data and is based in the EU, regardless of where the actual data processing takes place; or

    " your company is established outside the EU but offers goods or services to, or monitors the behavior of, individuals within the EU.

  • What constitutes processing personal data?

    According to the GDPR, actions such as collecting, using, and deleting personal data all fall within the definition of processing personal data.

  • Cloud Security
  • What are the requirements for cloud security?
    1: Top-of-the-Line Perimeter Firewall 2: Intrusion Detection Systems with Event Logging 3: Internal Firewalls for Individual Applications, and Databases 4: Data-at-Rest Encryption 5: Tier IV Data Centers with Strong Physical Security
  • What are the Top Threats to Cloud Cyber Security?
    1: Data Breaches 2: Insufficient Identity, Credential, and Access Management 3: Insecure APIs 4: System Vulnerabilities 5: Account Hijacking 6: Malicious Insiders 7: Advanced Persistent Threats 8: Data Loss 9: Insufficient Due Diligence 10: Abuse and Nefarious Use of Cloud Services 11: Denial of Service 12: Shared Technology Vulnerabilities
  • Why is cloud security policy important?

    Most IT department policies and procedures complement each other. They define what is to be provided -- e.g., a cloud security policy -- and how policy compliance is achieved -- e.g., cloud security procedures. Without policies, companies may be at risk of security breaches, financial losses, and other security consequences. Absence of relevant policies can be cited during IT audit activities and, in some cases, may result in noncompliance fines or other penalties.

  • What are the components of a cloud security policy?

    The following is an outline of the necessary components of a cloud security policy:

    · Introduction. State the fundamental reasons for having a cloud security policy.

    · Purpose and scope. Provide details on the cloud policy's purpose and scope.

    · Statement of policy. State the cloud security policy in clear terms.

    · Policy leadership. State who is responsible for approving and implementing the policy, as well as levying penalties for noncompliance.

    · Verification of policy compliance. State what is needed, such as assessments, exercises, or penetration tests, to verify cloud security activities comply with policies.

    · Penalties for noncompliance. State penalties -- for example, verbal reprimand and note in personnel file for internal incidents or fines and legal action for external activities -- for failure to comply with policies and service-level agreements (SLAs) if they are part of the policy.

    · Appendixes (as needed). Provide additional reference information, such as lists of contacts, SLAs, or additional details on specific cloud security policy statements.

  • Why is cloud security important?

    Far too often, organizations place their trust in cloud providers to ensure a secure environment. Unfortunately, that approach has numerous problems -- namely that cloud providers don't always know the risk associated with a customer's systems and data. They don't have visibility into other components in the customer's ecosystem and the security requirements of those components. Failing to take ownership of cloud security is a serious downfall that could lead organizations to suffer data loss, system breaches, and devastating attacks.

  • What are the most cloud security challenges?

    misconfigurations and inadequate change controls;

    lack of cloud security architecture and strategy;

    insufficient identity, credential, access and key management;

    account hijacking; insecure interfaces and APIs;

    and abuse and nefarious use of cloud services.

  • Who is responsible for cloud security?

    Organizations should create a cloud IAM team dedicated to certain aspects of cloud security, such as access, authentication, and authorization. Shackleford recommended that the cloud IAM team, which could tackle single sign-on and federation, should be started with existing internal groups because they have a deep understanding of the business and its goals.

  • What's a CASB?

    A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. CASBs are available as both an on-premises or cloud-based software as well as a service.

  • What are the pillars of CASB ?

    1. Firewalls to identify malware and prevent it from entering the enterprise network

    2. Authentication to check users' credentials and ensure they only access appropriate company resources

    3. Web application firewalls (WAFs) to thwart malware designed to breach security at the application level, rather than at the network level

    4. Data loss prevention (DLP) to ensure that users cannot transmit sensitive information outside of the corporation

  • How does a CASB work?

    CASBs work by ensuring that network traffic between on-premises devices and the cloud provider complies with an organization's security policies. CASBs use autodiscovery to identify cloud applications in use and identify high-risk applications, high-risk users, and other key risk factors. Cloud access security brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.

  • Shift Left
  • What’s shift left testing?
    Shift Left is a practice intended to find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the lifecycle as possible. Shift Left testing means testing earlier in the software development process.
  • Is Shift Left always appropriate?
    A Shift Left testing approach may not always be able to deliver optimal performance and functioning in a real-world environment. In such situations, a Shift Right testing strategy may help to: · Enhance customer experience · Provide scope for implementation of test automation · Ensure better test coverage Shift Right initiates testing from the right, i.e., post-production. In this Shift Right practice, you’ll test a completely built and functioning application to ensure performance and usability traits. Reviews and feedbacks from targeted users further help in enhancing the quality of the software.
  • How to move to Shift Left?
    There are some key strategies that will help you shift left with your software testing: Demand planning Test analysts will engage with business and operational stakeholders, providing a forward view of demand. Having this view enables you to—ahead of time—plan and finalize: · The budget, · Resourcing, · Test strategies Demand planning is an integral part of the shift left approach and provides a starting point for all other activities in the test lifecycle. Static testing Static testing is carried out in the early cycles of the project and includes validation of requirements and design. The purpose of static testing is to find defects early in the life cycle that could prove to be very expensive to remove in the later phases of the project. Use appropriate checklists to verify and validate requirements and design. Log defects into a defect management tool. Unified test strategy  This is an overall, high level strategy for testing end-to-end—from unit testing through user acceptance testing (UAT), operational readiness testing (ORT), and post-deployment testing. The strategy will cover all phases of quality control, defining clear responsibilities. A unified test strategy allows you to analyze dependencies on environments, stubs, automation, and test data—ensuring that the respective teams can fulfill the needs. Risk-based analysis Risk-based analysis is carried out to determine the impact and likelihood of failure for each test scenario. This approach is used for functional, non-functional, and regression types of testing.
  • What Is Shift Left DevOps?

    The term “shift left” refers to the efforts of a DevOps team to guarantee application security at the earliest stages in the development lifecycle, as part of an organizational pattern known as DevSecOps (collaboration between development, security, and operations).

    To shift left means to move a process to the left on the traditional linear depiction of the software development lifecycle (SDLC). There are two common subjects of shift left initiatives in DevOps: security and testing.

  • What Does Shift Left Mean for Testing?

    Traditionally, application testing was implemented during the last phases of development, before being sent to security teams. If an application did not meet quality standards, did not function properly, or otherwise failed to meet requirements, it would be sent back into development for additional changes. This caused significant bottlenecks in the SDLC and was not conducive to DevOps methodologies, which emphasize development velocity.

    Shift left testing makes it possible to identify and fix defects much earlier in the software development lifecycle. This streamlines the development cycle, dramatically improves quality, and enables faster progression to later stages for security analysis and deployment.

  • What Does Shift Left Mean for Security?

    To shift security left means to implement security measures during the entire development lifecycle, rather than at the end of the cycle. The goal of shifting security left is to design software with security best practices built in, and to detect and fix potential security issues and vulnerabilities as early in the development process as possible, making it easier, faster, and more affordable to address security issues.

  • Why Shift Left Testing?

    By performing testing earlier in the development cycle, developers can catch problems early and fix them before they reach the production environment. Because issues are discovered earlier, developers do not waste time applying workarounds to flawed implementations, and operations teams are not tasked with maintaining a faulty application in production. Developers can identify the root cause of issues and change application architecture or modify underlying components to improve application quality.

    Another major advantage of shifting testing left is that testers are involved in the whole cycle, including the planning phase. Developers take on a secondary role as testers, becoming proficient in automated testing technologies and running tests as part of their day-to-day work. Testing becomes part of the “DNA” of the development organization, ensuring software is designed from the ground up with quality in mind.

  • Why Shift Left Security?

    Over the past two decades, IT has shifted left. Today development infrastructure is fully automated and operates on a self service basis:

    · Developers can provision resources to public clouds such as AWS, GCP, or Azure without involving operations or IT staff

    · Continuous integration and continuous deployment (CI/CD) processes automatically set up testing, staging, and production environments in the cloud or on-premises and tear them down when they are no longer needed

    · Infrastructure-as-Code (IaC) is widely used to deploy environments declaratively, using tools like Amazon CloudFormation and Terraform

    · Kubernetes is everywhere, enabling organizations to provision containerized workloads dynamically using automated, adaptive processes

    This shift has tremendously improved development productivity and velocity, but also raises serious security concerns. In this fast paced environment, there is little time for post-development security reviews of new software versions or analysis of cloud infrastructure configurations. Even when problems are discovered, there is little time for remediation before the next development sprint begins.

  • Key Benefits of Shift left Testing

    · Reduce costs: Time and resources can be quickly used up. Shift-left testing helps reduce that problem and saves you money.

    · Higher quality: Find bugs early and fix them before they become a problem in production

    · Higher efficiency: Increase your testing reliability by using the shift-left testing procedures and as such, deliver your product to market faster.

    · Competitive advantages: Shift-left testing helps to achieve high quality software products in a short amount of time.

  • Challenges of Shift-left Testing
    · Planning: Shift-left testing can be difficult to incorporate without an effective plan in place before you begin · Quality control: It’s not an easy task to maintain excellent quality levels during the training and transition phase · Developers: Developers can be resistant to testing and should be prepared to add testability to their skillset
  • Architect
  • What's the role of a security architect?

    This role ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.

  • What are the security architect Core Knowledge?

    Knowledge of business continuity and disaster recovery continuity of operations plans. Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). Knowledge of microprocessors. Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) Knowledge of computer algorithms. Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). Knowledge of installation, integration, and optimization of system components. Knowledge of human-computer interaction principles. Knowledge of remote access technology concepts. Knowledge of communication methods, principles, and concepts that support the network infrastructure.

  • What are the security architect core tasks?

    Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET). Document and address the organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. Employ secure configuration management processes. Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines. Identify and prioritize critical business functions in collaboration with organizational stakeholders. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.

  • What's the average salary?
    According to CyberSeek.org, the role of cybersecurity architect pays an average annual salary of $146144 (2021)
  • What are the Cybersecurity Architect Certifications required?

    Certifications play a vitally important role in the cybersecurity industry; they teach new skills, enable IT, professionals, to build upon their existing experience and expertise, and certify levels of competency to prospective employers. Several of the most notable certifications for cybersecurity architects and related professions include: Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) SANS-related certifications such as GIAC Defensible Security Architecture (GDSA)

  • How Do You Become a Cyber Security Architect?

    It takes some work and dedication to become a cybersecurity architect. This is a prestigious, well-paying career with lots of potential, but you need to put in the time and effort to get there. Fortunately, we’ll show you how to do this!

    First of all, you need some academic acumen. Conventional wisdom says you need a degree (Bachelor’s or Masters) in cybersecurity, computer science, information technology, or some other related major. If you don’t have this kind of educational background, you may be able to squeak by taking some classes that focus on IT.

    Moving away from academia to actual work experience, most businesses and organizations look for candidates with five to 10 years of IT experience in the workplace, including some work with systems analysis, application development, and business planning. Three to five of those years of IT experience should focus on security matters.

  • HIPAA
  • What's HIPAA?

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

    The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

  • What's the HIPAA Privacy Rule?

    The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.

  • Which individuals are covered by the HIPAA Privacy Rule?

    Healthcare providers: Every healthcare provider, regardless of the size of practice, who electronically transmits health information in connection with certain transactions. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which HHS has established standards under the HIPAA Transactions Rule.

    Health plans: Entities that provide or pay the cost of medical care. Health plans include health, dental, vision, and prescription drug insurers; health maintenance organizations (HMOs); Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers; and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.

    Exception: A group health plan with fewer than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity.

    Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.

    Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity. These functions, activities, or services include claims processing, data analysis, utilization review, and billing.

  • What's the HIPAA Security Rule?

    While the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called “electronic protected health information” (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing.

  • What entities need to do in order to comply with the HIPAA Security Rule?
    *Ensure the confidentiality, integrity, and availability of all electronic protected health information *Detect and safeguard against anticipated threats to the security of the information *Protect against anticipated impermissible uses or disclosures *Certify compliance by their workforce Covered entities should rely on professional ethics and best judgment when considering requests for these permissive uses and disclosures. The HHS Office for Civil Rights enforces HIPAA rules, and all complaints should be reported to that office. HIPAA violations may result in civil monetary or criminal penalties.
  • How does the HIPAA Privacy Rule affect my rights under the Federal Privacy Act?

    The Privacy Act of 1974 (U.S. Department of Justice) protects personal information about individuals held by the Federal government. Covered entities that are Federal agencies or Federal contractors that maintain records that are covered by the Privacy Act not only must obey the Privacy Rule’s requirements, but also must comply with the Privacy Act.

  • Can telemarketers obtain my health information and use it to call me to sell good and services?

    Under the HIPAA Privacy Rule, a covered entity can share protected health information with a telemarketer only if the covered entity has either obtained the individual’s prior written authorization to do so or has entered into a business associate relationship with the telemarketer for the purpose of making a communication that is not marketing, such as to inform individuals about the covered entity’s own goods or services.

    If the telemarketer is a business associate under the Privacy Rule, it must agree by contract to use the information only for communicating on behalf of the covered entity, and not to market its own goods or services (or those of another third party).

  • Can my health care provider discuss my health information with an interpreter?

    Yes.  HIPAA allows your health care provider to share your health information with an interpreter who works for the provider to help communicate with you or your family, friends, or others involved in your care.  If the interpreter is someone who does not work for your health care provider, HIPAA also allows your provider to discuss your health information with the interpreter so long as you do not object.

  • Does the HIPAA Privacy Rule require my doctor to send my medical records to the government?

    No. The Rule does not require a physician or any other covered entity to send medical information to the government for a government data base or similar operation. This Rule does not require or allow any new government access to medical information, with one exception: the Rule does give the Department of Health and Human Services Office for Civil Rights (OCR) the authority to investigate complaints that Privacy Rule protections or rights have been violated, and otherwise to ensure that covered entities comply with the Rule.

  • Will this HIPAA Privacy Rule make it easier for police and law enforcement agencies to get my medical information?

    No. The Rule does not expand current law enforcement access to individually identifiable health information. In fact, it limits access to a greater degree than currently exists, since the Rule establishes new procedures and safeguards that restrict the circumstances under which a covered entity may give such information to law enforcement officers.

  • soc1 soc2
  • What's SOC 1 ?

    A SOC 1 audit is an audit at a service organization related to internal control over financial reporting (ICFR). SOC 1 audits were developed by the AICPA and follow the Statement on Standards for Attestation Engagements No. 18 (SSAE 18).

  • What's SOC 2 – SOC for Service Organizations: Trust Services Criteria?
    The performance and reporting requirement for an examination of controls at a service organization relevant to security.
  • What's SOC 3 – SOC for Service Organizations: Trust Service Criteria for General Use Report?

    The performance and reporting requirements for an examination of controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy resulting in general use report.

  • What's SOC for Cybersecurity?

    The performance and reporting requirements for an examination of an entity's cybersecurity risk management program and related controls.

  • WHAT ARE THE DIFFERENCES BETWEEN A TYPE-1 AND TYPE-2 REPORT?

    A Type-1 report describes the service organizations control at a point in time.  This report focuses on the design of the controls to achieve the related control objectives. It includes the service auditor's opinion, management's assertion, and the description of the system.

    A Type -2 report focuses on both the design and operating effectiveness of controls over a period of time of at least six months. It includes all of the information in a Type-1 report with the addition of the service auditor's testing performed for each control. From an auditor's perspective, only the SOC-1 Type-2 report provides assurance over a service organization's controls relative to its client's financial transactions.

  • WHICH ORGANIZATIONS NEED A SOC REPORT?

    Any service organization that needs an independent validation of controls relevant to how it transmits, processes, or stores client data may require a SOC report.  Additionally, as a result of various legislative requirements like the Sarbanes-Oxley Act, as well as increased scrutiny over third-party controls, clients are increasingly requiring SOC reports from their service organizations.

  • How much does a SOC 1 audit cost?

    Pricing for a SOC 1 audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, and audit frequency. Pricing will also vary based on the report type you choose, inclusion of a gap analysis, or inclusion of additional remediation time.

  • DO THE SOC REPORTS HAVE THE AUDITOR'S OPINION?

    "Yes. A SOC report will contain the auditor's opinion covering the following areas: "

    - If the service organization's description of controls is presented fairly

    - If the service organization's controls are designed effectively

    - If the service organization's controls are operating effectively over a specified period of time (Type-2 report only)

    If the above items have been achieved by the service organization, the service auditor would issue an 'unqualified' opinion. If the above were achieved but the service auditor found significant exceptions (i.e. such that a control objective was either not in place or was not effective), the service auditor would issue a 'modified opinion'. If, however, the service organization materially failed one or more of the above, the service auditor would issue an “adverse” opinion.

  • CAN I DISTRIBUTE A SOC REPORT FOR MARKETING PURPOSES?

    No. Only SOC 3 reports can be distributed for marketing purposes. A SOC 3 report ordinarily is a general-use report, which means that management of the service organization may provide the report to anyone.

  • Who can perform a SOC audit?

    A SOC audit can only be performed by an independent CPA. CPAs must adhere to the specific standards that have been established by the AICPA and have the technical expertise to perform such engagements.

  • Hardware Security Module
  • What is a Hardware Security Module?

    The hardware security module (HSM) is a special “trusted” network computer performing a variety of cryptographic operations: key management, key exchange, encryption, etc.

    An HSM is trusted because it:

    1. Is built on top of specialized hardware. The hardware is well-tested and certified in special laboratories.

    2. Has a security-focused OS.

    3. Has limited access via a network interface that is strictly controlled by internal rules.

    4. Actively hides and protects cryptographic material.

  • How HSMs and Key Management works?

    HSMs are built to protect cryptographic keys. Large-sized banks or corporate offices often operate a variety of HSMs concurrently. Key management systems control and update these keys according to internal security policies and external standards. A centralized design of key management brings the advantage of streamlining the management of keys and providing the best overview for the keys across many different systems.

  • What is Cryptographic Key Management (CKM)?

    Cryptographic key management involves the handling of cryptographic keys and other related security parameters during the entire lifecycle of the keys, including their generation, storage, distribution/establishment, use, and destruction. CKM also includes the policies for selecting appropriate cryptographic algorithms and key sizes, the key-establishment schemes and protocols to utilize and support the generation or distribution of keys, the protection and maintenance of keys and related data, and the integration of key management with cryptographic technology to provide the required type and level of protection required by an organization.

  • Why is Cryptographic Key Management important?

    The proper management of cryptographic keys is essential to the effective use of cryptography for security. A cryptographic key is analogous to the combination of a safe. If an adversary knows the combination, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms.

  • What are key blocks?

    Key blocks are unique cryptographic structures with the general purpose of protecting keys outside of a strong security boundary (such as a FIPS or PCI-certified HSM). This enables the secure transfer of cryptographic keys over an insecure environment.

  • Is a key block the same as a key variant?

    No, a key block is typically not at all the same as a key variant. Key variants are older cryptographic structures than key blocks. They are also more ‘primitive'. Key variants protect application keys with a key-encryption-key (which is derived from a master key using a control vector - that corresponds to the application type - using XOR) and a simple ECB cipher mode. Using key variants, the application type is implicit - but with key blocks, all key metadata is explicit within the block.

  • Are key blocks secure?

    If they are well implemented, key blocks based on the TR-31 technical report are generally considered to be very secure. Key blocks are simple but efficient. In the payment industry, they are used to protect billions of cryptographic keys and PINs in various environments, for example, banking between ATMs and HSMs.

  • How many key block formats are there?
    Everyone's free to create their own key block format based on the TR-31 technical report, but the most common key block formats are: · Atalla key block · Thales key block · IBM key block · TR-34 key blocks · PKCS#8 key blocks
  • Is a key block the same as a key bundle?
    No. A key bundle is a primitive concept, anterior to key blocks, less general, and focused only on triple-DES.
  • Is a key block the same as key wrapping?

    No. Key wrapping is more complex and generalized than key blocks. It is described by ANSI X9.102. Key wrapping focuses on cipher-based key encryption algorithms itself.

  • Penetration Testing
  • What is Penetration Testing?
    Sometimes the best way to test out the security of a site or IT infrastructure is to try to break into it. Pen testing tries to mimic cyber attacks, hoping to find security vulnerabilities before hackers do. Penetration tests are a vital part of planning a security-first design for real-world applications.    
  • Why learn penetration testing?
    Penetration testing has many computer applications. Computer systems are more complex than ever, and with the addition of black box AI applications, security and remediation are critical to businesses and organizations.    
  • What is ethical hacking?
    Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.    
  • What are the key concepts of ethical hacking?
    Hacking experts follow four key protocol concepts: 1. Stay legal. Obtain proper approval before accessing and performing a security assessment. 2. Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries. 3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities. 4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.  
  • What is a bug bounty?
    A bug bounty is a monetary reward given to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application's developer. Bug bounty programs allow companies to leverage the hacker community to improve their systems’ security posture over time continuously.    
  • How Do Bug Bounties Work?
    Companies create bug bounties to provide financial incentives to independent bug bounty hunters who discover security vulnerabilities and weaknesses in systems. When bounty hunters report valid bugs, companies pay them for discovering security gaps before bad actors do.    
  • Red vs blue teams – what’s the difference?
    A red team is a group of offensive security professionals tasked with using real-life adversarial techniques to help organizations identify and address vulnerabilities across infrastructure, systems, and applications, as well as weaknesses in processes and human behavior. In contrast, a blue team, typically based in a Cyber Security Operations Centre (CSOC), is a group of analysts and engineers responsible for defending organizations from cyber-attacks through a combination of threat prevention, deception, detection, and response.  
  • Criminal Groups
  • 5 Cybercrime Groups Making Organizations Uneasy

    GlobalHell

    Though this group is said to have disbanded in 1999, GlobalHell can be credited with being one of the first hacking groups who gained notoriety for website defacements and breaches. Stealing private and financial information, GlobalHell's founder has said the group caused $2.5 million in damages. GlobalHell infiltrated the White House, Ameritech, the United States army and the U.S. Postal Service.

    TeaMp0isoN

    Founded by a skilled 16-year-old hacker, TeaMp0isoN hacked into the English Defence League and NATO without breaking a sweat. Rumors swirled that the hacking group disbanded in 2012, but they came back in 2015 with a new image: a white-hat security research group.

    Lizard Squad

    Most widely known for their distributed denial-of-service (DDoS) attacks, Lizard Squad took down the Malaysian Airlines website and Facebook, though Facebook denies this. More recently, Lizard Squad puts their hacking efforts to disrupting social media services. You're your business conduct your client and customer service and reviews online? Prepare for war.

    Iran’s Tarh

    Andishan Tarh Andishan apparently wants to control the world’s web-based systems. The group is estimated to have 20 members mostly based in Tehran, Iran. A talented hacker group, Tarh Andishan apparently grew out of a Stuxnet worm virus Iran claimed the US and Israel created. The Iranian government doubled-down on its cyber warfare. The group uses self-propagating software, systems, backdoors, SQL injection, and other techniques. One of the attacks for which the group is best known is “Operation Cleaver.” This hacker group has apparently hacked airline gates and security systems.

    The Level Seven Crew

    This hacker group’s name is rumored to be inspired by the seventh level of hell from Dante’s Inferno, ‘the violent’ level. The group hacked 60 high profile computer systems (NASA, Sheraton Hotels, The First American national Bank) in 1999. They hacked into the US Embassy in China’s website. The group disbanded in 2000.

  • Who Are the Cybercriminals?

    Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data and generating profit.

    Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade malicious goods and services, such as hacking tools and stolen data. Cybercriminal underground markets are known to specialize in certain products or services.

  • Is Hacking a Cybercrime?

    Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals. Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only seek to find new and innovative ways to use a system, be it for good or bad.

  • What are the differences between Cybercriminals and Threat Actors?

    Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent. Threat actors are individuals who conduct targeted attacks, which actively pursue and compromise a target entity’s infrastructure. Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad masses of victims defined only by similar platform types, online behavior, or programs used. Secondly, they differ in the way that they conduct their operations. Threat actors follow a six-step process, which includes researching targets and moving laterally inside a network. Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want from their victims. Note, however, that cybercriminals have also been known to adopt targeted attack methodologies in their operations.

  • Instructor
  • What Does a Cyber Security Instructor Do?

    A cyber security instructor works with adult students to teach them the techniques and technical knowledge that they need to protect a network against cyber attacks. As a cyber security instructor, you may work for a college or for a company that provides cyber security training to businesses. You communicate this information to both individuals and cybersecurity teams to help them develop the necessary strategies and skills to protect against threats to a company or organization’s computers

  • What's the Average Salary of a Cyber Security Instructor?
    $ 73456 / Annual
  • What are a Cyber Security Instructor Responsabilities?

    As a Cyber Security Instructor your job responsibilities entail that you regularly learn about the latest hacking techniques and newest vulnerabilities in computer systems

  • What are a Cyber Security Instructor Duties?
    Their duties include developing curriculum, creating learning materials, and assessing students’ progress and skills.
  • What Skills Make a Successful Cyber Security Instructor?

    A cyber security instructor needs to be able to teach a class or provide guidance in a computer lab in a calm, precise, and engaging way. Lastly, you must develop strong communication and presentation skills to teach course materials and mentor students successfully.

    To be successful in this job, you need in-depth knowledge of the content you teach, including cybersecurity best practices.

    In addition to an intimate understanding of equipment and techniques, you should have a well-developed teaching style.

    You also need to be organized and logical to create useful lesson plans and make sure that your courses meet the school or company’s training needs.

    Lastly, you must develop strong communication and presentation skills to teach course materials and mentor students successfully.

  • How to Become a Cyber Security Instructor?

    Most employers focus on qualifications related to cybersecurity certification. Earning certification shows that you demonstrate the skills needed to assist during a security breach and secure a network. Most employers expect instructors to have related work experience, learning cybersecurity best practices.

  • API Security
  • Why is API Security Important?

    API security is a key component of modern web application security. APIs may have vulnerabilities like broken authentication and authorization, lack of rate limiting, and code injection. Organizations must regularly test APIs to identify vulnerabilities, and address these vulnerabilities using security best practices.

  • Characteristics of REST API Security

    REST APIs do not have any built-in security capabilities—security depends on the design of the API itself.

    Security must be built in for data transmission, deployment, and interaction with clients.

    REST APIs do not have built-in error handling and need to resend data when an error occurs.

    A common architectural choice is to deploy REST APIs behind an API gateway. Clients connect to the gateway, which acts as a proxy, not directly to the REST API. This allows many security concerns to be addressed by the API gateway.

  • Why API Security Must Be a Top Priority?

    API development has increased astronomically in the past few years, fueled by digital transformation and the central role APIs play in both mobile apps and IoT.

    This growth is making API security a top concern. Given the critical role they play in digital transformation—and the access to sensitive data and systems they provide—APIs warrant a dedicated approach to security and compliance.

  • What Does API Security Entail?

    Because you only control your own APIs, API security centers on securing the APIs you expose either directly or indirectly. API security is less focused on the APIs you consume that are provided by other parties, though analyzing outgoing API traffic can also reveal valuable insights and should be applied whenever possible.

    It’s also important to note that API security as a practice overlaps various teams and systems. API security encompasses network security concepts such as rate limiting and throttling, as well as concepts from data security, identity-based security and monitoring/analytics.

  • How SOAP Style Works?

    The SOAP style of security is applied at the message level using digital signatures and encrypted parts within the XML message itself. Decoupled from the transport layer, it has the advantage of being portable between network protocols (e.g., switching from HTTP to JMS). But this type of message-level security has fallen out of favor and is mostly encountered only with legacy web services that have survived without evolving.

  • Additional API Security Threats

    Hackers are users, too

    Applying sophisticated access control rules can give you the illusion that the hacker is a valid user. The hacker may be an insider or may have signed up to the application using a fake email address or a social media account.

    Valid account, valid credentials

    Attackers have many ways to get access to valid credentials, from credential stuffing to buying them on the dark web. Because they know users reuse passwords, hackers can take over legitimate accounts, effectively bypassing the first layer of access control rules.

    Stolen token

    OAuth token can be leaked through phishing, public repos on GitHub and other ways. Since the vast majority of token confirmations are lightweight bearer tokens, this type of leaked token can be used from anywhere and by anyone until it expires.

    Outside-the-app scenarios

    Bypassing the client-side app, hackers poke around to find hidden vulnerabilities in your API. These vulnerabilities are hidden to the API provider as well.

    These are persistent API security risks. While they may be reduced by tightening security procedures, the risk never really goes away. The key to mitigating these risks is to leverage AI to detect anomalies as described earlier.

  • How do I Test API Security?

    Testing APIs is a complex and difficult task. The difficulty lies in the fact that there are usually a great number of possible states the API may end up in depending on the traffic. Developers typically test for the use cases they built the API for and limit the amount of testing for situations that fall outside those use cases. That often leads to launching an API with security vulnerabilities still present. There are tools designed to identify design and coding flaws before you go to production—and they should be used—but your testing should extend beyond their use to limit your exposure to hackers. Planning for possible API security vulnerabilities is the best course of action.

  • How do I Provide Security to a Web API?

    Web API security starts with proper authentication and authorization. After a user has been authenticated and has access to the web API, authorization is designed to limit the user’s access to data and other resources. Even if authentication and authorization are in place, enterprises need to ensure users are not misusing, abusing or hacking the API. API security tools are emerging to track API sessions and identify abnormal behavior. They can be used very effectively to deliver audit and forensic data, as well as flag when a hacker might be working on reverse engineering your API to breach the organization.

  • What is an Insecure API in Cloud Computing?

    An insecure API gives individuals access to resources without properly authenticating and/or authorizing access.

    -Without authentication, insecure APIs allow anyone, or the wrong people, to access applications, enterprise systems, data and other resources.

    -Even if authentication exists, the lack of an effective authorization process means any authenticated users can easily access enterprise systems, data and other resources, even when they should not have permission to access.

  • SOAR
  • What is SOAR?

    SOAR stands for Security Orchestration, Automation, and Response. SOAR platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR solutions then use a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions.

  • SOAR Software Capabilities

    The term is used to describe three software capabilities – threat and vulnerability management, security incident response, and security operations automation. SOAR allows companies to collect threat-related data from a range of sources and automate the responses to the threat. The term was originally coined by Gartner, who also defined the three capabilities. Threat and vulnerability management (Orchestration) covers technologies that help amend cyber threats, while security operations automation (Automation) relates to the technologies that enable automation and orchestration within operations.

  • What Security Operations Teams are Looking for?
    •  Automate Repeated Response Workflow
    • Save Time for Higher Priority Triage Tasks
    • Easy Standardized Response to follow
  • What is the Purpose of SOAR?

    Working in security operations can be a constant struggle. Speed and efficiency are vital, but it can be challenging to ensure that all your systems are working in harmony. Analysts are frequently overwhelmed by the volume of alerts from disparate systems. Obtaining and correlating the necessary data to separate genuine threats from false positives can be an onerous task. Coordinating appropriate response measures to remediate those threats is yet another challenge.

    The purpose of SOAR security is to alleviate all of these challenges by improving efficiency. It provides a standardized process for data aggregation to assist human and machine-led analysis and automates detection and response processes to help reduce alert fatigue, allowing analysts to focus on the tasks that require deeper human analysis and intervention.

  • What are the Benefits of SOAR?
    • Consolidate process management, technology, and expertise
    • Centralize asset monitoring
    • Enrich alerts with contextual intelligence
    • Automate response and perform inline blocking
  • SOAR vs SIEM – What’s the difference?

    SOAR and SIEM (Safety Information and Event Management) tools aim to address the same problem: the high volume of security-related information and events within organizations.

    While SOAR platforms incorporate data collection, case management, standardization, workflow, and analysis, SIEMs analyze log data from different IT systems to search for security issues and alert engineers.

    The two solutions can work in conjunction, with the SIEM detecting the potential security incidents and triggering the alerts and the SOAR solution responding to these alerts, triaging the data, and taking remediation steps where necessary. With SIEM platforms integrating SOAR-like functionality to increase response, SOAR can add significant value to an existing SIEM solution.

  • SOAR Challenges

    The main obstacle to the adoption of SOAR security continues to be the lack, or low maturity, of processes and procedures within SOC teams. This is why it is vital to gain expert advice when planning to implement SOAR.

    Additional pitfalls associated with the implementation of SOAR are:

    Unrealistic expectations: SOAR is not a silver bullet for addressing all security challenges. Organizations are at risk when implementing SOAR if they fail to set clearly defined use cases and realistic goals.

    Over-reliance on automation: It is vital to avoid simply relying on the playbooks and processes initially set up in SOAR. Companies need to ensure that they apply up-to-date security expertise to ensure that their SOAR is continually ready to respond effectively to new types of threats.

    Unclear metrics: Organisations are at risk of failing to gain the results they need from SOAR due to a failure to clearly define their parameters for success. It is important to understand the breadth of what they are trying to automate.

  • What is Incident Response?

    Incident response is the process of detecting security events that affect network resources and information assets and then taking the appropriate steps to evaluate and clean up what has happened. Cybersecurity incident response is critical to today's businesses because simply put, there is so much to lose. From the simplest of malware infections to unencrypted laptops that are lost or stolen to compromised login credentials and database exposures, both the short- and long-term ramifications of these incidents can have a lasting impact on the business.

  • Why do you need it?

    Networks, software, and end-users can only reach a certain level of resilience. Oversights will occur, and mistakes will happen. What matters is what you have done, in advance, to minimize the impact of a security incident on your organization. You can't prevent hackers from existing, but you can be proactive in prevention and response. That's why having a functional team, the proper technologies, and a well-written incident response plan are essential for being able to respond to such events in a prompt and professional manner.

  • Is it Important to have an IR Team?

    A good incident response program starts with building a great team. Without the right people, security policies, processes, and tools mean very little. An IR team is made up of a cross-functional group of people from diverse parts of the business, including IT and security, operations, legal and public relations. One or more of these roles could -- and should -- be at the executive management level. The reason for this is to ensure the highest level of decision-making and that the business's best interests are kept in mind.

  • NYS-DFS
  • Are there any penalties for non-compliance?

    Under the new DFS scheme, company executives must certify compliance with the NY DFS regulations on an annual basis. Should those certifications prove incorrect, they could provide the basis for the DFS or consumers to make claims against banks, insurers and other financial services firms for breach of such certification.

    The proposal notes that its requirements will be enforced “under any applicable laws,” which include laws: e.g., New York Banking Law, New York Insurance Law That contain individual civil and criminal penalties for intentionally making false statements to DFS

  • What should my business do to be compliant?

    Map internal and external products / devices that store data Log and require company equipment used to be covered under your data security policy and ensure data encryption is utilized.

    Items such as, but not limited to: servers, hard drives, SSDs, USB Flash drives, computers and mobile devices.

    Inventory Analysis Evaluate the amount of personal data in totality. Purge Eliminate archives of unnecessary personal identifiable information (PII).

    Controllers of Information Review privacy risk and impact assessments. Contracts Future-proof your business by enacting policies now that become mandatory after the effective start date of February 2018

    Data Breaches Regulation requires notice within 72 hours.

  • How does New York's Cybersecurity Regulation (23 NYCRR Part 500) affect my business?

    Business within the banking, insurance and other financial services industry within New York City or if you provide a service or on contract as a vendor to these industry firms, you will need to follow and be subject to these rules as well.

    You will also need to be compliant to the regulation and rules in having the right systems in place for security and data storage encryption of information. Requires organizations who process or hold personally identifiable information to implement adequate security measures to protect personal data loss.

       
  • Penetration Tester
  • What's the average salary of a Penetration Tester?
    Cyberseek (US) lists the average salary for Penetration and Vulnerability Testers at $102,000. (Shows the average advertised salary listed in online job openings from October 2020 through September 2021.  
  • Common job titles for Penetration Testers
    Ethical Hacker, Security Analyst, Security Auditor, Security Consultant, Senior Security Analyst, Web Application Tester.
  • What are the top certifications for Penetration Testers?
    SANS/GIAC Certification (Various), Certified Information Systems Auditor (CISA), CompTIA Security+, Certified Ethical Hacker (CEH)
  • What does a Penetration Tester do?
    Their job involves infiltrating computer systems to detect and address vulnerabilities that non-ethical hackers could exploit to cause untold havoc. Penetration testing is typically tailored to the individual organization and the industry it operates in; some industries, such as health care and banking, rely on pen testing to maintain compliance with industry security standards.
  • Are Bug bounty and pentesting the same?
    No. One of the differences is that, in pen testing, a limited number of specialists are typically looking for specific vulnerabilities, whereas bug bounty programs welcome any number of specialists to find uncertain vulnerabilities. Additionally, pen testers are typically paid hourly or annual wages, while bug bounty participants operate on a pay-for-results model that offers greater compensation for higher-severity bugs discovered.  
  • ADVERTISEMENT

    BOOKS (10)

    ADVERTISEMENT

    COURSES & EDUCATION

    ADVERTISEMENT

    DEFINITIONS

    Big Bang Model – Definitions

    The Big Bang model is an SDLC model where we do not follow any specific process. The development just starts with the required money and efforts as the input, and the output is the software developed which may or may not be as per customer requirement.

    Read more
    ADVERTISEMENT

    DOCUMENTS

    ADVERTISEMENT

    ENTERTAINMENT

    Digital Innovator Podcast

    Hosted by best-selling O’Reilly author and tech thought leader Ken Yarmosh, Digital Innovator is your place for insight into the world of better remote work, technology, apps, tools, and more.

    Read more
    ADVERTISEMENT

    QUOTES

    No Content Available

    Welcome Back!

    Login to your account below

    Retrieve your password

    Please enter your username or email address to reset your password.