cyber

now browsing by tag

 
 

IT Cyber Security Manager

Ferris State University – Big Rapids, MI

The IT Cyber Security Manager is responsible for managing the IT Cyber Security Services team, development and implementation of security strategies, coordinating incident response activities, applying best practices and monitoring compliance with IT procedures, University policy and applicable law. The IT Cyber Security Manager will work with leadership and IT Services staff to ensure university devices and data are appropriately protected.

Posting Date 04/13/2018 Initial Application Review Date 04/29/2018 Closing Date Open Until Applicants are Selected, Selected for interview, or Position Filled Yes Special Instructions to Applicants
Required Qualifications
Required Education
Bachelor’s degree.

Required Work Experience
Five years of professional work experience in IT cyber security with a strong working knowledge of operating systems, network utilities, and security software. Knowledge of classified and open source research and data analysis methods and techniques. Knowledge in the collection, analyzing, and dissemination of criminal intelligence information.

Required Licenses and Certifications
CISSP certification

Additional Education/Experiences to be Considered
Additional Education/Experiences to be Considered
Preferred: Bachelor’s or Master’s degree in information security or related degree. Previous management and/or project management experience. Experience in hardening server operating systems and servers. CHFI, CEH, Security+, or Network+ certifications.

advertisement:

The post IT Cyber Security Manager appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why the #cyber #security #skills #gap is so #damaging

The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. A report by job listings site Indeed found that the UK has the second largest demand for skilled IT professionals in the world. But what effect is this having on organisations, and how can it be mitigated?

The most obvious effect is that it’s increasing the workload of existing staff. In many cases, employees’ time and resources are spread so thinly that the quality of the work suffers. Employees often say that they spend too much time on incident response and not enough on planning ways to prevent incidents from recurring and to mitigate the risk of serious incidents.

Organisations that know that they are understaffed are often forced to hire people who lack the necessary skills and experience. Although these new recruits can help with routine work, senior staff will need to provide on-the-job training, which prevents them performing their own tasks.

All of this means that organisations are unprepared for major security incidents, which could cause substantial damage and affect business operations.

There’s another problem. The increased demand for cyber security staff has given those with the right skills considerable leverage over employers. Someone with the right skillset could find work practically anywhere, so organisations need to give them a reason to choose them. This typically means generous pay rises, with the average cyber security wage increasing by 10% in 2017.

Filling the skills gap
Commenting on Indeed’s report, Mariano Mamertino, economist for Europe, the Middle East and Africa at the organisation, said: “The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.

“This should serve as a wake-up call to Britain’s tech sector – it must pull together to […] attract more people into cyber security roles.”

However, some cyber security experts believe the skills shortage is a “myth”. They argue that there are plenty of people with the skills to work in the field, but because we treat cyber security as a standalone discipline, rather than placing it under the much wider umbrella of IT, many people don’t consider it a career they are equipped to pursue.

Some organisations have begun to address this. A 2017 survey by (ISC)2 found that hiring managers were exploring new recruitment strategies and attempting to entice previously unqualified people.

The report states: “Individuals with non-technical previous careers often rise to become key decision makers in their organizations: globally, 33% of executives and C-Suite professionals began in a previous non-technical career.”

It adds: “It will be important, if not essential, to consider the relevant educational foundations, training and professional development opportunities that support the breadth of people with potential to enter the field in order to fill the worker shortage.”

If you’re interested in a career in cyber security, you’ll need to demonstrate your knowledge by way of professional qualifications. Cyber security is a complex, multidisciplinary field and has careers to suit any number of skills, so it’s worth taking some time to research which specialties are right for you.

For example, if you’re interested in the way you can use hacking skills for good, you might want enrol on our Certified Ethical Hacker (CEH) Training Course. An ethical hacker is someone that an organisation hires to look for vulnerabilities in its systems or applications, allowing it to address problems before they are exploited.

The Certified Ethical Hacker (CEH) certification is globally recognised as the vendor-neutral qualification of choice for developing a senior career in penetration testing and digital forensics. Our course is led by an information security consultant with over ten years’ experience.

You might also be interested in our Managing Cyber Security Risk Training Course. This three-day course helps practitioners formulate plans and strategies for improving cyber risk management in their organisations. It draws on real-life case studies and provides insights that will enable you to create a blueprint for a plan that includes the implementation of technical measures and accounts for the people, processes, governance, leadership and culture in your organisation.

advertisement:

The post Why the #cyber #security #skills #gap is so #damaging appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Security Summit Brazil

General Cybersecurity Conference

 July 27 – 28, 2018 | Sao Paulo, Brazil

Cybersecurity Conference Description

Companies around the world face major cyber threats. An astonishing array of malicious interests fall on them, ranging from cases of fraud, theft of personal identity or intellectual property to industrial espionage, service interruption, physical damage, blackmail, among others.

Cyber ​​Security Summit Brazil, a cybersecurity conference in Brazil, will bring together senior professionals (CEO, CIO, CISO, CTO, CRO), government officials, directors, IT managers and analysts, security and technology experts to discuss the challenges of the current threats in cyberspace.

The intent of the Cyber ​​Security Summit 2018 conference – brought to you by CyberEdTalk is to promote a forum among corporate experts, IT and technology managers, software companies, public sector organizations, consultants and research institutes to discuss the great issue of day: How to protect or continue online with corporate systems, communications and information from cyber attackers?

advertisement:

The post Cyber Security Summit Brazil appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack

Former U.S. Director of National Intelligence and Navy Vice Adm. Mike McConnell advocated today for stronger protection of digital data transfers and for universities to play a key role in filling cyber security jobs.

McConnell was among the keynote speakers at the 2018 SEC Academic Conference hosted by Auburn University. The conference, which is ongoing through Tuesday, is focused on the topic of “Cyber Security: A Shared Responsibility” and brings together representatives from the SEC’s 14 member universities along with industry experts in the area of cyber security.

McConnell is encouraging the use of ubiquitous encryption as a solution for stronger data protection.

“As we go to the cloud…ubiquitous encryption of some sort would be used so that if anybody accessed that data, you can’t read it. If you’re moving [the data] from point A to point B, it scrambles so you can’t read it,” he said.

McConnell understands that stronger data security can come at a cost for others, including law enforcement who may need to access data within a device during a criminal investigation.

“What I’m arguing is the greater need for the country is a higher level of [data] security. If that’s the greater need, then some things of lesser need have to be sacrificed. So when I say ubiquitous encryption, that’s what I’m attempting to describe. It is protecting the data that is the very lifeblood of the country,” McConnell said.

McConnell also addressed how academia can help in securing the nation from cyber attacks.

“We have about 300,000 job openings across the United States for which there are no cyber security-skilled people to fill those jobs,” he said. “Universities are debating academically ‘What is cyber security?’ and ‘How do you credit the degrees?’ and ‘How do you get consensus on what it is and what it should do?’”

He urged universities to move more quickly on coming to a consensus so they can get certified and accredited to start producing students who can fill those jobs.

Glenn Gaffney, executive vice president at In-Q-Tel, also spoke to the role higher education institutions can play in cyber security during his keynote address at the conference.

“It is at the university level where we don’t have to take a top-down approach,” Gaffney said, adding that universities can work together, through research and student involvement, to create proactive solutions to cyber security. “This is where the next generation of leaders will be developed. It’s here that these dialogues must begin. This is the opportunity.”

Ray Rothrock, CEO and chairman of RedSeal Inc., was the day’s third speaker, presenting on the topic of “Infrastructure: IoT, Enterprise, Cyber Physical.” Rothrock also held a signing for his new book, “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

Attendees at the conference are exploring computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect information stored, transmitted and processed with technology.

Students at each SEC member university participated in a Cyber Challenge and presented posters displaying their work in the area of cyber security.

advertisement:

The post Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #Security #Continues To #Infiltrate #Various #Industries, Including #Work #Comp

Sarasota, FL (WorkersCompensation.com) – When a claim is initiated in the work comp process, there is personal information that becomes an integral component in ensuring that the claim is handled properly. The personal information is distributed among interested parties such as court officials, lawyers, employers and medical professionals through technological devices. Even with thorough due diligence and treatment from the interested parties involved, personal information can be obtained by sources that should not have access to this important data.

“Anyone can be a target. It is a huge undertaking to protect the integrity of data especially where it has human identifiers such as a social security number, date of birth, medical information,” Judge David Langham said. Langham serves as the deputy Chief Judge of the Florida Office of Judges of Compensation Claims. “Cyber security is a subject that everyone wants to talk about.”

Judge Langham and his colleagues keep a close eye on the marketplace to be informed of any changes to cyber security as well as the rumbling of any potential threat that could harm data collection for workers’ compensation. The office has been collaborating with other judges throughout the United States to increase their awareness of cyber security. “We try to stay ahead and be proactive to maintain proper security protocols,” Judge Langham said.

Since 2017, the Department of Homeland Security (DHS) has been given the task of tracking any potential breach of security both nationally and internationally. It has been reported that more than 1 million people within the United States have fallen victim to a cyber scam. From skimming money from a personal bank account to running up a credit card bill at the local food store, hackers have found a way to invade someone’s personal privacy.

In the case of a work compensation claim, a potential threat can affect the distribution of monetary support for an injured worker. With respect to employers or medical professionals who have access to workers’ compensation data, the DHS encourages these users to be trained on how to protect and maintain critical data. The training is outlined in the DHS-sponsored “Stop.Think.Connect” program.

The program highlights various ways to enhance the security of databases and servers. Some tips from the program include:

Change passwords frequently and do not reuse the same passwords.
Once the information is received by the third party through email or another electronic transmission, the original documentation should be destroyed or deleted.
Wipe clean any digital devices with spyware frequently to get rid of any new viral activity.
Use a specific database or encrypted software to receive or transmit electronic data.
Lawyers that are involved in workers’ compensation claims are trying to keep up with ever-changing facets of cyber security.

“Nothing is uniform. It is a big crossword with so many pieces coming into play, “ Jon Gelman said, a New Jersey-based attorney with a primary focus on workers’compensation.

In a seminar for the New Jersey Institute of Continuing Legal Education, Gelman discussed how the National Institute of Standards and Technology (NIST) has developed a concept how new federal regulations on cyber security will protect everyone involved with workers’ compensation.

“The NIST framework for cyber security is gaining notoriety and is being used by several entities,” Gelman said. For example, the Employment and Health Service Department in Contra Costa County, CA is utilizing the NIST Cyber security framework to provide data protection on their databases.

Despite the current efforts of the federal government to provide cyber security for national and international threats on public and private information, Gelman believes that this is a tip of the iceberg in maintaining the integrity of personal data.

“There is always a potential threat in security. We need to be diligent in protecting personal information,” he said.

advertisement:

The post Cyber #Security #Continues To #Infiltrate #Various #Industries, Including #Work #Comp appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Should #Companies be #Fined for Poor #Cyber Security?

Companies in the UK are being fined by the government for not properly securing their data. Is this a model the U.S. and other countries should adopt?

News broke recently that there would be fines of up to £17m in the UK for companies that have poor or inadequate cyber security measures in place. Specifically, if a company fails to effectively protect themselves from a cyber security attack, they could be subject to a large fine from the government as a “last resort” according to Digital Minister Matt Hancock. The U.K. also placed industry-specific regulations on essential services. Essential services industries such as water, health, energy and transportation are expected to have stronger safeguards against cyber attacks.

Cyber Security Inspections to Take Place

In order to keep companies compliant with cyber security regulations, the UK government will now have regulators inspect cyber security efforts in place. Essential services (think water, healthcare, electricity, transportation, financial) will face more scrutiny than other companies. If a regulator finds a company does not have security safeguards in place, the company will have to come up with a plan for beefing up cyber security. Fines will be brought down on companies that continue to fail at implementing the proper securities.

Cyber Attacks Becoming More Dangerous

The essential services people use every day are being targeted by cyber attacks at an increasingly high rate. This can make for extremely dangerous situations, such as the WannaCry attack that hit several National Health Service (NHS) facilities and impacted several hospitals’ abilities to admit patients. It was later found that this attack could have been prevented with proper cyber security efforts in place.  It also means that services people depend on every day — from electricity, to water, to industrial safety systems — could all be at risk.

This makes it clear why the UK government has chosen to regulate cyber security, particularly among companies who provide services they deem essential to the public. It also begs the question as to if the United States should follow suit. U.S. companies have fallen victim to their fair share of cyber attacks. These attacks have disrupted the lives of Americans who depend on the services affected or who are having sensitive information accessed by the attackers.

What Safeguards are Currently in Place?

While it is obviously in a company’s best interest to have cyber security precautions in place rather than cleaning up the mess of an attack afterwards, that doesn’t mean everyone invests as much as they should in cyber security. In the U.S. there are a few federal regulations in place to establish a bare minimum for cyber security in certain essential industries.

HIPAA (1996): HIPPA introduced provisions for data privacy and data security of medical information. All companies and establishments dealing with medical information must have specific cyber security measures in place.
Gramm-Leach-Bliley Act (1999): The Gramm-Leach-Bliley Act states that financial institutions in the U.S. must share what they do with customer data and information and what protections they have in place to protect customer data. Noncompliance means hefty fines for financial institutions and could lead to customers taking their business elsewhere.
FISMA (2002): FISMA was introduced under the Homeland Security Act as an introduction to improving electronic government services and processes. This act ultimately established guidelines for federal agencies on security standards.
Critics state that these three regulations are good for establishing minimum security, but do not go far enough. Compliance with all of these regulations have not been robust enough to safeguard against advanced cyber attacks in recent years. There have been clear breaches of cyber security measures that have occured in the medical, financial and government sectors over the past years. While some state governments have put additional regulations in place, the general consensus is that individual companies should be responsible for beefing up cyber security as they see fit.

Cyber Security Investments Should be Increased
At the end of the day, U.S. companies will need to make the decisions that are best for their businesses and customers about what level of cyber security protection is necessary. Marcus Turner, Chief Architect at Enola Labs Software, often discusses cyber security measures with his clients, stating:

“Ultimately, high levels of cyber security are a necessary and worthwhile investment for businesses that care about protecting their customers and safeguarding their businesses. I often tell businesses that they can pay an upfront cost now to protect their data, or wait until a cyber security attack and pay an even bigger price later to clean up the mess. Waiting may very well cost you your business”.

This year we are expecting a much higher investment in cyber security, so it will be interesting to see if this is enough to hinder government intervention or if additional U.S. government regulation of cyber security becomes necessary.

advertisement:

The post Should #Companies be #Fined for Poor #Cyber Security? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Africa Cyber Defense Summit 2018

General Cybersecurity Conference

 July 9 – 10, 2018 | Nairobi, Kenya

Cybersecurity Conference Description 

The World Economic Outlook 2017 has recognized that Africa currently hosts some of the fastest growing economies in the world and that the entire continent is set for a huge economic transformation. Information and communication technology and cyberspace are key enablers of African national visions including Kenya’s Vision 2030 which aims to use science, technology and innovation to transform Kenya into an industrialized and secure middle-income country.

Given the role of ICTs in Africa’s rapid economic growth, cybersecurity breaches and attacks have the potential to slow down development. It is urgent and important to drive vigorous African cybersecurity dialogue and action to enable the continent to secure our critical infrastructure and protect our sensitive data.

It is with this in mind that the Ministry of ICT, Kenya, the International Telecommunications Union and the African Union have partnered with Naseba and the Africa Cyberspace Network to hold the Africa Cyber Defence Summit scheduled for 09-10 July, 2018 at KICC, Nairobi, where over 300 delegates from across Africa and partners from across the globe will sit together address cybersecurity issues, enhance our continental cybersecurity strategies and promote cybersecurity-oriented businesses.

advertisement:

The post Africa Cyber Defense Summit 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #security a #priority for #area #election #officials

With election season quickly approaching, Grand Island workers are taking steps to secure their data.

Election officials from across the state are taking advantage of training opportunities to stay up-to-date on cyber security measures.

Last fall Secretary of State John Gale hosted a big presentation. Tracy Overstreet, the Hall County Election Commissioner attended.

Overstreet had the opportunity to meet with officials from Homeland Security and the FBI to learn about ways to protect elections from hackers.

She says there are also risk-assessment analysis taking place on the state and local level right now.

“We’ve got the anti-virus software, we’ve got the firewalls up. The election information isn’t even available to any outside site. The only thing that comes out of the election office that goes out to the election site is our election results on election night,” said Hall County Election Commissioner Tracy Overstreet.

Overstreet says Hall County still uses paper ballots for their elections. She feels this provides even more security and also a paper trail to refer back to.

advertisement:

The post Cyber #security a #priority for #area #election #officials appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

17th European Conference on Cyber Warfare and Security (ECCWS)

General Cybersecurity Conference

 June 28 – 29, 2018 | Oslo, Norway

Cybersecurity Conference Description

ECCWS 2018 is organized in conjunction by the University of Oslo (UiO) and the Norwegian Institute of International Affairs (NUPI). UiO was founded more than 200 years ago, and is the oldest and highest ranked university in Norway. NUPI was founded more than 50 years ago and is Norway’s leading research institute in the domain international affairs.

ECCWS offers a unique opportunity for networking, for learning, and for exploring new or challenging ideas and questions. We are very much looking forward to seeing you at ECCWS 2018 in Oslo.

advertisement:

The post 17th European Conference on Cyber Warfare and Security (ECCWS) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

OPCDE Cyber Security Kenya

General Cybersecurity Conference

 June 27 – 28, 2018 | Nairobi, Kenya

Cybersecurity Conference Description 

opcode: short for operational code, it is a number that determines the computer instruction to be executed. OPCDE_, the most technical security conference of the Middle East, holds its annual and inaugural event on April 6-7, 2018 at the Dubai Future Accelerator, Emirates Towers, Dubai, UAE. The conference will feature a number of keynote speakers and panelists from around the globe, who will be approaching the topic at hand from a purely technical perspective.

advertisement:

The post OPCDE Cyber Security Kenya appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures