information
now browsing by tag
#cybersecurity | #hackerspace | Ohio Chief Information Officer Shares 2020 IT Strategies
Source: National Cyber Security – Produced By Gregory Evans When Ohio Attorney General Mike DeWine was elected as the 70th governor of Ohio in November, 2018, he appointed Ervan Rodgers II as the State’s chief information officer (CIO). Rodgers, who served as CIO at the Ohio Attorney General’s Office for more than four years under […] View full post on AmIHackerProof.com
#hacking | Chinese hackers bypass two-factor authentication | Information Age
Source: National Cyber Security – Produced By Gregory Evans A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report. The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure
Source: National Cyber Security – Produced By Gregory Evans
The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.
The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.
The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.
Reluctance to Share
I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.
I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.
Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.
Gaining Momentum
Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.
He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.
The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.
The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | FBI gives tips on how to keep your information secure
Source: National Cyber Security – Produced By Gregory Evans
JACKSON, Tenn.– Internet-enabled theft, fraud and exploitation were responsible for $2.7 billion in losses in 2018. The victim could be anyone who uses a connected device, including you.
The Federal Bureau of Investigation says its Internet Crime Complaint Center took in a an average of 900 complaints every day last year, ranging from non-payment scams to pyramid schemes.
Jeremy Baker is one of the people investigating these crimes. To prevent them, he has some tips you can do right at home.
“Just like your personal hygiene, you want to shower every day, you want to bathe, want to smell good, your cyber hygiene is the same thing. Just be in good shape,” Assistant Special Agent-in-Charge Jeremy Baker told WBBJ 7 Eyewitness News.
The first thing he said was to have multi-layer authentication.
“If you log into your email and give your username and password, it won’t let you in just yet. It’ll do at least one other step like text you a code or email a different account a code and you put that in and go in,” he said.
To set that up, go to your email account, click security, and turn on the two-step verification.
Also, check your passwords.
“Think about somebody sitting in their mother’s basement all day trying to guess what your password is. Make it hard for that person to do it,” Baker said.
He said the passwords should be long and unpredictable.
“So, if I’m a Green Bay Packers fan, I shouldn’t make it ‘Green Bay Packers Fan,’” Baker said.
And if you post about the Packers all over social media, hackers might be able to use that.
“I’ve actually seen some huge cases where some industrious and creative criminals tracked executives on social media,” he said. “That is exactly how they got millions of dollars out of these large companies. Because they knew exactly what to say and when to say it and when to hit, based on the executive’s availability or lack-of availability.”
Keeping that safe is as easy as changing the privacy setting on social media from public to private.
But, most importantly, trust your gut. If you see a website or email that doesn’t look secure, don’t click or open it.
“Because those are actually the two biggest things we still see, even as complicated as technology gets, it’s usually caused by people opening or clicking things they shouldn’t,” Baker said.
And, the FBI says give the computer a break and turn it off. If the computer isn’t on, hackers can’t get into it.
“Make it hard for the bad guys to make you a victim,” he said.
Baker also offers a few other tips:
Use different computers for internet use and private use.
Install and keep up with anti-virus protection and software.
Keep your computer, tablet and phones up-to-date with the latest software, as the makers are constantly researching and updating.
And, back up your data.
The post #cyberfraud | #cybercriminals | FBI gives tips on how to keep your information secure appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Netflix email scam tells victims to ‘update your payment information’, news update
Source: National Cyber Security – Produced By Gregory Evans If you receive an email from Netflix telling you to update your payment information immediately, you could be the victim of sophisticated new scam. The streaming giant has once again been embroiled in a phishing email scam, which uses the same branding and username seen with […] View full post on AmIHackerProof.com
Information Security Compliance Associate
The nature of audit is changing as the systems which underlie our operations become more sophisticated and robust. With this increased sophistication comes increased reliance on technology-related controls to mitigate operational and financial risk, as well as increased access to transaction-level data. You will be responsible for assisting in all aspects of execution: from identifying opportunities for us to focus on, to developing the infrastructure and analyses to make progress in those areas. Further, you will serve as an Information Technology subject matter specialist and support the execution of Operational, Financial and Technology-related reviews.
In this capacity you will execute planned audit procedures, working to identify any issues and solve problems at the root cause. You’ll help the team understand how the audit function supports our overall business objectives and participate in scoping internal audits and risk assessments through an established process. You’ll be on top of deadlines and will create scalable reporting systems to communicate results of audits to both internal audiences and regulatory compliance agencies. You have a hands-on, tactical approach for resolving issues, and an eye for detail ensures that everything is balanced at the end of the day.
https://www.indeed.com/viewjob?jk=4935c12a6c9c3e00&tk=1ci6t2i20b960c6c&from=serp&vjs=3
The post Information Security Compliance Associate appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Information Security & Privacy Associate Analyst
Partners HealthCare(PHS) – Somerville, MA
As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
General Overview
With guidance from senior members of the team, this individual assists with the Partners HealthCare enterprise-wide information security risk management program through active engagement with business owners including information gathering, risk analysis, and reporting.
The Information Security & Privacy Associate Analyst (ISPAA) is responsible for coordinating and scheduling information security & privacy assessments with business owners, working with team members to conduct assessments and develop remediation plans using evolving business processes and tools, documenting the effort in Archer, and following up with business owners on remediation plans.
Principal Duties and Responsibilities
1. Work with team members to coordinate and perform information system and third-party risk assessments, following a NIST-based methodology.
2. Assist in guiding business owners and end-users on the implementation of solutions that comply with IS security policies and standards.
3. Assist in prioritizing departmental tasks including new risk assessments and cybersecurity variance requests according to departmental processes.
4. With guidance from other team members, document assessments, variances, findings, and remediation plans in Archer.
5. Maintain a current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.
6. Maintains awareness of new technologies and related opportunities for impact on system or application security.
7. Conduct information security research in keeping abreast of latest security issues and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.
8. Uses the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
9. Local travel to PHS Sites
10. Performs other duties as assigned.
Qualifications
Bachelor’s degree (B.A. / B.S.) or equivalent in computer science, business administration, or equivalent discipline from an accredited college or university required.
1-2 years of experience in IT/IS required.
1-2 years of exposure to information security or information privacy functions.
Knowledge of HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities a plus.
Knowledge of NIST 800-53, ISO 27K, GDPR, PCI-DSS is desirable.
Legal background is desirable.
Any of the following certifications is a plus:
ITIL, any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP
Skills, Abilities and Competencies
1. The candidate for this role must have very strong business and analytical skills to represent the information security & privacy office policies.
2. Outstanding time management and organizational skills required.
3. An ability to work under the required guidelines and deliver on business/project requirements.
4. Ability to work with both team members and staff in a professional manner.
5. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives.
6. Possess ability to recommend to ISPO leadership team to prioritize project related tasks.
7. Excellent written and verbal communication and effective interpersonal skills is critical.
8. Understanding of Windows, Unix/Linux operating systems, security administration, virtualization, and TCP/IP networking.
9. Ability to work independently with minimal supervision.
EEO Statement Partners HealthCare is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.
Primary Location
: MA-Somerville-Assembly Row – PHS
Work Locations
:
Assembly Row – PHS
399 Revolution Drive
Somerville 02145
Job
: Information Security
Organization
: Partners HealthCare(PHS)
Schedule
: Full-time
Standard Hours : 40
Shift
: Day Job
Employee Status
: Regular
Recruiting Department : PHS Information Systems
Job Posting
: May 24, 2018
The post Information Security & Privacy Associate Analyst appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
International Workshop on Future Information, Security, Privacy and Forensic for Complex Systems (FISP)
General Cybersecurity Conference
August 13 – 15, 2018 | Gran Canaria, Spain
Cybersecurity Conference Description
Availability, integrity and secrecy of complex information systems are increasingly important requirements for modern society as well as nations as with every passing day computers control and administer more and more aspects of human life. We entrust much of our lives to information and computer technologies (ICT’s). However, it is difficult and challenging task to understand security risk and to provide effective security solution as attackers only need to find a single vulnerability but developers or system administrators need to find and fix all vulnerabilities. In addition, cyber space is considered as fifth battle-field after land, air, water and space.
The aim of FISP-2018 is to provide a premier international platform for wide range of professions including scholars, researchers, academicians and Industry people to discuss and present the most recent challenges and developments in “Information Security, Privacy and Forensics for Complex systems” from the perspective of providing security awareness and its best practices for the real world. After the high success of the previous edition (FISP’2017) in conjunction with 12th International Conference on Future Networks and Communications 2017 (FNC-2017), Belgium, the fourth International Workshop on Future Information Security, Privacy and Forensics for Complex systems (FISP-2018) will continue to open to submit novel and high quality research contributions as well as state of the art reviews in the field of information security and privacy. We anticipate that this workshop will open new entrance for further research and technology improvements in this important area.
The post International Workshop on Future Information, Security, Privacy and Forensic for Complex Systems (FISP) appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
The 4th International Conference on Engineering and Information Technology
General Cybersecurity Conference
August 7 – 9, 2018 | Taipei, Taiwan
Cybersecurity Conference Description
International Conference on Engineering and Information Technology (ICEIT) is an international platform for researchers, scholars and practitioners to discuss interdisciplinary research and practices in the fields of Biomass & Bioenergy, Biomedical Engineering, Engineering Management, Construction Technology, Multimedia Technology, Electrical Machines and Adjustable Speed Drives and a lot more.
The post The 4th International Conference on Engineering and Information Technology appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Asia Joint Conference on Information Security (AsiaJCIS)
General Cybersecurity Conference
August 8 – 9, 2018 | Guilin, China
Cybersecurity Conference Description
The Asia Joint Conference on Information Security (AsiaJCIS) will be held in Guilin, China. The focus of this conference is on the technical and practical aspects of the security applications. The conference will serve as a forum to present new results from the academic research community as well as from the industry. Original papers are solicited for submission to AsiaJCIS. In addition, several distinguished security experts will be invited to give technical talks.
The post Asia Joint Conference on Information Security (AsiaJCIS) appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
D5 Creation