security
now browsing by tag
SANS Security Awareness Summit
General Cybersecurity Conference
August 6 – 15, 2018 | Charleston, South Carolina, United States
Cybersecurity Conference Description
The 5th annual SANS Security Awareness Summit is on and it’s lining up to be bigger and better than ever. Every year, we strive to provide the very best forum for security awareness officers looking to take their program to the next level! Our promise is to provide actionable lessons you can take back and apply right away within your own organization, with a focus on your industry, employee base, and current maturity level. This two-day Summit includes expert awareness-focused talks, interactive discussions, networking events, and more!
The 2018 Security Awareness Summit will feature:
Video Wars: Watch the different training videos organizations have created and hear from them how they created the videos, what worked and did not work, and why.
Show-n-Tell booths: We have expanded the highly popular Show-n-Tell booths to support more booths and a dedicated session for attendees to interact with all the different awareness materials organizations have developed. This is a great opportunity to learn how organizations made the materials, which ones were the most effective and why.
Onsite lunches: Stay for lunch and mix/mingle with other attendees.
Interactive Workshops: In addition to industry leading talks we will host several hands-on workshops where you actually plan and build elements of your awareness program. From phishing assessments and ambassador programs to planning your own escape room, these highly interactive sessions are often the most popular of the summit.
Evening socials: Take a chance to unwind and socialize with your peers at organized social events every night.
The post SANS Security Awareness Summit appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
IT Cyber Security Manager
Ferris State University – Big Rapids, MI
The IT Cyber Security Manager is responsible for managing the IT Cyber Security Services team, development and implementation of security strategies, coordinating incident response activities, applying best practices and monitoring compliance with IT procedures, University policy and applicable law. The IT Cyber Security Manager will work with leadership and IT Services staff to ensure university devices and data are appropriately protected.
Posting Date 04/13/2018 Initial Application Review Date 04/29/2018 Closing Date Open Until Applicants are Selected, Selected for interview, or Position Filled Yes Special Instructions to Applicants
Required Qualifications
Required Education
Bachelor’s degree.
Required Work Experience
Five years of professional work experience in IT cyber security with a strong working knowledge of operating systems, network utilities, and security software. Knowledge of classified and open source research and data analysis methods and techniques. Knowledge in the collection, analyzing, and dissemination of criminal intelligence information.
Required Licenses and Certifications
CISSP certification
Additional Education/Experiences to be Considered
Additional Education/Experiences to be Considered
Preferred: Bachelor’s or Master’s degree in information security or related degree. Previous management and/or project management experience. Experience in hardening server operating systems and servers. CHFI, CEH, Security+, or Network+ certifications.
The post IT Cyber Security Manager appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Why the #cyber #security #skills #gap is so #damaging
The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. A report by job listings site Indeed found that the UK has the second largest demand for skilled IT professionals in the world. But what effect is this having on organisations, and how can it be mitigated?
The most obvious effect is that it’s increasing the workload of existing staff. In many cases, employees’ time and resources are spread so thinly that the quality of the work suffers. Employees often say that they spend too much time on incident response and not enough on planning ways to prevent incidents from recurring and to mitigate the risk of serious incidents.
Organisations that know that they are understaffed are often forced to hire people who lack the necessary skills and experience. Although these new recruits can help with routine work, senior staff will need to provide on-the-job training, which prevents them performing their own tasks.
All of this means that organisations are unprepared for major security incidents, which could cause substantial damage and affect business operations.
There’s another problem. The increased demand for cyber security staff has given those with the right skills considerable leverage over employers. Someone with the right skillset could find work practically anywhere, so organisations need to give them a reason to choose them. This typically means generous pay rises, with the average cyber security wage increasing by 10% in 2017.
Filling the skills gap
Commenting on Indeed’s report, Mariano Mamertino, economist for Europe, the Middle East and Africa at the organisation, said: “The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.
“This should serve as a wake-up call to Britain’s tech sector – it must pull together to […] attract more people into cyber security roles.”
However, some cyber security experts believe the skills shortage is a “myth”. They argue that there are plenty of people with the skills to work in the field, but because we treat cyber security as a standalone discipline, rather than placing it under the much wider umbrella of IT, many people don’t consider it a career they are equipped to pursue.
Some organisations have begun to address this. A 2017 survey by (ISC)2 found that hiring managers were exploring new recruitment strategies and attempting to entice previously unqualified people.
The report states: “Individuals with non-technical previous careers often rise to become key decision makers in their organizations: globally, 33% of executives and C-Suite professionals began in a previous non-technical career.”
It adds: “It will be important, if not essential, to consider the relevant educational foundations, training and professional development opportunities that support the breadth of people with potential to enter the field in order to fill the worker shortage.”
If you’re interested in a career in cyber security, you’ll need to demonstrate your knowledge by way of professional qualifications. Cyber security is a complex, multidisciplinary field and has careers to suit any number of skills, so it’s worth taking some time to research which specialties are right for you.
For example, if you’re interested in the way you can use hacking skills for good, you might want enrol on our Certified Ethical Hacker (CEH) Training Course. An ethical hacker is someone that an organisation hires to look for vulnerabilities in its systems or applications, allowing it to address problems before they are exploited.
The Certified Ethical Hacker (CEH) certification is globally recognised as the vendor-neutral qualification of choice for developing a senior career in penetration testing and digital forensics. Our course is led by an information security consultant with over ten years’ experience.
You might also be interested in our Managing Cyber Security Risk Training Course. This three-day course helps practitioners formulate plans and strategies for improving cyber risk management in their organisations. It draws on real-life case studies and provides insights that will enable you to create a blueprint for a plan that includes the implementation of technical measures and accounts for the people, processes, governance, leadership and culture in your organisation.
The post Why the #cyber #security #skills #gap is so #damaging appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Asia Joint Conference on Information Security (AsiaJCIS)
General Cybersecurity Conference
August 8 – 9, 2018 | Guilin, China
Cybersecurity Conference Description
The Asia Joint Conference on Information Security (AsiaJCIS) will be held in Guilin, China. The focus of this conference is on the technical and practical aspects of the security applications. The conference will serve as a forum to present new results from the academic research community as well as from the industry. Original papers are solicited for submission to AsiaJCIS. In addition, several distinguished security experts will be invited to give technical talks.
The post Asia Joint Conference on Information Security (AsiaJCIS) appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Cyber Security Summit Brazil
General Cybersecurity Conference
July 27 – 28, 2018 | Sao Paulo, Brazil
Cybersecurity Conference Description
Companies around the world face major cyber threats. An astonishing array of malicious interests fall on them, ranging from cases of fraud, theft of personal identity or intellectual property to industrial espionage, service interruption, physical damage, blackmail, among others.
Cyber Security Summit Brazil, a cybersecurity conference in Brazil, will bring together senior professionals (CEO, CIO, CISO, CTO, CRO), government officials, directors, IT managers and analysts, security and technology experts to discuss the challenges of the current threats in cyberspace.
The intent of the Cyber Security Summit 2018 conference – brought to you by CyberEdTalk is to promote a forum among corporate experts, IT and technology managers, software companies, public sector organizations, consultants and research institutes to discuss the great issue of day: How to protect or continue online with corporate systems, communications and information from cyber attackers?
The post Cyber Security Summit Brazil appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack
Former U.S. Director of National Intelligence and Navy Vice Adm. Mike McConnell advocated today for stronger protection of digital data transfers and for universities to play a key role in filling cyber security jobs.
McConnell was among the keynote speakers at the 2018 SEC Academic Conference hosted by Auburn University. The conference, which is ongoing through Tuesday, is focused on the topic of “Cyber Security: A Shared Responsibility” and brings together representatives from the SEC’s 14 member universities along with industry experts in the area of cyber security.
McConnell is encouraging the use of ubiquitous encryption as a solution for stronger data protection.
“As we go to the cloud…ubiquitous encryption of some sort would be used so that if anybody accessed that data, you can’t read it. If you’re moving [the data] from point A to point B, it scrambles so you can’t read it,” he said.
McConnell understands that stronger data security can come at a cost for others, including law enforcement who may need to access data within a device during a criminal investigation.
“What I’m arguing is the greater need for the country is a higher level of [data] security. If that’s the greater need, then some things of lesser need have to be sacrificed. So when I say ubiquitous encryption, that’s what I’m attempting to describe. It is protecting the data that is the very lifeblood of the country,” McConnell said.
McConnell also addressed how academia can help in securing the nation from cyber attacks.
“We have about 300,000 job openings across the United States for which there are no cyber security-skilled people to fill those jobs,” he said. “Universities are debating academically ‘What is cyber security?’ and ‘How do you credit the degrees?’ and ‘How do you get consensus on what it is and what it should do?’”
He urged universities to move more quickly on coming to a consensus so they can get certified and accredited to start producing students who can fill those jobs.
Glenn Gaffney, executive vice president at In-Q-Tel, also spoke to the role higher education institutions can play in cyber security during his keynote address at the conference.
“It is at the university level where we don’t have to take a top-down approach,” Gaffney said, adding that universities can work together, through research and student involvement, to create proactive solutions to cyber security. “This is where the next generation of leaders will be developed. It’s here that these dialogues must begin. This is the opportunity.”
Ray Rothrock, CEO and chairman of RedSeal Inc., was the day’s third speaker, presenting on the topic of “Infrastructure: IoT, Enterprise, Cyber Physical.” Rothrock also held a signing for his new book, “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”
Attendees at the conference are exploring computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect information stored, transmitted and processed with technology.
Students at each SEC member university participated in a Cyber Challenge and presented posters displaying their work in the area of cyber security.
The post Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Cyber #Security #Continues To #Infiltrate #Various #Industries, Including #Work #Comp
Sarasota, FL (WorkersCompensation.com) – When a claim is initiated in the work comp process, there is personal information that becomes an integral component in ensuring that the claim is handled properly. The personal information is distributed among interested parties such as court officials, lawyers, employers and medical professionals through technological devices. Even with thorough due diligence and treatment from the interested parties involved, personal information can be obtained by sources that should not have access to this important data.
“Anyone can be a target. It is a huge undertaking to protect the integrity of data especially where it has human identifiers such as a social security number, date of birth, medical information,” Judge David Langham said. Langham serves as the deputy Chief Judge of the Florida Office of Judges of Compensation Claims. “Cyber security is a subject that everyone wants to talk about.”
Judge Langham and his colleagues keep a close eye on the marketplace to be informed of any changes to cyber security as well as the rumbling of any potential threat that could harm data collection for workers’ compensation. The office has been collaborating with other judges throughout the United States to increase their awareness of cyber security. “We try to stay ahead and be proactive to maintain proper security protocols,” Judge Langham said.
Since 2017, the Department of Homeland Security (DHS) has been given the task of tracking any potential breach of security both nationally and internationally. It has been reported that more than 1 million people within the United States have fallen victim to a cyber scam. From skimming money from a personal bank account to running up a credit card bill at the local food store, hackers have found a way to invade someone’s personal privacy.
In the case of a work compensation claim, a potential threat can affect the distribution of monetary support for an injured worker. With respect to employers or medical professionals who have access to workers’ compensation data, the DHS encourages these users to be trained on how to protect and maintain critical data. The training is outlined in the DHS-sponsored “Stop.Think.Connect” program.
The program highlights various ways to enhance the security of databases and servers. Some tips from the program include:
Change passwords frequently and do not reuse the same passwords.
Once the information is received by the third party through email or another electronic transmission, the original documentation should be destroyed or deleted.
Wipe clean any digital devices with spyware frequently to get rid of any new viral activity.
Use a specific database or encrypted software to receive or transmit electronic data.
Lawyers that are involved in workers’ compensation claims are trying to keep up with ever-changing facets of cyber security.
“Nothing is uniform. It is a big crossword with so many pieces coming into play, “ Jon Gelman said, a New Jersey-based attorney with a primary focus on workers’compensation.
In a seminar for the New Jersey Institute of Continuing Legal Education, Gelman discussed how the National Institute of Standards and Technology (NIST) has developed a concept how new federal regulations on cyber security will protect everyone involved with workers’ compensation.
“The NIST framework for cyber security is gaining notoriety and is being used by several entities,” Gelman said. For example, the Employment and Health Service Department in Contra Costa County, CA is utilizing the NIST Cyber security framework to provide data protection on their databases.
Despite the current efforts of the federal government to provide cyber security for national and international threats on public and private information, Gelman believes that this is a tip of the iceberg in maintaining the integrity of personal data.
“There is always a potential threat in security. We need to be diligent in protecting personal information,” he said.
The post Cyber #Security #Continues To #Infiltrate #Various #Industries, Including #Work #Comp appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Conference on Data and Applications Security and Privacy (DBSec)
General Cybersecurity Conference
July 16 – 18, 2018 | Bergamo, Italy
Cybersecurity Conference Description
DBSec is an annual international conference covering research in data and applications security and privacy. The 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2018) will be held in Bergamo, Italy.
The post Conference on Data and Applications Security and Privacy (DBSec) appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Should #Companies be #Fined for Poor #Cyber Security?
Companies in the UK are being fined by the government for not properly securing their data. Is this a model the U.S. and other countries should adopt?
News broke recently that there would be fines of up to £17m in the UK for companies that have poor or inadequate cyber security measures in place. Specifically, if a company fails to effectively protect themselves from a cyber security attack, they could be subject to a large fine from the government as a “last resort” according to Digital Minister Matt Hancock. The U.K. also placed industry-specific regulations on essential services. Essential services industries such as water, health, energy and transportation are expected to have stronger safeguards against cyber attacks.
Cyber Security Inspections to Take Place
In order to keep companies compliant with cyber security regulations, the UK government will now have regulators inspect cyber security efforts in place. Essential services (think water, healthcare, electricity, transportation, financial) will face more scrutiny than other companies. If a regulator finds a company does not have security safeguards in place, the company will have to come up with a plan for beefing up cyber security. Fines will be brought down on companies that continue to fail at implementing the proper securities.
Cyber Attacks Becoming More Dangerous
The essential services people use every day are being targeted by cyber attacks at an increasingly high rate. This can make for extremely dangerous situations, such as the WannaCry attack that hit several National Health Service (NHS) facilities and impacted several hospitals’ abilities to admit patients. It was later found that this attack could have been prevented with proper cyber security efforts in place. It also means that services people depend on every day — from electricity, to water, to industrial safety systems — could all be at risk.
This makes it clear why the UK government has chosen to regulate cyber security, particularly among companies who provide services they deem essential to the public. It also begs the question as to if the United States should follow suit. U.S. companies have fallen victim to their fair share of cyber attacks. These attacks have disrupted the lives of Americans who depend on the services affected or who are having sensitive information accessed by the attackers.
What Safeguards are Currently in Place?
While it is obviously in a company’s best interest to have cyber security precautions in place rather than cleaning up the mess of an attack afterwards, that doesn’t mean everyone invests as much as they should in cyber security. In the U.S. there are a few federal regulations in place to establish a bare minimum for cyber security in certain essential industries.
HIPAA (1996): HIPPA introduced provisions for data privacy and data security of medical information. All companies and establishments dealing with medical information must have specific cyber security measures in place.
Gramm-Leach-Bliley Act (1999): The Gramm-Leach-Bliley Act states that financial institutions in the U.S. must share what they do with customer data and information and what protections they have in place to protect customer data. Noncompliance means hefty fines for financial institutions and could lead to customers taking their business elsewhere.
FISMA (2002): FISMA was introduced under the Homeland Security Act as an introduction to improving electronic government services and processes. This act ultimately established guidelines for federal agencies on security standards.
Critics state that these three regulations are good for establishing minimum security, but do not go far enough. Compliance with all of these regulations have not been robust enough to safeguard against advanced cyber attacks in recent years. There have been clear breaches of cyber security measures that have occured in the medical, financial and government sectors over the past years. While some state governments have put additional regulations in place, the general consensus is that individual companies should be responsible for beefing up cyber security as they see fit.
Cyber Security Investments Should be Increased
At the end of the day, U.S. companies will need to make the decisions that are best for their businesses and customers about what level of cyber security protection is necessary. Marcus Turner, Chief Architect at Enola Labs Software, often discusses cyber security measures with his clients, stating:
“Ultimately, high levels of cyber security are a necessary and worthwhile investment for businesses that care about protecting their customers and safeguarding their businesses. I often tell businesses that they can pay an upfront cost now to protect their data, or wait until a cyber security attack and pay an even bigger price later to clean up the mess. Waiting may very well cost you your business”.
This year we are expecting a much higher investment in cyber security, so it will be interesting to see if this is enough to hinder government intervention or if additional U.S. government regulation of cyber security becomes necessary.
The post Should #Companies be #Fined for Poor #Cyber Security? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Data Security Analyst I
IBM – Ashburn, VA
Job Description
This role for the Cloud SOC is the first line of defense against intruders on our platform and infrastructure.
Tier I Analysts provide continuous monitoring services on all threat management tools to enure constant situational awareness. Events triaged by Tier I are either escalated to Tier II for further analysis, or to engineering to adjust notification levels for optimal performance.
Continuous monitoring of all threat management and event monitoring consoles.
Triage of all alerts to determine potential for impact or exposure for IBM Cloud infrastructure, platform, and Software offerings.
provide assistance to incident handlers during incident response activities.
Review of threat bulletins to tailor daily monitoring activities to current threats.
CLDSFT1K
Required Technical and Professional Expertise
IT Security
2 years experience in System Administration, Network Administration, or Abuse.
Preferred Tech and Prof Experience
Strong written and verbal communication skills
1 year Security Operations experience.
The post Data Security Analyst I appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
D5 Creation