step

now browsing by tag

 
 

Risk #assessment: The #first step in #improving #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Despite the proliferation of high profile cyber-attacks over the last 18 months, many organisations are still too disorganised in their approach to security. While it is no longer feasible to guarantee 100% protection against a breach, businesses are setting themselves up for a fall by failing to adequately understand and prepare for the risks facing them.

PwC’s 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world, found that more than a quarter (28%) don’t know how many cyber-attacks they have suffered in total, and a third also don’t know how they occurred. While some security incidents are the result of high level attackers using advanced techniques to disguise their activity, the vast majority of cases are caused by common security failings and could be easily prevented with better governance and process control.

Perhaps the most important step an organisation can take to improve its security is to undertake a thorough IT risk assessment. This is crucial to understanding where the biggest vulnerabilities within the organisation are, as well as what potential external threats it may be facing. Any company attempting to create an IT security strategy without this knowledge will simply be throwing money at the problem. This approach will certainly miss the basic mistakes in IT management that enable attacks and lead to accidental breaches.

A comprehensive risk assessment needs to not only take into account the internal processes at the company, but also a variety of third parties including suppliers and contractors, as well as the role of an increasingly mobile workforce. With this in mind, a thorough assessment is no small task, and usually takes a great deal of planning and preparation to execute.

Choosing a risk framework

As a result of the complexity involved, most companies usually turn to one of the various pre-existing risk assessment frameworks that have been developed over the last few decades as the IT industry has matured. While these frameworks are extremely useful resources, companies should not rely on them to entirely shape their strategy. We still see too many organisations taking a premade framework and going through it as a tick-box exercise. No two businesses are the same, so assessment frameworks can only ever be a general guide and starting place.

Instead, companies need to base their assessment around their own unique structure and risk profile, incorporating elements of existing frameworks where they are appropriate. Encouragingly, 53% of respondents in PwC’s survey stated that spending on their information security budget was based exclusively around risk.

Perhaps the most popular choice of risk assessment frameworks are those created by NIST, the National Institute of Standards and Technology. The NIST 800-53 and NIST Cybersecurity Framework (CSF) are regularly used by governmental agencies and educational institutions as well as private enterprises.

Exploring NIST and ISO

The earlier framework NIST 800-53 was designed to support compliance with the U.S. Federal Information Processing Standards (FIPS). This special publication provides organisational officials with evidence about the effectiveness of implemented controls, indications of quality of risk management processes used and information regarding the strengths and weaknesses of information systems.

The CSF was designed to help organisations of all sizes and any degree of cyber security sophistication apply best practice of risk management. The framework is comprised of three components: framework profile, framework core and framework implementation tiers.

NIST’s roots with the US Commerce Department make it fairly US-centric, but the CSF also incorporates globally recognised standards, making it useful for risk assessment around the world. It is also designed to be flexible and can be used alongside other cybersecurity risk management processes, such as the ISO (International Organisation for Standardization) standards.

Indeed, the ISO/IEC 27000-series, jointly published by the ISO and the International Electrotechnical Commission (IEC), is another of the most well-known and widely used frameworks. Like NIST, the ISO frameworks are flexible enough to fit most organisational sizes and structures. The frameworks can be useful in dissuading an organisation from the tick box compliance mindset, as they encourage organisations to assess their own information security risks and implement controls according to their needs. The ISO series also promotes a continuous feedback approach to address changes in the threat landscape or within the company and implement iterative improvements.

Other strong framework choices to consider include OCTAVE, which has a broader, simpler approach that easy to integrate, and COBIT, an operational framework with a focus on uptime that is well-suited to manufacturing firms and others where uptime is important.

Taking risk assessment to the top

Whichever combination of frameworks the company decides to incorporate for its risk assessment, it is essential to relate the process back to the organisation’s unique operational structure and business objectives. One of the most important activities in preparing a comprehensive assessment is to conduct in-depth interviews with senior management, IT administrators and other stakeholders across the organisation. This will help to develop a much more realistic understanding of the organisation’s potential threats, likelihood of compromise and the impact of the loss, as well as relating everything back to its business priorities.

It is also essential that the risk assessment is understood and supported at the highest level of the organisation. PwC’s survey found that only 44% of boards are actively participating in their security strategy. Without buy-in from the board and other senior leaders, a risk assessment is likely to end up being little more than a series of recommendations that are never actually implemented. By aligning popular industry assessment frameworks with their business objectives, organisations can conduct an assessment that not only highlights potential threats, but goes on to implement real changes that improve its security posture.

The post Risk #assessment: The #first step in #improving #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women

Source: National Cyber Security – Produced By Gregory Evans

My association with the Girl Scouts has spanned decades — as a scout, camp counselor, steadfast cookie connoisseur and now donor. It is an experience strongly associated with the great outdoors. Cook meals on a campfire? Check. Hike long distances wearing a heavy backpack? Check. Lead two dozen 5-year-olds for…

The post Cybersecurity Badge: One Big Step for Girl Scouts, Potentially Giant Leap for Women appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Public bodies are vulnerable to hacking – government needs to step up to protect them

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Barely a month passes in 2017 without some kind of IT failure hitting the headlines, but the hacks, leaks and breaches that make the news may represent just the tip of the iceberg. An investigation by the i newspaper has revealed that public bodies such as […] View full post on AmIHackerProof.com | Can You Be Hacked?

Trump’s order to strengthen cybersecurity is a step in right direction

Source: National Cyber Security – Produced By Gregory Evans

More regulations are needed to ensure that software and hardware creators make their products as safe as possible before going to market. On May 11, 111 days after taking office, President Donald Trump signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. When data…

The post Trump’s order to strengthen cybersecurity is a step in right direction appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why hackers may always remain a step ahead

Source: National Cyber Security – Produced By Gregory Evans

It was only a month ago that WannaCry, the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom, created havoc across the world including some companies in India. Security firms had, then, cautioned that this was not the last case of ransomware that we…

The post Why hackers may always remain a step ahead appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

China’s quantum breakthrough a step forward in space race to end hacking

Source: National Cyber Security – Produced By Gregory Evans

China’s quantum breakthrough a step forward in space race to end hacking

A record-breaking experiment by a Chinese satellite has taken the weird world of quantum physics to new heights and is likely to spur other nations, including Canada, in their efforts to develop an unhackable form of long-distance communication. “We have done something that was absolutely impossible using conventional approaches,” said…

The post China’s quantum breakthrough a step forward in space race to end hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution

Source: National Cyber Security – Produced By Gregory Evans

Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution

As more companies move to the cloud, current methods of managed security just aren’t good enough. That’s what the Fishtech Group believes, and the Kansas City, Mo.-based security solution provider is ready to help as it announced on Thursday that it would launch a new Cloud Security Operations Center (CSOC). “Our vision is that you have to think differently,” CEO …

The post Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Rip Off Britain – presenters urge viewers to AVOID identity theft using THIS simple step

Source: National Cyber Security – Produced By Gregory Evans

Rip Off Britain – presenters urge viewers to AVOID identity theft using THIS simple step

RIP OFF BRITAIN is back for a ninth series featuring the pitfalls and problems that consumers find themselves falling foul of. And Presenters Gloria Hunniford and Angela Rippon spoke to Express.co.uk ahead of the first episode about their own bank scam experiences and how to avoid identity theft.

Returning to front the BBC One Daytime shows are presenters Angela Rippon, Gloria Hunniford and Julia Somerville who will be travelling the length and breadth of the country to investigate the issues that have prompted viewers to contact the show.

With ten episodes featuring real-life stories from consumers who have found themselves at the wrong end of bad customer service, online security breaches and the ill-will of scammers, the team meet a variety of the people with stories to share, and will be offering tips and advice to make sure others don’t suffer the same fate.

Episodes across the series challenge high street banks, online safety and cybercrime, ticket tours, energy companies, investment scams and identity fraud.

In one episode the team meet a former hacker – who was arrested for his role in targeting websites including that of the CIA. However, Mustafa is now pushing for companies to up their online security.

In the show he lifts the life on how one of the biggest names in telecoms fell victim to a cyber-attack, and tells Rip Off Britain viewers how to avoid becoming a victim of a hack themselves.

In another episode the team also meet a homeowner from greater Manchester whose identity was stolen and used to put his house up for sale by fraudsters.

The crime was only intercepted by chance when his daughter saw her father’s property advertised online.

Many of the issues hit close to home, as Gloria reveals how she was affected by a banking scam.

The 77-year-old had £120,000 drained from her savings account after an imposter walked into a bank and pretended to be her.

Speaking to Express.co.uk, Gloria said: “i felt violated and very insecure.

“I’ve been warning people for years about bank security and identity theft, and it just goes to show this can happen to any secure account.”

Angela, 72, revealed her best advice for people to avoid identity theft: “Make sure you shred anything which has any information about you on it.

“Secondly, be careful what you put out there – on Twitter and Facebook – because it could be giving criminal the exact information they need.”

The first ten episodes are followed by a special week of live programmed from London. Consumers are invited to contact the show and have their queries addressed live int he programme – either online, or in person, with a drop in area popping up during the week outside BBC’s London HQ, New Broadcasting House.

Rip Off Britain will air on weekday mornings, BBC One, at 9.15am between the 1st and 12th of May – followed by a special week of Live programmes from Monday 15 May at the same time.

Source:

The post Rip Off Britain – presenters urge viewers to AVOID identity theft using THIS simple step appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

OLIVIER: Step aside, Snowden: new theft on the rise

5a5316fec9823622e185b5956a743d1b

Source: National Cyber Security – Produced By Gregory Evans

OLIVIER: Step aside, Snowden: new theft on the rise

Edward Snowden risked everything to expose the National Security Agency’s illegal spying programs to the American public. A hero in the eyes of millions, Snowden refused to keep in secrecy the lies deceiving citizens not only nationally but also worldwide.

The post OLIVIER: Step aside, Snowden: new theft on the rise appeared first on National Cyber Security.

View full post on National Cyber Security

Police step up use of technology to solve gun crimes

gun-technology_1460516048330_1567886_ver1.0

Viewers of TV crime shows are familiar with plots that involve police investigators solving gun crimes with high-tech ballistics tests.

But while these tests are a popular with Hollywood script writers, the real life technology has not always been a favorite of police departments in the Puget Sound region.

A 2013 KING 5 Investigation revealed that many Washington State police departments submitted only a small percentage of the guns seized in their work for ballistics tests.

Three years later, it’s a very different story, thanks to a renewed push from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), the Washington State Patrol Crime Lab and Seattle Police.

“My goal was to make it better than what it had been in the past. It had been underutilized before in the past by all law enforcement from federal, state and local levels,” said Special Agent Douglas Dawson, who heads the ATF office in Seattle.

For the two and half years that he’s been in charge, Dawson has ramped up use of the Integrated Ballistics Identification System (IBIS). He said his office has charted a six fold increase in the past few years in the number of ballistics “hits” that IBIS has detected in Seattle-area gun cases.

IBIS stores and analyzes images of shell casings – the brass casing that is left behind when a bullet is fired from a gun. Each gun makes unique tool marks on the casing. IBIS can find matches among millions of shell casings from crime guns across the country – and link together cases where there was no known connection.

When cases are linked, investigators gain a wealth of new information that can lead to a break.

Dawson says there used to be 25 or 30 IBIS hits a year in Seattle.

“Last year we were up to about 180 – I think 179 was the official record,” said Dawson.

Dawson said one reason police departments don’t use IBIS is because it can often be time consuming for them to test fire all the guns they seize, and then hand deliver the shell casings to the crime lab.

Dawson urges departments to test all guns and casings they come across, because investigators never know when one was used in another crime. The ATF now offers its personnel to help with firearms testing.

The State Patrol crime lab in Seattle addressed another complaint that detectives have had about IBIS. Lab techs are trying to give detectives speedier results so that they get useful information from ballistics tests in days – not weeks or months.

“Ideally, within 72 hours or less is when we have that prime window,” said IBIS technician Jennifer Tardiff of WSP’s Seattle crime lab.

By streamlining the process and producing results, Dawson hopes that police agencies submit more shell casings – and solve more cases big and small.

Last year, Byron Vierling spied a handgun stashed in the seat in the back of the Metro bus he was riding.

“The gun was pointed towards me with the stock up in the air,” Vierling told KING 5. “I was very nervous,” he said.

Vierling called Seattle police to report the firearm.

IBIS determined that shell cases retrieved when the gun was test-fired matched shell casings from a “shots fired” call in Seattle’s Lake City neighborhood.

Police had questioned a woman who boarded the bus two days before Vierling rode it. The woman was seen walking away from a man who had fired shots in the air.

However, when police questioned her on the bus they could not find and gun – or any evidence that she was connected to the shots fired call.

When IBIS linked the two cases, police reviewed Metro bus video that appeared to show the woman reaching down behind a seat to hide something.

“It looks like she’s putting the gun right where I found it,” Vierling said when KING 5 showed him the video.

When confronted with the video a month after Vierling found the gun, the woman confessed to police that she’s stashed it on the bus to help out the friend who fired it.

After the woman’s confession, that friend — Sean Summers, a felon who was not allowed to have a gun — pleaded guilty to unlawful possession of a firearm.

Dawson credited Seattle police officers who submitted the shell casings from the shots fired call and the casings from the gun on the bus.

“Had that gun been taken into custody two years ago it may have sat in an evidence vault on a shelf and never been tested,” said Dawson.

Of course, IBIS can solve the most serious crimes as well.

When one-year-old Malajha Grant was killed in a drive by shooting in Kent last year, police and the ATF submitted shell casings they found at the scene to the WSP crime lab in Seattle.

In 24 hours, IBIS spit out a lead that led to the arrest of a suspect.

The shell casings matched those found at a shooting 24 hours earlier in Seattle that was recorded on video.

“We were able to obtain a video that had two people in it that had weapons and at least one of those weapons was used in our murder less than 24 hours later,” said Kent Police Chief Ken Thomas.
Source:http://www.king5.com/news/local/investigations/police-step-up-use-of-technology-to-solve-gun-crimes/129810229

The post Police step up use of technology to solve gun crimes appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com