Month: October 2014

Posted on

(ISC)² Releases Set of Cybersecurity Tips for Home Owners

To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its third set of tips by security experts: cybersecurity tips for home owners.

“Whatever browser you use (Chrome is best), make sure you are using the site evaluation tools available to help identify safe/not-so-safe sites. With this, you get a color-coded rating of the site before you visit. You can also establish secure connections on most sites automatically through add-ons and extensions.

Don’t advertise your router address name (SSID).  Set it to hide.

Use WPA2 security protocol.  Most all routers now support it.

Use a password vault with different passwords on each account.  Change on a set schedule or when notified of breaches.

Set a backup program to routinely back up your system drive and any critical data located elsewhere at least once a week.  The backup file should be located on an external drive and can be incremental.  They are cheap and very important when you need a clean restore.  Things you really care about should be routinely stored on a similar drive or USB and stored offsite.

Invest in a good utilities program for basic maintenance and file management.  An organized, clean computer is easier to protect and will boot and operate faster.

If you do online banking or shopping and have two computers in your home, use one strictly for your finances and avoid surfing, email, etc. use on it. This will be your money computer.

Don’t function your day-to-day use as the “administrator”.  Set up an account (separate password, of course) for yourself as “limited”.  This will help to minimize programs from your random visits, surfing, and rouge emails from executing.  Only install programs you really want installed.  The computer will ask for your administrator password when something is ready to install.

Before you start storing things in the cloud, understand how it works.  Once you backup into the cloud, you will find your data is located in places you might not expect.  This doesn’t mean don’t do it.  Just understand what you are putting where.  For example, if you do mobile banking and backup to iCloud, you have critical data out in cyberspace. Your nude pictures are one thing, your bank account is another.

I am extra paranoid: I use two malware and anti-virus systems.  Make sure they do a Heuristic analysis to give a degree of protection against zero-day attacks.”
-W. Hord Tipton, CISSP-ISSEP, CAP, Executive Director, (ISC)2

“Make an inventory of IP-enabled devices in your home and update it periodically to help keep track.  Make sure you are or the vendor is updating these devices with the latest patches.

I cannot stress enough the importance of a good anti-malware tool.  Most good A/V programs nowadays have that protection built in; however, a lot of folks may have old versions installed.  Check it to make sure it has malware detection/removal capability and if not, upgrade your program.  Simply updating A/V definitions just isn’t enough anymore.”
-Dan Waddell, CISSP, CAP, Director of Government Affairs, (ISC)2
“Consider using a free service such as OpenDNS to apply parental controls and  filters (including against phishing sites) to your home network.

Disable your router administration from the Internet (most routers allow this).

Consider a free program such as K9 Web Protection to apply parental controls and filters on the computer (I use this and OpenDNS together).”
-Erich Kron, CISSP-ISSAP, HCISPP, Director of Membership Relations and Services, (ISC)2

“NO Bluetooth locks.

Lock down your home routers.

Be cognizant of your smart devices.

Install a personal firewall.

Keep your home computers up-to-date and install anti-virus.

Educate young family members on cyber safety.

Take backup copies of your important personal data.

Learn to recognize and avoid spyware sites and fake antiviruses.”
-Charles Gaughf, CISSP, SSCP, Information Security Manager, (ISC)2

Posted on

(ISC)² Global Research Program to Track Cybersecurity Skills Gap and Landscape Now Open

In our digitally-driven world, it’s crucial to have a current understanding of the evolving risks and responsibilities that information security professionals face. The (ISC)2 Global Information Security Workforce Study (GISWS) is the only research available that truly offers a detailed picture of how the global cybersecurity professional is changing and driving other business factors. A respected industry benchmark referenced by governments, employers, professionals, and industry stakeholders around the world for more than 10 years, this ongoing research provides much needed insight into current cybersecurity opportunities and trends experienced first-hand.

The study covers pay scales, skills and training requirements, hiring practices, budgets, career progression, corporate attitudes, current technology development within businesses, top security concerns, and more. The big change for this year is that we will be digging deeper into exactly which skill sets are most in demand in the industry now, and in the near future. The industry is no longer a monolith; it truly takes a village to secure an enterprise. Managed by the (ISC)2 Foundation, the research is conducted by analyst firm Frost & Sullivan and offered to the industry and the public as a free resource. The Foundation is a non-profit charitable trust for (ISC)² that aims to empower students, teachers, and the general public to secure their online lives with community cybersecurity education and awareness, with the support of its sponsors.

During the last GISWS conducted in 2012, more than 12,000 information security professionals participated worldwide. We hope to increase that number for the 2015 GISWS, and are making a concerted effort to garner more participation from those outside of the (ISC)2 membership base. We believe that the higher the number of participants, the higher the quality and impact of the results.

Your participation in the 2015 GISWS helps to share the story of both the challenges and benefits you face daily in your career with the world. We understand that it’s a commitment of your valuable time (approximately 25 minutes), however, gathering and sharing this information is important. In the end, the reward is a 360° view of our industry.

If you are a member of (ISC)2, you should have received an email from isc2-at-frost.com with a link to a member-specific survey that you can take at your leisure. If you are not a member of (ISC)2, you can complete the survey here. The 2015 GISWS is open until early December 2014, with results to be analyzed by Frost & Sullivan and released as a free resource to the industry and the general public in April 2015.

-Julie Peeler, Director, (ISC)2 Foundation

[(ISC)2]

Posted on

The Future of GRC Technology: Reporting from the Customer Perspective

Earlier this year, OCEG released its global 2014 GRC Technology Strategy Survey report and it reveals some expected and some unexpected findings.

More than half of the 273 participants indicate that their organizations are currently underutilizing technology that they have acquired to manage governance, risk and compliance (GRC) needs. Not surprising, really, since they also indicate that more than 80% of GRC solutions being used are department or issue-focused stand-alone solutions that are not integrated with other GRC technology solutions. In fact, 57% report that what they actually are using to manage GRC information is a heavy dependence on spreadsheets.

As a result, 70% report that their currently deployed approach and technology are not aligned to the GRC needs of the organization. They see it and they know it is a problem. And finally, after a half dozen years of largely limited budgets, there appears to be a move toward investing in change. Nearly two-thirds say that they are aligned to take action on future enterprise GRC technology initiatives, and roughly 80% indicate that they are making decisions on an enterprise-wide or multi-department basis.

It’s interesting to see that, unlike the answers in earlier OCEG surveys, the focus seems to be on spending for new technology. In the past, efforts were more often aimed at seeking ways to reuse or revamp existing systems for additional uses. 41% of the survey participants indicate that they plan to buy new GRC technology this year, and another 58% say they plan to make purchases in the next one to two years.

But what are they planning to buy? And how do they expect it to solve the fraternal twin problems of technology being underutilized and segregated?

Michael Rasmussen, the author of our study, indicates that he sees organizations standing at a three-way crossroad intersection deciding which way to go with regard to GRC architecture, with 17% indicating they haven’t a clue which way to turn yet.

One road is to deploy a centralized GRC platform for the entire entity. While there are not a lot of companies that put themselves out there as offering such a complete GRC platform, they are a visible presence in the market and 36% of survey participants choose this option.

The second road is toward a federated GRC architecture; acquiring separate (best of breed where needed) GRC solutions for different aspects of need (e.g. policy management, third party management, etc.) and integrating them when it is necessary or makes sense to do so. This may (probably should) have a centralized GRC hub that each technology can feed into for coordinated reporting and other activities. While this is a path that takes significant analysis, planning and customization of the right combination of technologies, 27% of survey participants indicate their organizations are headed down this path. I predict that when we repeat this survey again in 2016, we will see that this road has more travelers.

And finally, there is the path of centralized and segregated GRC technology. These organizations buy separate solutions (sometimes best of breed) to meet distinct department or risk/compliance area needs, but do not plan to integrate them. This group has 21% of the survey participants.

No matter which road is taken, the top criteria for future GRC purchases are the same. In a 2012 survey we conducted the top three were price, ease of use and functionality. These are still the top three but in a slightly different order with ease of use now in first place and price second. Functionality, the third item people are considering in their decisions, is actually the top driver of the desire to change GRC technology in the first place. Fully 40% of survey respondents say that their existing technology suffers from lack of functionality. Given the way business operations and challenges change rapidly today, it is not surprising that technology selected years ago no longer meets their needs.

Overall, I find the survey results encouraging. There seems to be greater appreciation for the need to truly understand the needs of the ultimate users, the GRC processes and the complexities of the business that depend on effective technology BEFORE making design and purchase decisions. If the time is put into analyzing and understanding these issues, the chances of selecting and effectively using the right technologies are greatly improved.

You can download the full GRC Technology Strategy Survey report at http://hello.oceg.org/grc-technology-strategy-survey-2014/

Carole Switzer, Co-Founder and President of OCEG

OCEG is a nonprofit global think tank with more than 40,000 members, dedicated to helping organizations achieve principled performance. OCEG offers GRC standards, guidelines and resources. www.oceg.org

[ISACA]

Posted on

Time To End Network Sprawl in Your Virtualized Data Center

We’re on the road across North and South America with Citrix and CA for the next few weeks. Join us to talk about how enterprises can streamline virtualized data centers, radically simplify network services for delivering critical applications, and reduce complexity and cost, all without sacrificing performance and security.

See the full list below and click the link to register and join us at an event near you:

October

November

December

 [Palo Alto Networks Blog]

 

Posted on

Check Out Scenes from Palo Alto Networks at VMworld Europe

We just wrapped up a big week at VMworld Europe, where among daily activities we were featured as part of VMware CEO Pat Gelsinger’s main stage keynote address, announcing the latest milestone in our integration with VMware.

Read Samantha Madrid’s discussion of our new Palo Alto Networks VM-Series release here. And have a look at scenes from the VMworld Europe exhibit hall and throughout the conference below and in this gallery on our Facebook page.

For more on Palo Alto Networks solutions for VMware environments, head to our resources page.

[Palo Alto Networks Research Center]

English
English
Exit mobile version