Day: September 3, 2015

Posted on

ISACA Blog: My Journey to Passing the ISACA CGEIT Exam

While my preparation time for the exam was relatively short, I had been building up experience over the past seven years, which significantly contributed to passing this exam. Being a person who is constantly trying to change my perception regarding the “why” of IT, I came across ISACA and its certifications. Certified in the Governance of Enterprise IT (CGEIT) seemed to be the best fit for my career. Here are a few of the things I learned on my journey to the CGEIT exam.

  • Take time to select the right certification for you:  To achieve this I engaged in some research and brief reading on the various certification tracks, I spoke to persons who were already certified by ISACA and assessed my job critically. By doing this, I was comfortable I had made the right choice of track for me—CGEIT.
  • Become a member:  Signing up for membership provides you discounts and benefits, which are very valuable.
  • Get the official material:  I got the official material as a base to work with, which helps in setting a benchmark to begin the journey to the exam.
  • Assess where you are honestly:  I started off with the practice test first and my results were horrible. At one point I was asking myself, am I crazy to pursue this? But, that is actually what helped me understand that I had a lot of work to do and exactly how much I had to cover.
  • Do some reading:  I read the books and discovered interesting things you sometimes take for granted simply because you may not be consciously aware of its impact. After reading a majority of the material, I redid the practice test and my results were still scary, but I was now in a good position to develop my own personal learning strategy to get me up to exam readiness.
  • Develop a learning strategy:  The same things will not work for everyone, so you have to get creative to design learning habits that work best for you. I ended up breaking down the practice questions and book chapters into smaller groups. I read, engaged questions and before I answered, I linked mentally to my job function/experience so I could see it in proper context. With that, my practice test scores skyrocketed and I could safely narrow down answers to two choices and then analyze further to arrive at the best answer.

Finally, it was time toface the exam.  The exam was well written and even enjoyable.

Now with a successful exam result, what is left to do is to apply for certification, which I am looking forward to doing. Good luck to all aspiring candidates. For even more tips, read my post here: http://bit.ly/1E0Vqce.

Ammett Williams, CCIE
Telecommunication Team leader at First Citizens, TT

[ISACA Blog]

Posted on

Introducing the Definitive Cybersecurity Buyer’s Guide

Architecting a cybersecurity solution that dynamically adapts to constant change is crucial. It can be difficult for even the most seasoned cybersecurity professionals to figure out where to start when evaluating solutions.

That’s why we’ve prepared the definitive Cybersecurity Buyer’s Guide, complete with recommended criteria for choosing a cybersecurity solution that can block cyber attacks and protect allowed traffic from known and unknown threats.

The Cybersecurity Buyer’s Guide offers guidance on how to effectively evaluate cybersecurity solutions through the RFP process – to help you determine and prioritize what 10 things your cybersecurity solution must do.

Download the buyer’s guide today to find out everything you need to know to make an informed cybersecurity decision.

Chad Berndtson

[Palo Alto Networks Blog]

Posted on

80% of Healthcare Executives Report Compromised IT Systems Due to Cyberattacks

“Four-fifths of executives at healthcare providers and payers say their information technology has been compromised by cyber-attacks,” according to a survey of healthcare executives conducted by KPMG.  This was the most compelling finding from the survey, which polled 223 healthcare executives in the U.S., covering both for-profit (56%) and non-profit (44%), as well as payers and providers.

What this means is that 20 percent of responders claimed none of their IT systems had been compromised in the past two years.  That is quite a bold claim!  All of the responders had revenues of at least $500 million (70% had revenues over $1 billion), so they must have quite a few endpoints to manage. 

From my perspective, having led a security operations team at a large hospital network, it’s hard to believe they were able to fend off all malware attacks for two years. No one in their organization fell prey to the phishing email campaigns that enticed users to listen to their “Voicemail Recording.wav.exe”? I highly doubt that.

The answer is revealed in another finding of the survey:

44 percent of responders said their organization tracked between 1 and 50 cyberthreat attempts in the last 12 months. “This is indicative of [healthcare] organizations not understanding, tracking, reporting and managing threats effectively.”

So, the 20 percent of responders who claimed that none of their IT systems had been compromised in the past two years must be a subset of this group who do not have the visibility into cyberthreats to detect them in the first place.  This makes more sense.  Many healthcare organizations don’t have the capability to detect or prevent malware and exploits in real time.

There are many best practices to consider in the effective protection of today’s hospital networks, which can help prevent threats to connected medical devices, patient data, and overall patient care, including being able to:

  • Maintain visibility, effective control, and the enablement of applications and activity to reduce the threat footprint and minimize needless bandwidth consumption.
  • Virtually segment your network to prevent the movement of malware through the network using a Zero Trust approach.
  • Protect and defend systems at all places in the network, across all network traffic on endpoints, in data centers, in remote locations, and at major Internet gateways.
  • Maintain advanced malware detection to identify and prevent zero-day as well as known malware attacks.
  • Include off-network endpoint protection and ongoing defense, regardless of location or device.
  • Ensure timely reporting to enable IT, cybersecurity and intelligence professionals to coordinate actions.
  • Ensure immediate and automatic sharing and distribution of threat intelligence between systems.

Read more about how the Palo Alto Networks next-generation security platform can help your healthcare organization. Stay tuned for a soon-to-be-released healthcare reference architecture that will elaborate on these security principles in more detail, and how best to apply them, using Palo Alto Networks next-generation security platform.

[Palo Alto Networks Blog]

Posted on

KeyRaider iOS Malware: How to Keep Yourself Safe

Earlier this week we published an analysis of KeyRaider, which is an iOS malware family and a reminder of the risks users take when they choose to jailbreak their mobile devices.

Attackers used KeyRaider malware to steal more than 225,000 Apple accounts. KeyRaider targeted only jailbroken Apple devices, primarily through Chinese websites and apps that provide software for those jailbroken phones.

The best way to keep a mobile device safe is to keep it up to date with the latest software updates. That also means not jailbreaking your phone in the first place, as today there aren’t any Cydia repositories that perform strict security checks on apps or the tweaks used to change them.

But if your device is already jailbroken, what steps can you take to protect it against KeyRaider?

Determine if your account was stolen. WeipTech has provided a service on their websitehttp://www.weiptech.org/ for potential victims to query whether their Apple account was stolen. But this is not comprehensive; WeipTech was only able to recover around half of stolen accounts before the attacker fixed the vulnerability.

Determine if your iOS device was infected.

  1. Install openssh server through Cydia
  2. Connect to the device through SSH
  3. Go to /Library/MobileSubstrate/DynamicLibraries/, and grep for these strings to all files under this directory:
    1. wushidou
    2. gotoip4
    3. bamu
    4. getHanzi

Delete the malware. If any dylib file contains any one of these strings, we urge you to delete it and delete the plist file with the same filename, then reboot the device.

Change your password. We suggest all affected users change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.

What should you do if your phone is being held for ransom?

In this case, your best chance of recovering your phone is if you already have OpenSSH installed on the device. If so, log in and delete the malware following the steps above. If you don’t already have Open SSH installed, it’s going to be much more challenging to get around this particular ransomware. The standard Apple password reset and rescue are not going to function properly with this attack.

Beyond KeyRaider, what steps can a user with a jailbroken phone take to protect themselves?

Jailbreaking an iOS device removes a lot of the protection that Apple has put in place to prevent malware infections. Once those are gone, the responsibility is really on the user to avoid getting infected. Don’t install pirated software and only install software from sources you trust. Even then, your device is at risk so you should avoid using it for sensitive transactions like online banking.

For full details on KeyRaider, check out this week’s research blog post.

[Palo Alto Networks Blog]

English
English
Exit mobile version