@PhilipHungCao
Information Security
The New and Improved macOS Backdoor from OceanLotus
Introduction Recently, we discovered a new version of the OceanLotus backdoor in our WildFire cloud analysis platform which may be one of the more advanced backdoors we have seen on macOS to date. This iteration is targeted towards victims in Vietnam and still maintains extremely low AV detection almost a year after it was first discovered. Despite … Continue reading
How Can We Make the Cybersecurity Profession Agile?
Two of the most pressing cybersecurity tasks of our time are the need to dramatically grow the size of the workforce, and to create one that is agile enough to keep up with the shifting sands of today’s business landscape. Infosec Europe’s keynote panel session “Building an Agile Security Team for the Future,” chaired by … Continue reading
Digital Forensics Professionals Encountering New Challenges
When I began performing digital forensics more than 10 years ago, things were relatively simple. At that time, the complexity of digital forensics revolved around ensuring each artifact of relevance was identified, and the proper tools to analyze them were available to leverage against computers used by the suspect. The computer(s) of the suspect were … Continue reading
In Era of Digital Disruption, ISACA is Ready to Rise to the Occasion
Much of what I learned about being a professional – and being part of a professional community – came through my association with ISACA. As the first person in my family to graduate from college, I entered the workforce hungry for the educational resources, networking and professional growth opportunities to make an impact. ISACA provided … Continue reading
Building Skills and Capacity in the Banking System: A Case Study From India
Indian banks have deployed IT-based solutions to cater to increasing demands in the banking industry required for a growing economy. Adoption of technology has necessitated improving IT-related skills of experienced bankers. Considering the unavailability of internal IT skills, most banks resort to outsourcing IT activities. This has resulted in over-relying on third-party vendors and slackened … Continue reading
Faces of ISACA: Gerard A. Joseph, CISA, CISSP, CSAM, Ph.D., Independent Consultant
Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Australia-based consultant Gerard A. Joseph. Australia resident and ISACA member Gerard Joseph has traveled extensively throughout the United States, as … Continue reading
Cloud Security Alliance Announces “Grand Opening” of Its New Third-Party Global Consultancy Program
SEATTLE, WA – June 5, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch and immediate availability of the CSA Global Consultancy Program (CSA-GCP). The new professional services program, developed and managed by the … Continue reading
How to Improve Communication Within Your Technology Team
Few things can stunt the growth of an organization more than a lack of healthy communication. This is especially true in IT departments, where open lines of communication and transparency are paramount to efficiency and output. With that being said, have you considered the topic of internal communications and how you can improve in this … Continue reading
How to Properly Review and Act Upon SOC Reports
There continues to be a great deal of confusion over the new service organization reporting structure and which reports are the best to obtain. The basic intentions of the reports are as follows: SOC 1 – Related to Internal Control over Financial Reporting SOC 2 – Related to testing over the Trust Services Principles of … Continue reading
What We Learned From This Month’s European GISWS Report
What is the GISWS? Since its first release in 2004, the biennial (ISC)²® Global Information Security Workforce Study (GISWS) has been gauging the opinions of information security professionals; and in turn, providing detailed insights into the important trends and opportunities within this increasingly crucial profession. This year, the study conducted its largest-ever global survey of … Continue reading
