IT Security from AICPAGlobal: “Beat the Breach Webcast”

Beat the Breach Webcast

Combining the strengths of the American Institute of CPAs and the Chartered Institute of Management Accountants, we empower the world’s most highly-skilled accountants – CPAs and CGMAs – with the knowledge, insight and foresight to meet today’s demands and tomorrow’s challenges.

Protect your business’s most important asset – data. Robert Herjavec speaks with Association of International Certified Professional Accountants CEO Barry Melancon, CPA, CGMA, on cybersecurity trends and best practices.

This free, archived web event is designed for business executives, IT security officers, risk officers, cloud service providers, boards of directors, US CPA firms and their clients and anyone interested in having a robust cybersecurity program.

Source: www.aicpaglobal.com/cybershark

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #39

Why would a company use multiple types of data destruction on sensitive data?
A: Because it is easier than just a single type of data destruction.
B: To ensure there is no data remanence.
C: To ensure data is still accessible after the destruction.
D: To make sure we have the old drives available.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


B: It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding). While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from TheSSL Store: “Cyber Security News Roundup: Introducing the Daily Edition”

Cyber Security News Roundup: Introducing the Daily Edition

It’s time to kick off another week – the first full week of November – with a new daily feature. The daily news roundup will cover the most interesting stories from the previous day (or in Monday’s case, the weekend). Let us bring the news to you! Of course, we’ll continue on providing our usual content as well. Now there will just be twice as much of it!

So, sit back. And start your Monday off with the most interesting cyber security news from the past weekend:

Source: www.thesslstore.com/blog/cyber-security-news-roundup-11-6-17/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #38

What does IAAA do?
A: Provide a framework where we authorize, identify and authenticate our users and hold accountable for their actions.
B: Provide a framework where we provide integrity, authenticate, authorize our users and hold accountable for their actions.
C: Provide a framework where we identify, authenticate, authorize our users and make sure the data they need is available.
D: Provide a framework where we identify, authenticate, give users access dependent on their job title.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


A: IAAA is Identification and Authentication, Authorization and Accountability, we identify our staff, have them authenticate, authorize them to access what they are permitted and hold them accountable for their actions.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from ModernHealthCare: “Cybersecurity threats pose biggest healthcare hazard, ECRI reports”

Cybersecurity threats pose biggest healthcare hazard, ECRI reports

The patient-safety organization recommended healthcare organizations take a proactive approach to cybersecurity to minimize the threat of ransomware and other malware.

Malware attacks in healthcare can put patient safety at risk, shutting off access to records, taking down medical devices and interrupting supply chains, according to a new report from the ECRI Institute that puts ransomware and cybersecurity threats at the top of its technology hazards list for 2018.

To prevent cyberattacks, healthcare organizations must be proactive and engage their employees in safeguarding efforts, according to the ECRI Institute, a patient-safety not-for-profit.

“This is an issue that needs to be tackled by all different departments within a healthcare facility,” said Juuso Leinonen, ECRI’s product officer for health devices. “The collaboration between different departments, even the clinicians, is key to successful cybersecurity.”

Source: www.modernhealthcare.com/article/20171106/NEWS/171109934

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #37

Brute force can break any password, even one-time pads, is that a problem?
A: Yes, if broken the one-time pad is useless.
B: Yes, The attacker would have the key.
C: No, there would be too many false positives for it to matter.
D: Brute force can’t break one-time pads.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: Brute Force attacks uses the entire key space (every possible key), with enough time any plaintext can be decrypted. Effective against all key based ciphers except the one-time pad, it would eventually decrypt it, but it would also generate so many false positives the data would be useless.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Throwback Sunday – my first computer was a C64 0_o

This Old-Ass Commodore 64 Is Still Being Used to Run an Auto Shop in Poland

Hell yeah.

We need to learn a lesson about needless consumerism from this auto repair shop in Gdansk, Poland. Because it still uses a Commodore 64 to run its operations. Yes, the same Commodore 64 released 34 years ago that clocked in at 1 MHz and had 64 kilobytes of RAM. It came out in 1982, was discontinued in 1994, but it’s still used to run a freaking company in 2016. That’s awesome.

Source: sploid.gizmodo.com/this-old-ass-commodore-64-is-still-being-used-to-run-an-1787196319

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #36

Which type of hacker is skilled and malicious?
A: Black hat.
B: Gray hat.
C: White hat.
D: Script kiddie.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Black Hat hackers: Malicious hackers, trying to find flaws to exploit them (Crackers – they crack the code).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #35

Why do we keep the humidity controlled in our data center?
A: To keep it nice in there for employees.
B: To prevent corrosion on our equipment.
C: To ensure the data is safe.
D: To prevent EMI.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


B: Humidity: Humidity should be kept between 40 and 60% rH (Relative Humidity). Low humidity will cause static electricity and high humidity will corrode metals (electronics).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #34

We have an employee moving from IT to HR, what would we do to his access if using RBAC?
A: Add HR to his rights.
B: Add HR remove IT.
C: Check his clearance and add access accordingly to that.
D: Have the data owner give the employee the rights he needs.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: RBAC (Role Based Access Control): A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading