IT Security – from UpGuard “The RNC Files: Inside the Largest US Voter Data Leak, 198 million voters personal information exposed.”

The RNC Files: Inside the Largest US Voter Data Leak

UpGuard has discovered an open database containing information on what appear to be approximately 198 million American voters left misconfigured by a GOP analytics firm.

Source: www.upguard.com/breaches/the-rnc-files

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security – from (ISC)² “Is IT the solution to filling cybersecurity workforce gap?”

Is IT the solution to filling cybersecurity workforce gap?

Insights from the 2017 Global Information Security Workforce Study show that the IT players in your organization may be the key to filling the looming cybersecurity workforce gap. The survey was taken by 10,584 cyber and information security professionals in North America, and showed a projected 265,000 industry jobs will be left unfilled in 2022. Practitioners back up that data, with 68 percent indicating their organizations had too few security professionals. Filling a gap of that size with qualified professionals is daunting, but the help may already be in your organization in the information technology department. In North America, 87…

Source: blog.isc2.org/isc2_blog/2017/07/is-it-the-solution-to-filling-cybersecurity-workforce-gap.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP certification: Hacktivism and state sponsored hacking.

Types of attackers:

  • Hacktivism/Hacktivist (hacker activist):
    • Hacking for political or socially motivated purposes.
    • Often aimed at ensuring free speech, human rights, freedom of information movement.
    • Famous attacks: Anonymous – DDOS attack on Visa, Mastercard, PayPal to protest the arrest of Julian Assange (WikiLeaks). Google/Twitter/SayNow worked together to provide communication for the Egyptian people when the government did an internet blackout during the 2011 protests.
  • Governments:
    • State sponsored hacking is common; often you see the attacks happening between the hours of 9 and 5 in that time zone; this is a day job.
    • Approximately 120 countries have been developing ways to use the internet as a weapon to target financial markets, government computer systems and utilities.
    • Famous attacks: US elections (Russia), Sony websites (N. Korea), Stuxnet (US/Israel), US Office of Personnel Management (China), …

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from The Guardian “Deloitte hit by cyber-attack revealing clients’ secret emails”

Deloitte hit by cyber-attack revealing clients’ secret emails

Exclusive: hackers may have accessed usernames, passwords and personal details of top accountancy firm’s blue-chip clients.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

The account required only a single password and did not have “two-step“ verification, sources said.

Source: www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP certification – from (ISC)² “What Does 125,000 (ISC)² Members Mean to You?”

What Does 125,000 (ISC)² Members Mean to You?

(ISC)² is proud to announce that our membership has surpassed 125,000 certified cybersecurity professionals globally. As demand for skilled security professionals continues to grow exponentially, (ISC)² certification and continuing education programs enable cybersecurity and IT security practitioners to prove their expertise, advance their careers and contribute to a more secure society. Here’s what some members are saying about the milestone: “125,000 members is a very large number for a community of dedicated people continuously raising the bar by learning, researching, teaching and sharing their knowledge and skills to make our cyber world safer,” said Emmanuel Nicaise, CISSP, president, (ISC)² Belux…

Source: blog.isc2.org/isc2_blog/2017/08/what-does-125000-isc²-members-mean-to-you-.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP certification: Insider vs. outsider compromises.

Types of attackers:

  • Outsiders:
    • Unauthorized individuals – Trying to gain access, they launch the majority of attacks, but are often mitigated if the organization has good Defense in Depth.
    • Interception, malicious code (e.g., virus, logic bomb, Trojan horse), sale of personal information, system bugs, system intrusion, system sabotage or unauthorized system access.
    • 48-62% of Risks are from outsiders.
  • Insiders:
    • Authorized individuals – Not necessarily to the compromised system, who intentionally or unintentionally compromise the system or data.
    • This could be: Assault on an employee, blackmail, browsing of proprietary information, computer abuse, fraud and theft, information bribery, input of falsified or corrupted data.
    • 38-52% of Risks are from insiders, another reason good Authentication and Authorization controls are needed.

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from ZDNet “​Australian government pledges AU$50m for cybersecurity research centre”

​Australian government pledges AU$50m for cybersecurity research centre | ZDNet

The seven-year investment will see the launch of a cybersecurity cooperative research centre to deliver solutions that increase the security of critical infrastructure in Australia.
The government has pledged AU$50 million over seven years for the cybersecurity CRC, with over AU$89 million in further funding to come from the 25 industry, research, and government partners.

Source: www.zdnet.com/article/australian-government-pledges-au50m-for-cybersecurity-research-centre/

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Securityom (ISC)²Are “Women the Answer to the Cybersecurity Skills Gap?”

Are Women the Answer to the Cybersecurity Skills Gap?

Information security is one of the most important and fastest growing professions in the world, possessing a near-zero unemployment rate, but also a worker shortfall that grows larger every year. Most organisations admit that bridging the industry’s skills gap, while attracting women into cybersecurity is crucial; yet female participation has remained static since I began working with our Global Information Security Workforce Study programme in 2004. When we first began benchmarking the development of the cybersecurity workforce, analysts projected a double-digit growth that has since been realised. Today we forecast a skills gap projected to reach a shortage of 1.8…

Source: blog.isc2.org/isc2_blog/2017/04/women-answer-cybersecurity-skills-gap.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security – from Yahoo news “Ex-Homeland Security Chief: Good cyber security is like an immune system”

Ex-Homeland Security Chief: Good cyber security is like an immune system

A rash of recent high-profile cyber attacks has security experts scrambling to find solutions. “You cannot have an unrealistic set of expectations and believe your system will never be penetrated,” Michael Chertoff, former Secretary of Homeland Security under George W. Bush, told Yahoo Finance at the annual Concordia Summit in New York City. “You need layers of defense so your systems have resiliency.”

Source: finance.yahoo.com/news/ex-homeland-security-chief-good-cyber-security-like-immune-system-174458570.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP certification: Who is attacking data (hackers)?

  • Hackers:
    • Now: Anyone trying to get access to or disrupt any leg of the CIA Triad (Confidentiality, Integrity, Availability).
    • Original use:
      • Someone using something in a way not intended.
    • White Hat hackers:
      • Professional Pen Testers trying to find flaws so we can fix it (Ethical Hackers).
    • Black Hat hackers:
      • Malicious hackers, trying to find flaws to exploit them (Crackers – they crack the code).
    • Gray/Grey Hat hackers:
      • They are somewhere between the white and black hats, they go looking for vulnerable code, systems or products.
      • They often just publicize the vulnerability (which can lead to black hats using it before a patch is developed).
      • Gray hats sometimes also approach the company with the vulnerability and ask them to fix it and if nothing happens they publish.
    • Script Kiddies:
      • They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use.
      • They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading