IT Security – from (ISC)² “Continuing the Conversation: Spearphishing”

Continuing the Conversation: Spearphishing

If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing…


Continue Reading

CISSP certification: ROM and RAM.

  • Memory: Is just 0’s (off) and 1’s (on); switches representing bits.
    • Cache Memory: Closest to the CPU, Fastest, L1 Cache is on the CPU, L2 Cache is connected to CPU but outside it.
      • ROM (Read Only Memory) is nonvolatile (retains memory after power loss); most common use is the BIOS.
        • PROM (Programmable Read Only Memory):
          • Can only be written once, normally at the factory.
        • EPROM (Erasable Programmable Read Only Memory):
          • Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil).
        • EEPROM (Electrically Erasable Programmable Read Only Memory):
          • These are Electrically Erasable, you can use a flashing program. This is still called Read Only.
          • The ability to write to the BIOS makes it vulnerable to attackers.
        • PLD (Programmable Logic Devices) are programmable after they leave the factory (EPROM, EEPROM and Flash Memory). Not PROM.
          • RAM (Random Access Memory) is volatile memory.
            • It loses the memory content after a power loss(or within a few minutes).
            • This can be memory sticks or embedded memory.
            • SRAM and DRAM:
              • SRAM (Static RAM): Fast and Expensive.
                • Uses latches to store bits (Flip-Flops).
                • Does not need refreshing to keep data, keeps data until power is lost.
                • This can be embedded on the CPU.
              • DRAM (Dynamic RAM) Slower and Cheaper.
                • Uses small capacitors. Must be refreshed to keep data integrity (100-1000ms).
                • This can be embedded on graphics cards.
              • SDRAM: (Synchronous DRAM):
                • What we normally put in the motherboard slots for the memory sticks.
                • Most common now is DDR (Double Data Rate) 1, 2, 3, 4 SDRAM.
Continue Reading

CISSP certification: Data, system, mission ownership, custodians and users.

Data, System, Mission Ownership, Custodians and Users:

Each role has unique roles and responsibilities to keep the data safe.

  • Mission/Business Owner:
    • Senior executives make the policies that govern our data security.
  • Data/Information Owner:
    • Management level, they assign sensitivity labels and backup frequency.
    • This could be you or a Data Owner from HR, Payroll or other departments.
  • System Owner:
    • Management level and the owner of the systems that house the data.
    • Often a Data Center Manager or an Infrastructure Manager.
  • Data Custodian:
    • These are the technical hands-on employees who do the backups, restores, patches, system configuration.
    • They follow the directions of the Data Owner.
  • Users:
    • These are the users of the data.
    • User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards.
  • Data Controllers and Data Processors:
    • Controllers create and manage sensitive data in the organization (HR/Payroll)
    • Processors manage the data for Controllers (Outsourced Payroll)
Continue Reading

IT Security – from (ISC)² “Looking for cybersecurity job? Healthcare is hiring!”

Looking for cybersecurity job? Healthcare is hiring!

Looking for cybersecurity job? Healthcare is hiring!

While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 – and another 46 disclosed so…


Continue Reading

CISSP certification: The 3 states of data.

We need to protect our data as well as we can regardless where it is and if it is in use or not. 

  • Data has 3 States: We want to protect it as well as we can in each state.
    • Data at Rest (Stored Data):
      • This is data on Disks, Tapes, CDs/DVDs, USB Sticks
      • We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs).
      • Encryption can be Hardware or Software Encryption.
    • Data in Motion (Data being transferred on a Network).
      • We encrypt our network traffic, end to end encryption, this is both on internal and external networks.
    • Data in Use: (We are actively using the files/data, it can’t be encrypted).
      • Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.
Continue Reading

IT Security – from “More open CISSP job openings, than the total number CISSP certified individuals in the US”

Cybersecurity Supply And Demand Heat Map

Cybersecurity talent gaps exist across the country.Closing these gaps requires detailed knowledge of the cybersecurity workforce in your region.

~300,000 open Cybersecurity jobs in the US today.

This interactive heat map provides a granular snapshot of demand and supply data for cybersecurity jobs at the state and metro area levels, and can be used to grasp the challenges and opportunities facing your local cybersecurity workforce.

There are currently more job openings in the US than there are CISSP certified individuals.

69,549 CISSP certified people and 76,336 job openings.


Continue Reading

CISSP certification: Thor Pedersen’s answer to “Is it a good idea to prepare for CISSP now?” – Quora

I think any time you are ready and you can dedicate the time you need to do it is good, so YES!.

It will get you past the recruiter to the interview.

CISSP is a management level certification (1 mile wide, 1 inch deep).

CISSP is a lot more known, higher salary ranges than most other ITSec certificates.

When I did mine I did it as part of a IT security group of certificates, I took about 6 months, but it was part time (evenings/weekends), and I did a few in that time frame.
Since curriculum overlaps a lot I figured I would take 4 certifications with little extra effort.

Continue reading:

Continue Reading

CISSP certification: Phishing and vishing.

Phishing, Spear Phishing and Whale Phishing (Fishing spelled in hacker speak with Ph not F).

These are all types of social engineering, the attackers is trying to circumvent technical and administrative safeguards.

  • Phishing (Social Engineering Email Attack):
    • Click to win, Send information to get your inheritance …
    • Sent to hundreds of thousands of people; if just 0.02% follow the instructions they have 200 victims.
    • A Public Treasurer in Michigan sent 1,2m to Nigeria (1,1m of taxpayer funds and $72,000 of his own).
  • Spear Phishing:
    • Targeted Phishing, not just random spam, but targeted at specific individuals.
    • Sent with knowledge about the target (person or company); familiarity increases success.
  • Whale Phishing (Whaling):
    • Spear Phishing targeted at Senior Leadership of an organization.
    • This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.
  • Vishing (Voice Phishing):
    • Attacks over automated VOIP (Voice over IP) systems, bulk spam similar to Phishing.
    • These are: “Your taxes are due”, “Your account is locked” or “Enter your PII to prevent this” types of calls.
Continue Reading

IT Security – from (ISC)² “Is IT the solution to filling cybersecurity workforce gap?”

Is IT the solution to filling cybersecurity workforce gap?

Insights from the 2017 Global Information Security Workforce Study show that the IT players in your organization may be the key to filling the looming cybersecurity workforce gap. The survey was taken by 10,584 cyber and information security professionals in North America, and showed a projected 265,000 industry jobs will be left unfilled in 2022. Practitioners back up that data, with 68 percent indicating their organizations had too few security professionals. Filling a gap of that size with qualified professionals is daunting, but the help may already be in your organization in the information technology department. In North America, 87…


Continue Reading