CyberSecurity for Digital Operations

DigitalSecurity

 
This report examines the general state of security within business today, exploring the hurdles that are preventing companies from an ideal security posture and suggesting the steps that can lead to improved security in the digital economy.

As the technology industry enters the next phase of maturity, there are more questions about the implications of emerging trends operating on a global scale. Aside from social impact ramification, utmost reliance on digital data and the sweeping collection of personal information are highlighting the critical nature of information security and privacy.

Digital Transformation: From AI and IoT to Cloud, Blockchain, and Cybersecurity | MIT PE

Inside the CenturyLink Security Operations Center: Securing Your Digital Business

The Convergence (and Divergence) of IT and OT Cyber Security


Subscribe to DISC InfoSec blog by Email

Leave a Comment

The best practice guide for an effective infoSec function

Building ISMS

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization.

This comprehensive report is a must-have reference for executives, senior managers and folks interested in the information security management area.

 

Practice Guide

Open a PDF file The best practice guide for an effective infoSec function.

How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework

Beginners ultimate guide to ISO 27001 Information Security Management Systems

Conducting a cybersecurity risk assessment


Subscribe to DISC InfoSec blog by Email

Leave a Comment

The Adventures of CISO


The Adventures of CISO Ed & Co.

7 Types of Experiences Every Security Pro Should Have

Ten Must-Have CISO Skills

What CISO does for a living

CISOs and the Quest for Cybersecurity Metrics Fit for Business

CISO’s Library


Subscribe to DISC InfoSec blog by Email

Leave a Comment

Top 10 Cybersecurity Writing Mistakes

Want to strengthen your writing in under an hour? Watch the video below to help you avoid the top 10 writing mistakes you may encounter when working as a cybersecurity professional.

Source: Top 10 Cybersecurity Writing Mistakes

Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them


SANS Writing Course | Writing CheatSheet

Burying the Main Point – Common Cybersecurity Writing Mistakes


Overstuffing the Paragraphs – Common Cybersecurity Writing Mistakes


Subscribe to DISC InfoSec blog by Email

Leave a Comment

A CISO’s Guide to Bolstering Cybersecurity Posture

iso27032

When It Come Down To It, Cybersecurity Is All About Understanding Risk

Risk Management Framework for Information Systems

How to choose the right cybersecurity framework

Improve Cybersecurity posture by using ISO/IEC 27032

Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture

CSET Cyber Security Evaluation Tool – ICS/OT


Subscribe to DISC InfoSec blog by Email

Leave a Comment

5 Updates from PCI SSC That You Need to Know

As payment technologies evolve, so do the requirements for securing cardholder data.

Source: Slideshows – Dark Reading

PCI DSS: Looking Ahead to Version 4.0

3 Primary Goals for PCI DSS Version 4.0

What is PCI DSS? | A Brief Summary of the Standard


How to Achieve PCI DSS Compliance on AWS


Subscribe to DISC InfoSec blog by Email

Leave a Comment

CCPA – The California Consumer Privacy Act

More detail on site: Steps to CCPA Compliance roadmap

Everything You Need To Know About CCPA 2018



Subscribe to DISC InfoSec blog by Email

Leave a Comment

State of OT/ICS CyberSecurity

State of OT/ICS Cybersecurity 2019 [Infographic via SANS Institute]

State of ICS/OT CyberSecurity: pdf

Guide to Industrial Control Systems (ICS) Security

Independent Study Pinpoints Significant SCADA/ICS Security Risks

Cyber-Security and Governance for Industrial Control Systems


NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology



NSM/threat hunting in OT/ICS/SCADA environments

The Convergence (and Divergence) of IT and OT Cyber Security

ICS Security Assessment Methodology, Tools & Tips


Subscribe to DISC InfoSec blog by Email

Leave a Comment

Live and let live InfoSec

User vs Security

secret password
Live and let live InfoSec

The average person’s take on security control: they have real jobs to do, and security isn’t one of them. so remember ‘usability vs bypass security control’ when designing a new control. Please feel free to share your opinion on this.



Funny business meeting illustrating how hard it is for an (infosec) engineer to fit into the corporate world!


parkour vs security chase


Subscribe to DISC InfoSec blog by Email

Leave a Comment

10 Most Critical API Security Risks

10 Most Critical API Security Risks [2019] – OWASP Foundation

Advanced Web Application Scanning with OWASP Zed Attack Proxy (ZAP)

Web Application Security and OWASP – Top 10 Security Flaws

Ethical Hacking 101: Web App Penetration Testing


Subscribe to DISC InfoSec blog by Email

Leave a Comment

How to get started with the NIST Cybersecurity Framework (CSF) – Expel

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

Source: How to get started with the NIST Cybersecurity Framework (CSF) – Expel

Virtual Session: NIST Cybersecurity Framework Explained

CSS2017 Session 14 SANS Training – NIST Cyber Security Framework

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka


Free PDF download: NIST Cybersecurity Framework and ISO 27001 | IT Governance USA


Subscribe to DISC InfoSec blog by Email

Leave a Comment

7 Steps to Web App Security

Emerging technologies are introducing entirely new ways to reach, act, and interact with people. That makes app security more important than ever.

Source: 7 Steps to Web App Security

Titles: Web App Security

Securing Web Applications


Application Security – Understanding, Exploiting and Defending against Top Web Vulnerabilities


Web Application Security and OWASP – Top 10 Security Flaws


Ethical Hacking 101: Web App Penetration Testing – a full course for beginners





Subscribe to DISC InfoSec blog by Email

Leave a Comment

Insider Threat Report

Insider Threat Report [Verizon]

What is Insider Threat?

A Framework to Effectively Develop Insider Threat Controls


Insider Threats:
A Worst Practices Guide to Preventing Leaks, Attacks, Theft, and Sabotage


Subscribe to DISC InfoSec blog by Email

Leave a Comment

What’s your Password?!

Very funny 😂 security password reminder, not funny that this is real!

Most Hilarious 😹 WiFi Names

Obama 😎 finds ways to make cybersecurity funny 😎




Subscribe to DISC InfoSec blog by Email

Leave a Comment

What the New NIST Privacy Framework Means to You

Big news is coming when NIST takes the wraps off a new privacy framework. Thanks to the General Data Privacy Regulation (GDPR) of the European Union, which took full effect in May 2018, privacy is at center stage worldwide. Penalties are being meted out for violations, and organizations of all kinds need to understand and comply with the law. In addition, the California Consumer Privacy Act (CCPA) was enacted in June 2018, with many other states working on similar bills.

Source: What the New NIST Privacy Framework Means to You

Developing the NIST Privacy Framework – Part 1


Developing the NIST Privacy Framework – Part 2


Developing the NIST Privacy Framework – Part 3


NIST Privacy Framework: An Enterprise Risk Management Tool


Leave a Comment

‘2019 is the year of enforcement’: GDPR fines have begun

The Information Commissioner’s Office levied fines against British Airways and Marriott International for violating the GDPR.

Source: ‘2019 is the year of enforcement’: GDPR fines have begun – Digiday

British Airways faces $230 million fine over GDPR breach

Marriott Faces GDPR Fines: A DPO and CISO Discussion

Steps to GDPR Compliance




Archived GDPR posts

Subscribe to DISC InfoSec blog by Email

Leave a Comment

State of Cyber Security

State of Cyber Security – 2019 Annual Report

A View from the Front Lines of Cybersecurity


 

Enter your email address:

Delivered by FeedBurner

DISC InfoSec 🔒 securing the business 🔒 Learn more

Leave a Comment

Data Loss Prevention: Protect Yourself, Your Family, and Your Business

 

 

photo courtesy of Unsplash

By Jasmine Dyoco

Another day, another data breach. Lately, it seems like we can’t go more than a few days without hearing about another cyber attack. Data breaches have recently occurred at health insurance providers like Anthem, banks like Capital One, and even the Equifax credit bureau. If there’s anything these recent hacks have shown us, it’s that no industry is safe.
Social Security numbers, credit cards, and passwords are just some of the types of compromised data. Given the number of recent attacks, Bloomberg reports that some cybersecurity professionals now make millions of dollars per year.
Massive amounts of information have been stolen. According to The Week, “virtually everyone in the U.S. has been affected by a data breach in some way — even those who never go online.” If you’re worried a hacker might have your data, here’s how you can protect yourself and your family:

 

Malware and Viruses

Malware and computer viruses are common ways that scammers get sensitive information. Contrary to popular belief, Macs (and smartphones and tablets) can get viruses. Whether you use Mac, Windows, Linux, or an iPad, protecting your computer against viruses also protects your information.

According to Secure Data Recovery, proactive actions can help keep hackers and viruses from accessing your data. Use strong passwords that are hard to guess. A sentence or phrase is stronger than a single word, for example. You should also install a firewall and antivirus software. Save backups of your files to a device like an external hard drive. Alternatively, you could also save data to the cloud using Google Drive or similar.

 

Security and Compliance

Cyber threats are continually evolving. By having an information security (InfoSec) plan in place, you can protect data from falling into the wrong hands. InfoSec helps organizations maintain confidentiality while complying with industry regulations.  DISC help the organization to succeed in infosec and Privacy program by building and assessing Information Security Management System (ISMS) and Privacy Information Management System (PIMS) based on various standards and regulations.

For instance, Deura Information Security Consulting (DISC) can perform a risk assessment to identify the security risks. Based on those gaps, they’ll help you create a “safe, secure, and resilient cyber environment.” Additionally, they’ll help your organization comply with regional cyber laws. Those laws include Europe’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

 

Protect Your Teens 

Nobody is safe from online attacks. Unfortunately, that includes children and teenagers. Some scams specifically target teens and young adults. One example is phishing, which tricks teens into revealing their social media passwords. Teens are also susceptible to phishing scams that include “urgent” subject lines. These scams often trick people into clicking a link to avoid missing a once-in-a-lifetime opportunity.

To protect your children, the InfoSec Institute advises telling them to keep their login information private and to never click on social media links via email. Teach them red flags, like email scams claiming they’ve won money or website URLs that have misspellings or extra letters. Your whole family can learn what to look for by practicing with a phishing simulator.

 

Credit Freezes and Monitoring

Many people believe cybercriminals only steal money. The reality is that many of them are interested in stealing data, identities, or intellectual property. In the event that you do experience data loss, whether due to a virus, malware, or online scam, it’s essential to take action.

According to the IRS, you should report identity theft to the FTC, your bank, and each of the credit bureaus. You might want to freeze your credit and place a one-year alert on your credit report. Credit monitoring companies can help you protect your credit score by alerting you of any fraudulent activity. If you follow the tips listed above, you can recover your data and protect yourself from future attacks.




Comments (1)

Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor

Researchers discovered multiple flaws in more than 40 drivers from at least 20 different vendors that could to install a persistent backdoor on Windows PCs.

Source: Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor

The security flaw in more than 40 Device Drivers from 20 hardware vendors


Subscribe to DISC InfoSec blog by Email

Leave a Comment

Why do organizations need to conduct a penetration test?

12 desirable reasons why an organization should carry out a penetration test:

  1.  Assess potential business and operational impacts of successful attacks and determine the feasibility of a particular set of attack vectors.
  2.  Identify higher-risk vulnerabilities resulting from lower-risk vulnerabilities exploited in a particular way.
  3. To comply with security regulations or standards, e.g. ISO 27001, NIST CSF, NIST 800-171HIPAAPCI DSS or the EU GDPR.
  4. To ensure the security of new applications or significant changes to business processes.
  5. To manage the risks of using a greater number and variety of outsourced services.
  6. To assess the risk of critical data or systems being compromised by an incident.
  7. In preparation for any upcoming external audits, such as FFIEC audits performed by third-party providers.
  8. To determine the weakness in the infrastructure (hardware), application (software) and people in order to develop controls.
  9. Save Remediation Costs and Reduces Network Downtime.
  10. To develop Efficient Security Measures.
  11. Provide evidence to support increased investments in security personnel and technology.
  12. At the end of the day, it’s basic due diligence, to find out about the vulnerability before someone else does.

I’ll Let Myself In: Tactics of Physical Pen Testers

#SANS Pen Test HackFest Summit

 

DISC InfoSec Recommended Pen Testing Titles


Penetration Testing Services Procurement Guide

Contact DISC InfoSec to discuss your information security assessment (pen test) requirements

Enter your email address:

Delivered by FeedBurner

Leave a Comment