InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Get 50% Off Our ITIL Distance Learning Training Course
ITIL qualifications are in high demand! We’re currently offering 50% off our ITIL 4 Foundation distance learning training course with promo code ITIL50. https://tidd.ly/3eb99n8
Get 30% Off Distance Learning Training Courses
ITG distance learning courses let you train at a time and place that suits you! We’re currently offering 30% off all our distance learning training courses with promo code DL30. https://tidd.ly/3sNintQ
Get 20% Off Our Live-Online Training Courses
Train from home or the office with 20% off our Live-Online training courses with promo code ONLINE20. https://tidd.ly/3rhitcT
Get 15% Off Our Toolkits Speed up your implementation and compliance projects with 15% off all our toolkits with promo code Toolkit15. https://tidd.ly/3uUB0Op
CYBERSECURITY: It’s not just a good idea. Register to learn more.
Please join Mary Ellen Seale, Founder/CEO of NCSS, Peter Levett, Chief of Staff from the cybersecurity firm SecureCircle, and Phil Bandy, CISO Sharevault from the safety of your desk on Thursday, March 4th at 9am PST as our experts explore this ongoing threat and offer best practices for mitigation.
If cybersecurity is part of your strategic plan for 2021, and it should be, then you might want to check out the National Cybersecurity Society (NCSS).
The National Cybersecurity Society is a community of participating technology professionals focused on helping small businesses stay safe online. The NCSS is a non-profit organization that provides cybersecurity education, awareness and advocacy to its small businesses members, specifically cybersecurity education tailored to the needs of the small business owner. The NCSS assists its small business members in assessing their cybersecurity risk, distributes threat information to members so that they will be more knowledgeable about the threats facing their business, and provides advice on the type of services needed to stay safe online. You know cybersecurity is important, but where do you start? What organizational assets do you need to protect? Is it only your IT assets? Is it your IP?
The NCSS website provides several helpful guides to get you started on your cybersecurity journey. At the top of the list is simply understanding and identifying what is vital to protect. It starts with employing a Risk Assessment Methodology This involves identifying your organizational assets (people, information, technology, facilities) and assigning the responsibility of those assets in order to protect them appropriately.
Once organizational assets are defined, the next step is to define the relationship between those assets and the high-value services they support. This requires a process that examines and validates this relationship through periodic reviews. Lastly, it requires your organization to maintain and sustain an inventory of these assets and high-value services. It’s important to keep this information up to date and modified when circumstances or events change.
STEP 1: INVENTORY
Create an inventory of your people – not just your employees, but your suppliers and partners, the data you need to run your business, the technology assets you need (computers, servers – the entire infrastructure), and the facilities needed to house and operate your business.
STEP 2: HIGH-VALUE SERVICES
Create a list of high-value services that keep your business functioning – logistics, financial, service delivery, assembly, manufacturing. Define what are the key services you need – those services that if lost, delayed or compromised would impact your business.
STEP 3: MAPPING
Create a mapping of people, data, technology and facilities to the high-value services they support. Define the relationship between these assets and the high-value services. Validate the relationship through periodic reviews. As an example, if the supplier for your medical equipment changes, and this supplier has been identified as key personnel, have you updated your mapping relationships? Did you review the contract with the new medical supplier to determine if anything has changed that would affect your service delivery? Leveraging your people to take responsibility for certain high-value services and keeping the critical information current is key to protecting your assets.
STEP 4: INVENTORY PLAN
A plan is only useful if it is kept current and up-to-date. Schedule an annual inventory and mapping exercise to ensure that the protection mechanisms you employ support valid assets. A good rule of thumb: Once a year.
STEP 5: CONTINUITY PLAN
A sound business strategy includes continuity plans. For all your high-value services that depend on critical people, data, technology and facilities, you will need a contingency plan in place in the event any of these assets is compromised. The NCSS also has helpful resources on how to develop a Continuity Plan.
If you’d like to learn more about The NCSS and best practices for cybersecurity for your business, please join ShareVault for our upcoming webinar on cybersecurity. For this webinar we’ve assembled a panel of cybersecurity experts (including the founder of The National Cybersecurity Society) to discuss the current cyberthreat landscape, the bad actors, and best practices for preventing a devastating breach that could cost your company millions.
The panel includes Mary Ellen Seale, Founder/CEO of NCSS, Peter Levett, Chief of Staff from the cybersecurity firm SecureCircle, and Phil Bandy, ShareVault’s Chief Information Security Officer who formerly provided information security to NASA.
Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”
End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits a login form, and only gets stripped off at the far end when the data arrives at its final destination, such as when a website receives the login form with your username and password in it.
End-to-end encryption over the internet doesn’t just mean that your data is encrypted while it’s in transit from node to node along its network journey – it’s supposed to be a stronger guarantee than that.
It not only means that your data isn’t decrypted while it’s at any “rest stops” along the way, such as when an email message is held at your ISP for delivery later on, but also means that your data cannot be decrypted along the way, no matter whether you trust the person operating that “rest stop” or not.
In Stephen King’s 1994 made-for-TV movie “The Stand,” most of the human race is wiped out by a deadly virus. As a result, power stations are unmanned and Americans are left without electricity for months. That is, until a husband and wife team works engineering magic at a power plant, flipping the right switches to bring the entire grid back online.
Anyone familiar with the black start process knows that in real life, it doesn’t happen with quite so much Hollywood pizzazz. But black start is a remarkable process and the controls and instrumentation used during a black start must operate with the utmost precision and speed.
A black start unit is one that can start its own power without support from the grid in the event of a major system collapse or a system-wide blackout. In the U.S., every region within the North American Electric Reliability Corp. (NERC) has its own black start plan and procedures. Each region also designates certain plants as black start units. The controls used on a black start unit include a DC auxiliary support system, an ignition source, a gas turbine and a diesel generator.
Carlo Barrera, senior consulting engineer at PAL Turbine Services LLC, has overseen several conversions of gas turbines to have black start capabilities, including projects for Puget Sound Energy and Massachusetts Municipal Wholesale Electric Co. For the city of Gardner, Kan., PAL installed its own programmable logic controller for turbine control. At a later date, black start capability was incorporated and proved out using a load bank.
Barrera said the DC auxiliary support system is perhaps the most important part of the control system. The battery system must have enough capability to provide DC power for multiple start attempts in case the gas turbine fails to start or fire the first time. “The battery systems need to have the capability in reserve power for two or three firing attempts if a true blackout emergency happens, since gas turbines don’t always start on the first attempt in a blackout situation,” Barrera said.
When the loss of AC power in the grid is noticed on a black-start turbine, an undervoltage relay initiates the start of numerous DC motor-driven auxiliaries. Devices like the turbine lube oil pump, liquid fuel forwarding pump, atomizing air compressor, starting clutch, diesel starting motor and shaft turning ratchet all require DC power to operate. DC auxiliary support system suppliers include GE, Siemens and ABB.
Due to technology’s entertaining nature, you are likely to spend more than the recommended amount of time on it. If you find yourself taking more than 5 hours daily on social media websites, that is already a sign that you are leading towards technology addiction. In such a case, you may not focus on college academic work. Consequently, you may record unimpressive grades.
You need to find a way to deal with such an addiction. Create a plan with the specific hours you intend to spend on different daily activities. Stick to your routine and fight the urge to use your phone at inappropriate times. Ensure you have hit your daily targets before you use your tablet.
The trick is to ensure you maintain your focus. Besides, do not forget about face-to-face communication. Find time to spend with your friends. You can leave your technological devices in one location and travel to a different destination. It helps to ensure that you can live without these devices without feeling uncomfortable.
Safeguard Your Identity as You Surf Online
Although the internet has numerous advantages, there are also pitfalls to its use. For example, some tech-savvy people have the expertise to find people’s passwords within minutes. If you are a lazy person who prefers simple passwords, you may become a victim. They can use this information to your detriment.
How do you ensure your details are safe as you work online? For every account you sign up for, use a strong password. It could be a mixture of lower and uppercase letters, numbers, and special characters. Where possible, use the two-step authentication feature.
What are the additional tips that can help you? When entering an account password, ensure there is no one peeking over your shoulders. Do not allow untrustworthy people to use your devices. Additionally, do not click suspicious links.
There is light at the end of the tunnel with Covid-19 and businesses will need to be ready for whatever it may bring. Perhaps not a business as usual or will it be a case of your customers may want to reduce their vendors and their services. In 2021 customers may want to do business with a vendor who secures their information and have a better chance of surviving disaster.
Embracing an ISO standard (ISO 27001/2) can help differentiate you from your competitors and show you as a business that can cope in this new world, using ISO standards as foundation will show the world what type of company you are, doing security stuff more efficiently, as well as effectively.
Working with DISC InfoSec who have 20 years’ experience in helping Businesses in the USA to successfully achieve ISO Certification by:
Advice and Guidance throughout the implementation and certification process
Risk assessment of existing Management System and Gap Analysis
Design, build and assess a tailor-made compliant ISO Management System
Write up all the Policies, Procedures and Flowcharts
ISMS manual with all the relevant clauses
Internal Auditor Instructions and training if required
Registration and Certification with a certificating Body of your choice
At DISC InfoSec we use International Register of Certificating Auditors (QSA/BSI) qualified Lead Auditors to carry out your implementation to ensure successful Certification.
Normal day-to-day life was brought to a halt by the COVID-19 pandemic, which greatly impacted the lives of virtually all people worldwide in unprecedented fashion. As people have stayed home and isolated themselves to avoid contracting and spreading the virus, there has been increased reliance on virtual connectivity due to a sharp increase in remote work and people performing their daily transactions over the internet.
This situation is now leading to an accelerated adoption of 5G architecture, resulting in a 5G-based Internet of Things (IoT) ecosystem. The 5G-based IoT ecosystem is a system of connected devices that reside on the 5G network. The benefits of the 5G network include providing new technology capabilities, allowing for higher productivity compared to previous mobile technologies, transferring and delivering 1,000x higher mobile data volume per area between devices, connecting a higher number of devices with a higher user data rate, providing 10x longer battery life for low power massive machine communications, and 5x reduced End-to-End (E2E) latency.
Due to the increased digital usage and the already existing risks and threats associated with current and previous cellular network technologies, there has been a higher number of data breaches and cyberattacks, with malicious actors taking advantage of citizens and businesses during the pandemic. Some of these identified risks/threats that lead to data breaches and cyber-attacks include:
Bidding down attacks, which weaken existing authentication mechanisms
Malicious network connections to networks by rogue user devices
Pretense of user devices roaming on networks
Sensitive data vulnerability due to poor data encryption or no encryption
Higher risk of attackers due to new remote access threats
Authentication traffic spikes due to acts by malicious actors
This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to: picture\4864.jpeg
* Keep your information secure
* Put the necessary controls on your home network, protecting your family from cyber crime
* Prevent identity theft when shopping online or using contactless payment
* Keep your children safe when using the Internet.
This book begins by taking the reader to the 30,000′ view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them to lower levels. I detail how to setup a security focussed distribution with all the tools and configuration options required for working through the book. We then walk through the Process and Practises that the attacker often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles.
The rest of the book focusses on the specific area on the cover of this book.
My intention with “Holistic Info-Sec for Web Developers” is in many ways to help you answer your own questions and show you that creating systems and arming people to withstand the types of attacks commonly encountered today is not our of reach of mere mortals. That by simply lifting the lower hanging fruit for an attacker often means they will move on to an easier target. Unless they are specifically targeting you. In which case you should find many of the risks and countermeasures I address, affective for increasing the difficulty for your attacker, and thus dramatically increasing your chances of defence and counter-attack.
Fascicle 0 focusses on:
1. The chosen threat modelling approach 2. Setting up your tool-belt 3. The process of penetration testing 4. A collection of processes and practises formulated from penetration testing, useful for augmenting each and every Scrum Sprint 5. Physical and People security
Learn Ethical Hacking & Cyber Security with this training bundle This ’9 Course Ethical Hacking Bundle’ from Total Training is for beginners and IT pros looking to learn how to protect sites against cyber threats. Learn about Firewalls, Social Engineering, Cyber Anonymity, Cryptography, and more.
With this 9 Course Ethical Hacking Bundle, you will get the training you need to land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings globally, and demand is greatly outpacing supply – which means more opportunity, job security, and higher pay for you!
This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to:
* Keep your information secure * Put the necessary controls on your home network, protecting your family from cyber crime * Prevent identity theft when shopping online or using contactless payment * Keep your children safe when using the Internet.
A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators.
Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.
“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.
“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”
The group has been active since 2019, the NetWalker ransomware has been offered with the Ransomware-as-a-Service (RaaS) model.
![Holistic InfoSec For Web Developers: Physical and People (Fascicle 0) by [Kim Carter, Russ McRee, Leanne Carter, Simon Bennetts]](https://m.media-amazon.com/images/I/51YryVRT2sL.jpg)
![9 Course Ethical Hacking Bundle [PC/Mac Online Code]](https://images-na.ssl-images-amazon.com/images/I/51EQWIKoa%2BL._AC_.jpg)
