The Adventures of CISO Ed & Co.
7 Types of Experiences Every Security Pro Should Have
CISOs and the Quest for Cybersecurity Metrics Fit for Business
Subscribe to DISC InfoSec blog by Email
Oct 07 2019
Top 10 Cybersecurity Writing Mistakes
Want to strengthen your writing in under an hour? Watch the video below to help you avoid the top 10 writing mistakes you may encounter when working as a cybersecurity professional.
Source: Top 10 Cybersecurity Writing Mistakes
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
httpv://youtu.be/V7lO7UgxQV4
SANS Writing Course | Writing CheatSheet
Burying the Main Point – Common Cybersecurity Writing Mistakes
httpv://www.youtube.com/watch?v=xM6PgakpLgU
Overstuffing the Paragraphs – Common Cybersecurity Writing Mistakes
 
|
 
|
Subscribe to DISC InfoSec blog by Email
Oct 06 2019
A CISO’s Guide to Bolstering Cybersecurity Posture
When It Come Down To It, Cybersecurity Is All About Understanding Risk
Risk Management Framework for Information Systems
How to choose the right cybersecurity framework
Improve Cybersecurity posture by using ISO/IEC 27032
httpv://www.youtube.com/watch?v=NX5RMGOcyBM
Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture
httpv://www.youtube.com/watch?v=C8WGPZwlfj8
CSET Cyber Security Evaluation Tool – ICS/OT
httpv://www.youtube.com/watch?v=KzuraQXDqMY
Subscribe to DISC InfoSec blog by Email
Oct 04 2019
5 Updates from PCI SSC That You Need to Know
As payment technologies evolve, so do the requirements for securing cardholder data.
Source: Slideshows – Dark Reading
PCI DSS: Looking Ahead to Version 4.0
3 Primary Goals for PCI DSS Version 4.0
What is PCI DSS? | A Brief Summary of the Standard
httpv://www.youtube.com/watch?v=szVmMxWORBc
How to Achieve PCI DSS Compliance on AWS
httpv://www.youtube.com/watch?v=qx4OwP0VIyU
Subscribe to DISC InfoSec blog by Email
Oct 01 2019
CCPA – The California Consumer Privacy Act
More detail on site: Steps to CCPA Compliance roadmap
Everything You Need To Know About CCPA 2018
Subscribe to DISC InfoSec blog by Email
Sep 27 2019
State of OT/ICS CyberSecurity
State of OT/ICS Cybersecurity 2019 [Infographic via SANS Institute]
State of ICS/OT CyberSecurity: pdf
Guide to Industrial Control Systems (ICS) Security
Independent Study Pinpoints Significant SCADA/ICS Security Risks
Cyber-Security and Governance for Industrial Control Systems
NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology
NSM/threat hunting in OT/ICS/SCADA environments
httpv://www.youtube.com/watch?v=_w8usX9_daE
The Convergence (and Divergence) of IT and OT Cyber Security
httpv://www.youtube.com/watch?v=7ZnfuFzB-XM
ICS Security Assessment Methodology, Tools & Tips
Subscribe to DISC InfoSec blog by Email
Sep 26 2019
Live and let live InfoSec
User vs Security
The average person’s take on security control: they have real jobs to do, and security isn’t one of them. so remember ‘usability vs bypass security control’ when designing a new control. Please feel free to share your opinion on this.
Funny business meeting illustrating how hard it is for an (infosec) engineer to fit into the corporate world!
httpv://www.youtube.com/watch?v=BKorP55Aqvg
parkour vs security chase
httpv://www.youtube.com/watch?v=Hnv5OOpr4ug
Subscribe to DISC InfoSec blog by Email
Sep 23 2019
10 Most Critical API Security Risks
10 Most Critical API Security Risks [2019] – OWASP Foundation
Advanced Web Application Scanning with OWASP Zed Attack Proxy (ZAP)
httpv://www.youtube.com/watch?v=CbMKX8on9bA&list=PLqpLl_iGMLnCR5x6Smky2E2RdqCdqbYZ1
Web Application Security and OWASP – Top 10 Security Flaws
httpv://www.youtube.com/watch?v=j5PuYFCS0Iw
Ethical Hacking 101: Web App Penetration Testing
httpv://www.youtube.com/watch?v=2_lswM1S264
  |
  |
Subscribe to DISC InfoSec blog by Email
Sep 21 2019
How to get started with the NIST Cybersecurity Framework (CSF) – Expel
We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.
Source: How to get started with the NIST Cybersecurity Framework (CSF) – Expel
The CyberSecurity Framework Ver 1.1 Preso
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/09/NIST-CSF-1.1-preso.pdf” title=”NIST CSF 1.1 preso”]
Virtual Session: NIST Cybersecurity Framework Explained
httpv://www.youtube.com/watch?v=nFUyCrSnR68
CSS2017 Session 14 SANS Training – NIST Cyber Security Framework
httpv://www.youtube.com/watch?v=I-s4bAzH7t0
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka
httpv://www.youtube.com/watch?v=uk8-jJgu8-I
Free PDF download: NIST Cybersecurity Framework and ISO 27001 | IT Governance USA
Subscribe to DISC InfoSec blog by Email
Sep 14 2019
7 Steps to Web App Security
Emerging technologies are introducing entirely new ways to reach, act, and interact with people. That makes app security more important than ever.
Source: 7 Steps to Web App Security
Titles: Web App Security
Securing Web Applications
httpv://www.youtube.com/watch?v=WlmKwIe9z1Q
Application Security – Understanding, Exploiting and Defending against Top Web Vulnerabilities
httpv://www.youtube.com/watch?v=sY7pUJU8a7U
Web Application Security and OWASP – Top 10 Security Flaws
httpv://www.youtube.com/watch?v=j5PuYFCS0Iw
Ethical Hacking 101: Web App Penetration Testing – a full course for beginners
httpv://www.youtube.com/watch?v=2_lswM1S264
Subscribe to DISC InfoSec blog by Email
Sep 10 2019
Insider Threat Report
Insider Threat Report [Verizon]
What is Insider Threat?
httpv://www.youtube.com/watch?v=gwaA2xEPSEs
A Framework to Effectively Develop Insider Threat Controls
httpv://www.youtube.com/watch?v=BDMIOzdVnGE
Insider Threats:
A Worst Practices Guide to Preventing Leaks, Attacks, Theft, and Sabotage
httpv://www.youtube.com/watch?v=tkB4FLEEq74
Subscribe to DISC InfoSec blog by Email
Sep 09 2019
What’s your Password?!
Very funny 😂 security password reminder, not funny that this is real!
httpv://www.youtube.com/watch?v=_u8Rss3W4Wg
Most Hilarious 😹 WiFi Names
httpv://www.youtube.com/watch?v=YDkt0FMcGLs
Obama 😎 finds ways to make cybersecurity funny 😎
httpv://www.youtube.com/watch?v=NpNk-tEkW_Q
Subscribe to DISC InfoSec blog by Email
Aug 27 2019
What the New NIST Privacy Framework Means to You
Big news is coming when NIST takes the wraps off a new privacy framework. Thanks to the General Data Privacy Regulation (GDPR) of the European Union, which took full effect in May 2018, privacy is at center stage worldwide. Penalties are being meted out for violations, and organizations of all kinds need to understand and comply with the law. In addition, the California Consumer Privacy Act (CCPA) was enacted in June 2018, with many other states working on similar bills.
Source: What the New NIST Privacy Framework Means to You
Developing the NIST Privacy Framework – Part 1
httpv://www.youtube.com/watch?v=W-snx9jRFf4
Developing the NIST Privacy Framework – Part 2
httpv://www.youtube.com/watch?v=gZ7ED0t09zk
Developing the NIST Privacy Framework – Part 3
NIST Privacy Framework: An Enterprise Risk Management Tool
Aug 22 2019
‘2019 is the year of enforcement’: GDPR fines have begun
The Information Commissioner’s Office levied fines against British Airways and Marriott International for violating the GDPR.
Source: ‘2019 is the year of enforcement’: GDPR fines have begun – Digiday
British Airways faces $230 million fine over GDPR breach
httpv://www.youtube.com/watch?v=CUVrcuIvBOY
Marriott Faces GDPR Fines: A DPO and CISO Discussion
httpv://www.youtube.com/watch?v=5KKXLSnW9Zc
Subscribe to DISC InfoSec blog by Email
Aug 18 2019
State of Cyber Security
State of Cyber Security – 2019 Annual Report
A View from the Front Lines of Cybersecurity
DISC InfoSec 🔒 securing the business 🔒 Learn more
Aug 15 2019
Data Loss Prevention: Protect Yourself, Your Family, and Your Business
photo courtesy of Unsplash
By Jasmine Dyoco
Another day, another data breach. Lately, it seems like we can’t go more than a few days without hearing about another cyber attack. Data breaches have recently occurred at health insurance providers like Anthem, banks like Capital One, and even the Equifax credit bureau. If there’s anything these recent hacks have shown us, it’s that no industry is safe.
Social Security numbers, credit cards, and passwords are just some of the types of compromised data. Given the number of recent attacks, Bloomberg reports that some cybersecurity professionals now make millions of dollars per year.
Massive amounts of information have been stolen. According to The Week, “virtually everyone in the U.S. has been affected by a data breach in some way — even those who never go online.” If you’re worried a hacker might have your data, here’s how you can protect yourself and your family:
Malware and Viruses
Malware and computer viruses are common ways that scammers get sensitive information. Contrary to popular belief, Macs (and smartphones and tablets) can get viruses. Whether you use Mac, Windows, Linux, or an iPad, protecting your computer against viruses also protects your information.
According to Secure Data Recovery, proactive actions can help keep hackers and viruses from accessing your data. Use strong passwords that are hard to guess. A sentence or phrase is stronger than a single word, for example. You should also install a firewall and antivirus software. Save backups of your files to a device like an external hard drive. Alternatively, you could also save data to the cloud using Google Drive or similar.
Security and Compliance
Cyber threats are continually evolving. By having an information security (InfoSec) plan in place, you can protect data from falling into the wrong hands. InfoSec helps organizations maintain confidentiality while complying with industry regulations. DISC help the organization to succeed in infosec and Privacy program by building and assessing Information Security Management System (ISMS) and Privacy Information Management System (PIMS) based on various standards and regulations.
For instance, Deura Information Security Consulting (DISC) can perform a risk assessment to identify the security risks. Based on those gaps, they’ll help you create a “safe, secure, and resilient cyber environment.” Additionally, they’ll help your organization comply with regional cyber laws. Those laws include Europe’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
Protect Your Teens
Nobody is safe from online attacks. Unfortunately, that includes children and teenagers. Some scams specifically target teens and young adults. One example is phishing, which tricks teens into revealing their social media passwords. Teens are also susceptible to phishing scams that include “urgent” subject lines. These scams often trick people into clicking a link to avoid missing a once-in-a-lifetime opportunity.
To protect your children, the InfoSec Institute advises telling them to keep their login information private and to never click on social media links via email. Teach them red flags, like email scams claiming they’ve won money or website URLs that have misspellings or extra letters. Your whole family can learn what to look for by practicing with a phishing simulator.
Credit Freezes and Monitoring
Many people believe cybercriminals only steal money. The reality is that many of them are interested in stealing data, identities, or intellectual property. In the event that you do experience data loss, whether due to a virus, malware, or online scam, it’s essential to take action.
According to the IRS, you should report identity theft to the FTC, your bank, and each of the credit bureaus. You might want to freeze your credit and place a one-year alert on your credit report. Credit monitoring companies can help you protect your credit score by alerting you of any fraudulent activity. If you follow the tips listed above, you can recover your data and protect yourself from future attacks.
How to report and protect yourself from credit card fraud
How to prevent credit card fraud amid coronavirus pandemic
The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime
Aug 12 2019
Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor
Researchers discovered multiple flaws in more than 40 drivers from at least 20 different vendors that could to install a persistent backdoor on Windows PCs.
Source: Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor
The security flaw in more than 40 Device Drivers from 20 hardware vendors
Subscribe to DISC InfoSec blog by Email
Aug 07 2019
Why do organizations need to conduct a penetration test?
12 desirable reasons why an organization should carry out a penetration test:
- Assess potential business and operational impacts of successful attacks and determine the feasibility of a particular set of attack vectors.
- Identify higher-risk vulnerabilities resulting from lower-risk vulnerabilities exploited in a particular way.
- To comply with security regulations or standards, e.g. ISO 27001
, NIST CSF
, NIST 800-171
, HIPAA
, PCI DSS
or the EU GDPR
.
- To ensure the security of new applications or significant changes to business processes.
- To manage the risks of using a greater number and variety of outsourced services.
- To assess the risk of critical data or systems being compromised by an incident.
- In preparation for any upcoming external audits, such as FFIEC audits performed by third-party providers.
- To determine the weakness in the infrastructure (hardware), application (software) and people in order to develop controls.
- Save Remediation Costs and Reduces Network Downtime.
- To develop Efficient Security Measures.
- Provide evidence to support increased investments in security personnel and technology.
- At the end of the day, it’s basic due diligence, to find out about the vulnerability before someone else does.
I’ll Let Myself In: Tactics of Physical Pen Testers
#SANS Pen Test HackFest Summit
DISC InfoSec Recommended Pen Testing Titles
Penetration Testing Services Procurement Guide
Contact DISC InfoSec to discuss your information security assessment (pen test) requirements
Aug 05 2019
The scramble to secure America’s voting machines
Paperless voting devices are a gaping weakness in the patchwork U.S. election system, security experts say. But states and counties are making uneven progress in replacing them, a POLITICO survey reveals.
Source: The scramble to secure America’s voting machines
America’s Voting Machines Are Extremely Vulnerable to Hacking | NowThis
Jul 30 2019
How to become a data protection officer
As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines. In this latest blog discover what a DPO’s tasks are and how to become one.
For many organizations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection officer).
The demand for DPOs makes it an ideal job role for those looking to advance their career. You need plenty of experience, as well as demonstrable soft skills, but it provides an opportunity with plenty of room for growth. Let’s take a look at how you can get started.
WHAT A DPO DOES
It’s worth summarising exactly what a DPO’s tasks are because you’ll see that they are responsible for more than simply reviewing GDPR compliance.
Yes, they are broadly tasked with advising organizations on how to comply with their legal requirements concerning data protection. But that doesn’t just include things like monitoring policies and looking into the need for DPIAs (data protection impact assessments).
It also involves helping staff understand their data protection obligations and serving as a point of contact for individuals who contact the organization with data protection and privacy queries.
This means that DPOs will be regularly discussing the GDPR to people who aren’t technically minded. As such, they must have strong communication skills and be capable of explaining complex issues without using jargon.
It’s much harder to teach skills like that than to train someone on the ins and outs of the GDPR, but still eminently possible.
SPECIALIST DPO TRAINING
If you’re interested in becoming a DPO, you will benefit massively from taking a training course dedicated to the role. It will help you understand the technical requirements of the GDPR and how they apply to each part of your job role and give you practical experience of the tasks you’re responsible for.
For example, you can understand exactly what’s required when performing, say, a DPIA, but you need to be aware of your boundaries. DPOs must operate independently and without any conflict of interest. Taking too active a role in tasks like this jeopardize your status as an advisor and violate the GDPR’s requirements.
IT Governance’s Certified Data Protection Officer (C-DPO) Masterclass Training Course gives you the technical and spatial expertise you need to become a DPO.
Over four days, our expert trainers will help you hone your knowledge of the GDPR and show you how to use that knowledge appropriately while fulfilling your tasks as a DPO.
If you already have a strong understanding of the GDPR, you might prefer our Certified Data Protection Officer (C-DPO) Upgrade Training Course.
This two-day course builds on the knowledge you would have gained from passing the GDPR Practitioner exam, focusing on the practical application of the Regulation in the workplace.
Source: How to become a data protection officer
GDPR Training
  |
  |
  |
  |
« Previous Page — Next Page »
