InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Jun 13 2020
Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away.
Source: Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 12 2020
Facebook says deepfakes are not currently a big issue, but it wants to be prepared.
Source: Facebook contest reveals deepfake detection is still an “unsolved problem”
Best Of Deep Fakes Compilation
httpv://www.youtube.com/watch?v=xkqflKC64IM
Funniest DeepFakes *Compilation* II.
httpv://www.youtube.com/watch?v=RpRlrrNwr4U
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 11 2020
Encryption is a critical component of a defense-in-depth strategy, which is a security approach with a series of defensive mechanisms designed so that if one security mechanism fails, there’s at least one more still operating. As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve […]
Source: The importance of encryption and how AWS can help | Amazon Web Services
Why is Encryption Important? – Why is Cybersecurity Important Episode 1
httpv://www.youtube.com/watch?v=EZSjs8A7lmA
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 10 2020
In the months and years ahead, deepfakes threaten to grow from an Internet oddity to a widely destructive political and social force.
Source: Deepfakes Are Going To Wreak Havoc On Society. We Are Not Prepared.
Best Of Deep Fakes Compilation
httpv://www.youtube.com/watch?v=xkqflKC64IM
Funniest DeepFakes *Compilation* II.
httpv://www.youtube.com/watch?v=RpRlrrNwr4U
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 09 2020
Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008.
Source: Windows Group Policy flaw lets attackers gain admin privileges
Windows Security: The dashboard for device protections
httpv://www.youtube.com/watch?v=e_Z2bk7Cp1g
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 08 2020
Fear of the coronavirus is speeding up efforts to allow voting from home, but some of them pose security risks and may make it easier for Vladimir V. Putin, or others, to hack the vote.
Source: Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
Tech giants meet with government agencies to talk 2020 election security
httpv://www.youtube.com/watch?v=iXpL7A35hX0
The Trouble With Election Security
httpv://www.youtube.com/watch?v=TgKPkfuNV4s
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 06 2020
As more people work from home due to COVID-19, cybersecurity operations are facing tremendous challenges. These five principles can help Chief Information Security Officers (CISOs) and cybersecurity leaders ensure effective business continuity in the “new normal.”
Source: 5 principles for effective cybersecurity leadership in a post-COVID world
7 Security Risks and Hacking Stories for Web Developers
httpv://www.youtube.com/watch?v=4YOpILi9Oxs
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
May 22 2020
What a crazy world we live in – employees working from home, “dirty” personal devices being used to access corporate data, furloughed employees still maintaining corporate IT assets and access – all while the quantity and variety of cyberattacks and fraud is drastically increasing. Corporate security executives have never had a harder set of challenges to deal with.
Source: Security executives succeeding in the chaotic coronavirus world
The collective response to this question is that security executives are most worried about the increase in phishing campaigns and fraud, especially with distracted employees who aren’t as diligent with security hygiene while working from home. As one executive stated, “My greatest concern right now is social engineering resulting from cyberattacks on people wherever they are. High stress means reduced cognitive functions, so attackers may find it easier to do social engineering, which opens the door to everything else.”
Other major concerns include mitigating the impact of an increased attack surface and the need to enhance remote access controls to make certain organizational security levels are met despite a large majority of employees working remotely. For example, one executive further explained that she was most focused on mitigating the impact of this increased attack surface, particularly enhancing remote access controls such that the organization would be secure even if 100% of the employees were now remote. Enhancements to firewall, NAC, DLP and other solutions were required. Vendor risk also was a much greater concern for this executive, with third parties potentially now more vulnerable.
httpv://youtu.be/L0uQplBNTt4
May 22 2020
By: Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal, and Darren Hulem, IT and Risk Analyst The COVID-19 crisis, with a new reliance on working from home and an overburdened healthcare system, has opened a new door for cybercriminals. New tactics include malicious emails claiming the recipient was exposed COVID-19, to attacks on…Read more ›
Source: Consider a Virtual CISO to Meet Your Current Cybersecurity Challenges | GRF CPAs & Advisors
Small- to medium-sized nonprofits and associations are particularly at risk, and many are now employing an outsourced Chief Information Security Officer (CISO), also known as a Virtual CISO (vCISO), as part of their cybersecurity best practices.
vCISO model not only offers flexibility over time as the organization changes, providers are also able to deliver a wide range of specialized expertise depending on the client’s needs.
The vCISO offers a number of advantages to small- and medium-sized organizations and should be part of every nonprofit’s or association’s risk management practices.
Virtual CISO and Security Advisory – Download a #vCISO template!
httpv://www.youtube.com/watch?v=N40pCn77fcE
May 17 2020
What are enterprises seeking in their next CISO – a technologist, a business leader or both? Joyce Brocaglia of Alta Associates shares insights on the key qualities
What kinds of CISOs are being replaced? Brocaglia says that an inability to scale and a tactical rather than strategic orientation toward their role are two reasons companies are looking to replace the leaders of their security teams—or place them underneath a more senior cybersecurity executive. They are looking for professionals with broad leadership skills rather than a “one-trick pony.”
Today’s organizations want the CISO to be intimately involved as a strategic partner in digital transformation initiatives being undertaken. This means that their technical expertise must be broader than just cybersecurity, and they must have an understanding of how technology impacts the business—for the better and for the worse. And candidates must be able to explain the company’s security posture to the board and C-suite in language they understand—and make recommendations that reflect an understanding of strategic risk management.
CISOs who came up through the cybersecurity ranks are sometimes at a disadvantage as the CISO role becomes more prominent—and critical to the business. Professionals in this position will do well to broaden their leadership skills and credentials, sooner rather than later.
Source: CISO Recruitment: What Are the Hot Skills?
Interview with Joyce Brocaglia, CEO, Alta Associates
