Oct 19 2015

New York Stock Exchange cybersecurity guide recommends ISO 27001

Category: ISO 27kDISC @ 11:11 am

NYSE
byĀ Neil Ford

The New York Stock Exchange (NYSE) has released a 355-page guide to cybersecurity (Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers), written by more than 80 individual contributors representing organizations including Booz Allen Hamilton, Dell SecureWorks, Georgia Institute of Technology, the Internet Security Alliance, Rackspace Inc., the US Department of Justice Cybersecurity Unit, Visa, Wells Fargo, and the World Economic Forum.

This ā€˜definitive guideā€™ collects ā€œthe expertise and experience of CEOs, CIOs, lawyers, forensic experts, consultants, academia, and current and former government officialsā€, and ā€œcontains practical and expert advice on a range of cybersecurity issues including compliance and breach avoidance, prevention and response.ā€

ā€œNo issue today has created more concern within corporate C-suites and boardrooms than cybersecurity risk.ā€

Tom Farley, President, New York Stock Exchange

Among the reportā€™s many opinions is one that we at IT Governance have maintained for a long time: the recommendation that organizations align their cybersecurity program with ā€œat least one standardā€¦ so progress and maturity can be measured. In determining which standard to use as a corporate guidepost, organizations should consider the comprehensiveness of the standard. [ā€¦] ISO/IEC 27001ā€¦ is a comprehensive standard and a good choice for any size of organization because it is respected globally and is the one most commonly mapped against other standards.ā€

All NYSE-listed company board members will receive a copy of the guide; if you are yet to receive your copy, it can be downloadedĀ here >>

For more information on ISO 27001 and how it can help your organization with a best-practice cybersecurity posture,Ā click here >>

ā€œThis is not simply an IT issue. It is a business problem of the highest level.ā€

Charles W. Scharf, CEO, Visa Inc.

ISO 27001 information security management

An information security management system (ISMS), as described by ISO 27001, provides a risk-based approach to information security that enables organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls. An ISMS addresses people, processes, and technology, providing an enterprise-wide approach to protecting information ā€“ in whatever form it is held ā€“ based on the specific threats the organization actually faces, thereby limiting the inadvertent threats posed by untrained staff, inadequate procedures, out-of-date software solutions, and more.

Priced from only $659, IT Governanceā€™sĀ ISO 27001 Packaged SolutionsĀ provide unique information security implementation resources for all organizations, whatever their size, budget, or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organizations to implement an ISMS with the minimum of disruption and difficulty.


Tags: Information Security Management System, ISO/IEC 27001, NYSE

Mar 08 2010

Nuke hack attack puts military on high alert

Category: CybercrimeDISC @ 2:56 pm

Chinese, North Koreans suspects in security breach
By Mike Maloof

WASHINGTON, D.C. ā€“ A message that North Korea had conducted a nuclear attack on the Japanese island of Okinawa turned out to be false, but the fact it was delivered via U.S. military communications has prompted a high alert, according to U.S. officials who asked to remain anonymous.

U.S. military channels were hacked either by the Chinese or North Koreans, the source said. Access to such communications ā€“ even unclassified military systems ā€“ suggests a serious breach of technology security.

A Pentagon spokesman declined comment.

A purportedly “U/FOUO” or “Unclassified but For Official Use Only” message claimed to have been put out Saturday by the Office of National Intelligence and prepared by the Defense Intelligence Agency. It said:

“Today, March 06, 2010 at 11.46 AM local time (UTC/GMT -5 hours),US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to (sic) National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead (sic). The explosion caused severe destructions (sic) in the northern part of the (sic) Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.”

An analyst noted the grammatical errors suggested the text was written by someone who has not yet mastered the English language use of articles.

The report included a long list of U.S. agencies that should be on alert, from the Central Intelligence Agency, the Department of State and the Department of Homeland Security to the Air Force, Army, Coast Guard, Marine Corps and Navy.

U.S. officials have expressed growing concern over cyber attacks, especially from China. The attacks have targeted not only Google and other Western companies but also the Pentagon.

Chip Gregson, assistant secretary of defense for Asian and Pacific affairs, said that in addition to their nuclear and space programs, the Chinese have undertaken an aggressive cyber assault that presents “an asymmetrical threat to our ways of doing business.”

The latest hacking effort follows urgent warnings that also have gone out through the North Atlantic Treaty Organization to protect all classified databases due to the recent surge of Chinese cyber attacks.

Last Friday, a U.S. report said that the number of cyber attacks on U.S. government agencies and Congress rose exponentially in the past year to an estimated 1.6 billon a month.

Only a few months ago, there were reports that a powerful cyber attack overwhelmed computers at U.S. government agencies and South Korean agencies for several days. The report said the attacks also targeted the White House, Pentagon and the New York Stock Exchange.

Tags: china hack, Chinese cyber attacks, Congress, cyber attacks, Defense Intelligence Agency, north korea hack, NYSE, Okinawa, Pentagon