SC Magazine

FEBRUARY 26, 2021

Building a security awareness training program to develop a strong infosec culture requires time and money, and chief information security officers frequently try to make a case for such an investment by citing return on investment and other metrics of success. . Christiaan Colen / CC BY-SA 2.0 ). But this just a start.

CISO 88

CISO Security Awareness Phishing InfoSec 88

Security Boulevard

JUNE 9, 2021

The post CISO Stories Podcast: No Insider Cybersecurity Risk? appeared first on Security Boulevard. What happens when an employee decides to leave the organization and start their own business – but with your Intellectual property or customer lists? . Guess Again!

CISO 99

CISO Risk Cybersecurity Security Awareness 99

Security Boulevard

JUNE 24, 2022

A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”. The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.

InfoSec 131

InfoSec Security Awareness Risk Government 131

Notice Bored

AUGUST 7, 2020

Aside from those that are literally unworkable and unenforceable, an unenforced policy can be a liability, a risk at least. In a disciplinary situation, management's failure to enforce compliance with any policy (by themselves or others) might be a viable defence for a worker accused of policy noncompliance.

Government 52

Government InfoSec Information Security Accountability 52

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable. Security monitoring and management (e.g.

IoT 63

IoT InfoSec Risk Security Awareness 63

Spinone

SEPTEMBER 8, 2020

Perhaps, KnowBe4’s best-known course is Kevin Mitnick’s security awareness training , which helps your colleagues to learn about spam, phishing, ransomware, and ways to protect your data against these threats. Apart from that, you can test your employees using a simulated phishing awareness campaign.

Phishing 52

Phishing InfoSec Social Engineering Backups 52

SecureWorld News

FEBRUARY 15, 2021

"We want to understand that average person, and the average InfoSec professional and what they are experiencing," says Gretel Egan Sr. Security Awareness Training Strategist at Proofpoint. Security Awareness Finding #1: training programs need improving. Security Awareness Finding #2: what phishing attacks lead to.

Phishing 70

Phishing Security Awareness Ransomware InfoSec 70

Notice Bored

JULY 21, 2022

The customer is apparently seeking guidance on integrating infosec into the development process, which begs the question "Which development process?". Reducing the problem to its fundamentals, there is a desire to end up with software/systems that are 'adequately secure', meaning no unacceptable information risks remain.

Software 72

Software Risk InfoSec Security Awareness 72

Security Boulevard

AUGUST 26, 2021

enroll in credit monitoring, credit freeze, use 2FA, change passwords), infosec people typically have different questions. The post If You Don’t Need Data, Don’t Keep It appeared first on Security Boulevard. While many articles have focused on what consumers should do if they were a victim of the breach (e.g.,

InfoSec 98

InfoSec Mobile Passwords Data breaches 98

SecureWorld News

MARCH 17, 2022

Key takeaway #2: Collaborative platforms are at heightened risk for security breaches due to WFH. Key takeaway #3: Social engineering is the most powerful attack vector against InfoSec protocols. Social engineering, as it's called, has always been the most powerful part of InfoSec, or the lack of InfoSec, in any organization.".

InfoSec 74

InfoSec Social Engineering Phishing Cybercrime 74

Security Boulevard

MAY 30, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. Mário João Fernandes, born and raised in Mozambique, has been working in the banking sector for 29 years and has been fulfilling dedicated security roles in the cybersecurity space for over 11 years.

CISO 105

CISO InfoSec Banking Cybersecurity 105

Notice Bored

JULY 4, 2022

I feel more confident about the underlying generic principles of risk, compliance, conformity, obligations, accountabilities, assurance and controls though, and have the breadth of work and life experience to appreciate the next point. The mind map is a brief glimpse of the landscape, as I see it. All requirements?! Documented! Maintained!

Risk 72

Risk Accountability InfoSec CISO 72

SecureWorld News

OCTOBER 19, 2023

Increased risk of cyberattacks The rising cost of living can lead to an increase in cybercrime, as people become more desperate to make money. Economic effects, including inflationary pressures, have had a broad impact across the InfoSec landscape," Smeaton said. Investing in security awareness training has a bottom line impact.

Cybersecurity 77

Cybersecurity CISO Education Phishing 77

Notice Bored

AUGUST 18, 2020

Some time back I bumped into a handy management guide on information risk - a double-sided leaflet from the I nformation A ssurance A dvisory C ouncil. Regulation and Legislation - outlines directors' compliance responsibilities relating to information risk and security, privacy etc.

Risk 85

Risk Security Awareness Government Information Security 85

The Falcon's View

AUGUST 29, 2017

The focus of the boot camp was around "behavior design," which was suggested to me by a friend who's a leading expert in modern, progress security awareness program management. I concluded that maybe this sub-field would be called something like "behavioral security" and started doing searches on the topic.

Information Security 45

Information Security InfoSec Social Engineering Security Awareness 45

The Falcon's View

AUGUST 6, 2018

As such, when you think about everything, be it basic security hygiene, information risk management, or even behavioral infosec, you must first consider how it fits with org culture. For more on my thoughts around org culture, please see my post "Quit Talking About "Security Culture" - Fix Org Culture!". Risk Management.

InfoSec 40

InfoSec Risk Architecture Security Awareness 40

Herjavec Group

MAY 19, 2022

No matter how many firewalls or network controls you have in place, the risk of insider threat will always be present. So it should go without saying that enterprise security programs should be built with this in mind ! Conduct regular network penetration tests to identify flaws and vulnerabilities in your corporate networks.

Penetration Testing 98

Penetration Testing Social Engineering Cybercrime InfoSec 98

BH Consulting

MAY 23, 2023

Repetition can lead people to over-disclose information, that could then put them at risk of identity theft and cybercrime. This knowledge could also help security professionals with developing or updating security awareness programmes. MORE Threat Prompt newsletter covers the intersection between AI and infosec.

Artificial Intelligence 52

Artificial Intelligence Identity Theft Social Engineering InfoSec 52

Security Boulevard

JUNE 22, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. Piotr Stecz has been working in Adamed Pharma for 18 years in various IT and Security roles. What is the biggest challenge security […].

CISO 59

CISO InfoSec Phishing Security Awareness 59

Security Boulevard

MAY 20, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. Dmitriy Sokolovskiy has been working in the cybersecurity space for over 14 years in dedicated security roles, in addition to 9 more years working in various IT areas.

CISO 59

CISO Technology InfoSec Information Security 59

Security Boulevard

MAY 4, 2021

CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights. She held Audit and Security leadership roles in leading European companies. In 2014 she founded WITSEC, a professional group of women working in IT and Information Security […].

CISO 52

CISO InfoSec Information Security Cybersecurity 52

SC Magazine

FEBRUARY 18, 2021

Understanding the detection difficulty helps phishing awareness training implementers in two primary ways,” said Jody Jacobs, infosec specialist at NIST, in a session held last Tuesday at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)’s 51’s General Meeting. their organization faces.”.

Phishing 114

Phishing Mobile Security Awareness Media 114

SecureWorld News

MAY 16, 2023

Brennan is speaking at SecureWorld Chicago on June 8, tackling the topic of "I Can See Clearly Now, the Threats Are Gone: The State of InfoSec and Threat Intelligence Today." Botts is Director of the Global Cyber Security Program at University of St. He, too, is speaking on a panel at SecureWorld Houston on May 18.

Cybersecurity 79

Cybersecurity Insurance Cyber Risk CISO 79

SecureList

DECEMBER 11, 2023

In Europe, efforts are underway to craft the EU AI Act , which introduces a risk-based approach for classification of AI systems. Cybersecurity risks and vulnerabilities As any other technological advancement, along with exciting opportunities, generative AI brings new risks into the equation.

Cybersecurity 113

Cybersecurity Artificial Intelligence Technology Risk 113

Security Boulevard

SEPTEMBER 23, 2021

All organizations must have security awareness training programs to teach basics to end users. The post CISO Stories Podcast: Fiscally Responsible Ways to Train and Build Community appeared first on Security Boulevard. Similarly, the technical teams need to be exposed to flexible training that is interesting to them.

CISO 52

CISO Security Awareness InfoSec Risk 52

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics 126

Computers and Electronics Technology Education Information Security 126

The Falcon's View

OCTOBER 31, 2017

Most security awareness programs and practices are horrible BS. After all, awareness budgets are tiny, the people running these programs tend to be poorly trained and uneducated, and in general there's a ton of misunderstanding about the point of these programs (besides checking boxes). Awareness as Communication.

Security Awareness 40

Security Awareness InfoSec Education Passwords 40

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords 129

Passwords Password Management CISO InfoSec 129

Security Boulevard

JULY 5, 2021

It was a master class in social engineering, one that put an organization’s security posture at risk. Social engineering attacks like phishing take advantage of an employee’s awareness of. The post Reaction to Social Engineering Indicative of Cybersecurity Culture appeared first on Security Boulevard.

Social Engineering 137

Social Engineering Engineering Cybersecurity Phishing 137

Notice Bored

APRIL 23, 2021

It's a nice example of the value of security awareness. Less than ten bucks from Amazon in hardback, I see today. Even at full price, this book is a bargain, well worth t: now it's a steal! Grab it while it's hot!

Security Awareness 60

Security Awareness InfoSec Risk 60

Herjavec Group

JULY 20, 2021

Every month one of HG’s experts will provide advice and insights based on their extensive experience in the infosec industry. Enhance security awareness training for personnel and ensure a primary focus is on how to detect and report possible “phishing” attacks that could deliver different forms of malware including ransomware. .

Ransomware 59

Ransomware Malware Backups Insurance 59

Notice Bored

AUGUST 23, 2020

on security awareness which is already in the plan anyway: maybe we should mention A.7.2.2 Ben Woelk, program manager for the Information Security Office at Rochester Institute of Technology, has published a detailed ISO comms plan - 16 pages laying out all the things they planned to communicate as part of their ISMS.

Information Security 52

Information Security Security Awareness Security Performance Risk 52

Security Boulevard

MARCH 18, 2024

The post Zero-Trust Network Access: Why so Many Teams Get it Wrong appeared first on Security Boulevard. Zero-trust encompasses a variety of technologies, from strong identity systems to microsegmentation. Why are so many organizations getting it wrong?

Technology 78

Technology Data privacy Security Awareness InfoSec 78

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

Security Boulevard

JUNE 18, 2021

The post The Business Value of the Social-Engineer Phishing Service appeared first on Security Boulevard. Phishing attacks continue to plague organizations across the globe with great success, but why? Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an.

Social Engineering 102

Social Engineering Engineering Phishing Penetration Testing 102

Notice Bored

MAY 14, 2022

The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? That's 'obvious' from my perspective as an experienced information risk and security professional, anyway.

Information Security 116

Information Security Risk Healthcare Government 116