Cyber Security Institute

Sunday, April 19, 2015

Newsalert - 2015 Apr 19

**INSIGHT: When it comes to threat detection and incident response, context matters** 
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected. 
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way. 
**Link:** [  ] (  ) 

The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.  - See more at:
45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. 
**Link:** [  ] (  ) 

**Use of multiple contractors could leave oil, gas operators open to hackers   Read more:  Follow us: @triblive on Twitter | triblive on Facebook** 
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh. 
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan. 
**Link:** [  ] (  ) 

**ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage** 
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. 
**Link:** [  ] (  ) 

**UN conference weighs efforts to combat cybercrime** 
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape. 
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America. 
**Link:** [  ] (  ) 

**Predictive Replaces Reactive Security at RSA 2015** 
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles. 
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market. 
**Link:** [  ] (  ) 

**Banks the target for hackers not customers, Europol chief Rob Wainwright says** 
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says. 
**Link:** [  ] (  )