People have been asking how many different mailing newsletter I produce. Here’s a link to page that lists the IT Security Lists I produce, with subscribe links: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e68cb005cc&e=20056c7556
Subscribe to any you are interested in.
Regards
Paul
* Trillium Mutual Launches Data Breach and Cyber Coverage for Agriculture and Commercial Lines
* European Commission presents EU-US Privacy Shield
* CISOs Still Frozen Out of the Boardroom
* Sweden no longer on high terror threat alert
* A major red flag about security could threaten the entire IoT
* Is your Security Awareness Program Culturally Sensitive? (And does it matter?)
Trillium Mutual Launches Data Breach and Cyber Coverage for Agriculture and Commercial Lines
March 3, 2016, LISTOWEL ON, – Trillium Mutual Insurance Company is pleased to announce that it has partnered with The Boiler Inspection and Insurance Company of Canada (HSB BI&I) to launch two new products designed specifically for small to medium sized commercial and agricultural operations.
Data Compromise Coverage helps businesses notify and assist affected individuals following a breach of personally identifying information.
This coverage provides indemnity for first party expenses as well as third party costs of defence, settlement and judgement.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ebdf685d52&e=20056c7556
European Commission presents EU-US Privacy Shield
The European Commission – the executive body of the European Union – issued the legal texts that will put in place the EU-US Privacy Shield, a new framework for protecting the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.
The new framework reflects the requirements set by the European Court of Justice in its ruling from 6 October 2015.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2769c02902&e=20056c7556
CISOs Still Frozen Out of the Boardroom
According to a study by ISACA and RSA Conference, 82% of cybersecurity and information security professionals polled in the survey report that their board of directors is concerned or very concerned about cybersecurity, but only one in seven (14%) CISOs reports to the CEO.
This gap between belief and actions at the highest levels of management is playing out in an environment where 74% of security professionals expect a cyber-attack in 2016 and 30% experience phishing attacks every day, according to the ISACA/RSA Conference State of Cybersecurity study.
“While there are signs that C-level executives increasingly understand the importance of cybersecurity, there are still opportunities for improvement,” said Jennifer Lawinski, editor-in-chief, RSA Conference. “The majority of CISOs still report to CIOs, which shows cybersecurity is viewed as a technical rather than business issue.
This survey highlights the discrepancy to provide an opportunity for growth for the infosec community in the future.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c0d090ca4e&e=20056c7556
Sweden no longer on high terror threat alert
Sweden’s Security Service said it had decided to move the country back down to a lower threat level after consulting with the country’s military and intelligence agencies.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=69607b02ae&e=20056c7556
A major red flag about security could threaten the entire IoT
AT&T’s Cybersecurity Insights Report, which included a survey of more than 5,000 enterprises worldwide, found that 85% of enterprises are in the process of or are planning to deploy IoT devices, but only 10% feel confident that they can secure those devices against hackers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b830f9ffd6&e=20056c7556
Is your Security Awareness Program Culturally Sensitive? (And does it matter?)
A security awareness program is probably the first line of defense against modern threats to IT systems and company data.
Although more and more advanced technical measures must always be in place to ensure the detection and, if possible, the prevention of intrusions, it is extremely important for businesses to make sure employees are aware of possible threats and of how some of their actions could result in severe vulnerabilities for their employer.
An organization’s security culture depends on the identification of proper ICT policies based on risk assessment and management, and in taking a holistic view that includes communicating and holding accountable everyone for procedures in place across the organization; it needs to ensure that all essential personnel are aware of how to avoid security-related incidents, as new threats and vulnerabilities, data breaches as well as attack patterns trends are always emerging.
It is important for everyone in the business to understand their roles and responsibilities in such situations that often require them to make good judgment decisions quickly.
They shall know what to do and what actions to take when a security incident does happen, but they should also be able to recognize signs that something is not right.
Therefore, investing in security awareness training is worth the time and money, as it mainly helps to do just that to reduce risk and prevent material losses.
All users can become human-centric controls for an effective defense thanks to consistent “security awareness training (SAT),” which can be achieved through both formal and informal programs, that educate every staff members in the workplace to understand the ICT risks and make better security decisions.
Being culturally sensitive doesn’t mean simply translating content into the local language, but it means to recognize what issues are important to the groups targeted and on what issues or information could a possible intruder leverage to solicit information from employees.
In fact, for example, as spear phishing techniques become more advanced, and intruders become smarter in crafting realistic e-mails, they could exploit the eagerness of some employees to respond quickly to a customer inquiry or to comply immediately with a request from an official.
In some countries, privacy laws might be stricter, and a request for personal information would quickly flag a potential problem while in other nations, a request coming from a colleague even of the most sensitive nature would be honored without questions.
The study by the Center for Information Systems and Technology, Claremont Graduate University shows that “Increasing globalization trends and the decreasing costs of technologies and communication make global expansion a viable solution for many information technology (IT) organizations.
It is crucial for companies with multiple worldwide locations to take an intercultural perspective to address employee needs and attitudes towards information security (InfoSec) training programs and compliance with InfoSec best practices.
If cultural differences are well understood in advance, the organization can tailor its security training to increase comprehension and adoption by a global workforce.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e73e9146b9&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1435ce22ce)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)