[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Why Network Behavioural Analytics Should be a Critical Part of Your Security Strategy?
\nNetwork behavioural analysis \u2013 a systematic, architectural approach to network security \u2013 involves deep packet analysis to identify advanced persistent threats (APTs) and zero-day attacks.
\nSimilar analytical capabilities are used by the financial and banking sectors to spot fraudulent transactions and card activity.
\nFrom an IT perspective, the sophisticated cyber attacks that have plagued Apple, Facebook and Microsoft (with the goal of carrying out industrial espionage) have been detected through behavioural analytics.
\nRemember, a complex network is a type of self-organising system.
\nNetwork behavioural analysis uses a range of techniques to find unusual or altered network activities.
\nThese are often indicators of an advanced persistent threat.
\nBusinesses will never be able to stop every single hacker at the network perimeter, so it is essential to spot abnormal activities occurring on the network before they develop.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ca9c81d49a&e=20056c7556<\/p>\n
Most UK Workers Feel More Vulnerable to Data Hacks Than a Year Ago
\nAccording to new research from Citrix, the majority (71%) of respondents cited data theft as \u201cinevitable\u201d at some point.
\nAnd one in three (33%) 16 to 25-year-olds feel much more vulnerable to hacks, compared with just 15% of over-55s.
\nWhile workers clearly feel more at risk of personal data theft than ever before, it seems their approaches to combating this threat are outdated: Two in three respondents (68%) cited physical documentation as a risk and chose shredding as a preferred means of disposing of information, almost a third (30%) of respondents are still reliant on USB memory sticks to back-up important data and just nine percent use the cloud.
\n\u201cWhile workers clearly accept their data is at risk, many are still reliant on dated practices\u2014such as using USB sticks and shredding paper documents\u2014to store and protect their information, when more advanced and robust measures are available,\u201d Mayers said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ca79e56365&e=20056c7556<\/p>\n
New Calif. law mandates warrants for access to private communications
\nThe new law, backed by a number of tech companies and civil liberties groups, requires a judge to approve such access to a person\u2019s private information, including data from personal electronic devices, email, digital documents, text messages and location information.
\nCalifornia Electronic Privacy Act (CalECPA, SB 178) was passed in September by the state assembly after the senate passed it in June.
\nThe bill was co-sponsored by the American Civil Liberties Union of California, Electronic Frontier Foundation and California Newspaper Publishers Association.
\nWhile providing some exceptions for law enforcement in emergencies or for other public safety requirements, the law also prohibits access to electronic device information by means of physical interaction or electronic communication with the device, except with the specific consent of the authorized possessor of the device, or through other relevant provisions such as a warrant.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b906e0ad2b&e=20056c7556<\/p>\n
Joint Partnership Bolsters Cybersecurity in Indiana; State, Purdue and Intel Team Up for Security Operations Center
\nWEST LAFAYETTE, Ind.–(BUSINESS WIRE)–Today, Lt.
\nGov.
\nSue Ellspermann, who chairs the Indiana Counterterrorism and Security Council, joined Purdue University Chief Information Officer Gerry McCartney and Intel Vice President Rick Echevarria to announce the opening of the state of Indiana Security Operations Center (SOC) near the Purdue campus.
\nThe SOC is a project of the new Indiana Information Sharing and Analysis Center (IN-ISAC) \u2013 a joint mission of the Indiana Office of Technology, Indiana Department of Homeland Security, Indiana National Guard, Indiana State Police, Purdue University, Intel Security and other private sector partners.
\nAt the outset, the IN-ISAC is focusing on serving Indiana state government and Purdue University through the sharing of threat information and collaboration on strategies.
\nIt provides real-time network monitoring, vulnerability identification and threat warnings of state government computer systems.
\nLocated in Purdue Research Park, the SOC is staffed by a combination of state employees and Purdue students who monitor security incidents across the state of Indiana\u2019s computer network.
\nThe students are employed as part of the Purdue Pathmaker Internship Program, which provides career-relevant internships to students on or near campus.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1a604a26e9&e=20056c7556<\/p>\n
How to hack-proof your cloud with native AWS tools
\nOn Wednesday, CloudCheckr CTO and founder Aaron Newman presented a breakout session at the 2015 Amazon AWS re:Invent conference detailing some of the ways that AWS users could secure what they have on the platform, using native AWS capabilities.
\nIf you use the AWS platform then, by definition, you share responsibility for security with AWS.
\nAs a customer, you are in charge of security for your applications and content, network security, inventory and configuration, data security, and access control.
\nAWS is responsible for securing its core products and infrastructure.
\nSo, how do you assess your perimeter security in this new landscape.
\nLeverage the AWS API.
\nSince we are building out security on the AWS API, it’s a good idea to monitor the API itself.
\nAWS CloudTrail records each time your API is called and supports most AWS services.
\nNewman said it’s “like the video camera in your data center.” The problem is, most people don’t turn it on in the beginning.
\nNewman recommends turning it on in every region and setting alerts for any time it could be disabled.
\nAnother good monitoring tool is the VPC flow logs, which record each time packets enter or leave a VPC.
\nIt’s the “metadata about who’s talking to who,” Newman said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ae2522dc1b&e=20056c7556<\/p>\n
The result: 789 of the 3,125 employees baited — or 25 percent — clicked on a phony link in the “phishing” email, according to an IG audit publicly released Wednesday. Most of the would-be victims were administration personnel and operations workers.
\nThis May, the USPS Office of Inspector General sent bogus emails to a sample population of agency employees as a way of evaluating compliance with incident reporting policies.
\nAfter clicking on a test email or even just receiving one, almost nobody (7 percent) reported the incident to the USPS Computer Incident Response Team, as required.
\nUSPS officials said the evaluation took place right at the start of a new cybersecurity training course, adding that the 25 percent click rate is comparable to industry benchmarks for organizations just beginning their training.
\nThe new course focuses on how to identify phishing traps, officials said.
\nAbout 18 percent of federal IT professionals ranked phishing among the primary security threats affecting their agencies, while negligent insiders were the most pervasive hazard, garnering 44 percent of votes, according to an Oct.1 Ponemon Institute study.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e1313e94b5&e=20056c7556<\/p>\n
IP Expo Europe: The way you buy threat intelligence will change, says BAE Systems
\nBAE Systems has made a series of bold predictions about the future of threat intelligence.
\nRussell Kempley, BAE’s head of technical services for the EMEA region, gave a talk today at IPExpo, titled “The Future of Threat intelligence: how you ingest, analyse and act on threat intelligence?”
\nKempley predicts that the future will see a split forming in how organisations and companies use threat intelligence.
\nSome will not have the need for round-the-clock comprehensive access to threat intelligence; those who think it’s not core to their business, says Kempley, will get their threat intelligence indirectly through vendors.
\nThe advantage of this is, of course, that the vendor can share intelligence across their customer base.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0aeacc8ab5&e=20056c7556<\/p>\n
Comparing Different Tools for Threat Sharing
\nI took a look at two tools for the sharing of threat intelligence data: MISP and IBM\u2019s X-Force Exchange.
\nAlthough both tools aim to achieve the same result \u2014 sharing data \u2014 they use different approaches to achieve that goal.
\nMISP, the Malware Information Sharing Platform, needs to be installed on a server in your infrastructure.
\nYou need a Web server, database and PHP support with a couple of modules.
\nAll of the data is stored on your premises and is under your control.
\nThe hardening of the server, securing the access and communication and foreseeing backups and redundancy are your responsibility.
\nObviously, you fully control what happens with the data.
\nOn the other hand, IBM\u2019s X-Force Exchange is a cloud-based platform.
\nYou need an IBM ID to get full access to the available threat data (anonymous access is also possible but with restrictive usage) and only a browser to get started; there\u2019s no need for installing extra software.
\nAll the data is stored in the cloud, so you do not have to worry about backups or redundancy.
\nMISP is very strong when it comes to building a central indicators of compromise database containing both technical and nontechnical information.
\nMeanwhile, the Web version of X-Force Exchange provides a much slicker interface for viewing trends and ongoing threat activity, giving you an immediate view on what\u2019s happening.
\nThe different tools available for sharing threat intelligence do not exclude each other.
\nIt\u2019s perfectly normal to acquire both on-premises and cloud-based solutions and then choose, depending on the type of threat information you are dealing with, where to store the information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=81b1acbb1f&e=20056c7556<\/p>\n
The politics of APT reports
\nJuan Andr\u00e9s Guerrero-Saade made the argument in a recently-released paper, which he talked about last week at the Virus Bulletin conference in Prague.
\nGuerrero-Saade believes the race to issue malware discoveries has become part of vendors\u2019 marketing campaigns, and there is truth to that.
\nSometimes the purpose of issuing a report is to show a vendor, or individual security researcher, is a leader.
\nThat doesn\u2019t negate the significance of the find.
\nBut Guerrero-Saade\u2019s point is attribution has to be more carefully analyzed.
\nIn fact one point he makes is that PR and marketing departments should be pulled out of the loop when it comes time to decide what should be in a report and when it should be released.
\nAn example of his concern, Guerrero-Saade told SecurityWeek in an interview, is that threat actors can plant false evidence to throw investigators off track, like including code with strings in Russian and Romanian.
\nA good CISO, of course, cares less about where a threat has come from than for actionable intelligence.
\nBut more ruthless scrutiny before threat reports are issued will help improve their usefulness.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7e4d27e9e3&e=20056c7556<\/p>\n
Three Questions to Answer Before You Set Up a Security Operations Center
\nSecurity expert G.
\nMark Hardy, president of the National Security Corporation, suggested that there are at least three questions you should answer before you set up a security operations center.
\nThey are:
\n– Will management make a long-term commitment to support the SOC?
\n– Which systems and networks should you put under the legal purview of the SOC?
\n– What authority does the SOC have to take action in the event of a security incident?
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d3e85dfaaa&e=20056c7556<\/p>\n
What\u2019s in a Boarding Pass Barcode? A Lot
\nThe next time you\u2019re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead.
\nTwo-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
\n\u201cI found a website that could decode the data and instantly had lots of info about his trip,\u201d Cory said, showing this author step-by-step exactly how he was able to find this information. \u2018
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b827143898&e=20056c7556<\/p>\n
Five criteria for purchasing Web fraud detection systems
\nSome Web fraud detection vendors focus specifically on the banking\/financial services industry or e-commerce, whereas others offer products that claim to tackle nearly any type of sector that maintains online accounts and conducts transactions.
\nIn its Market Guide for Online Fraud Detection (revised on July 21, 2015) and previous publications, Gartner highly recommends using multiple fraud prevention layers designed to help prevent or stop further damage from Internet-based malware attacks.
\nThe most significant layers involve endpoints (Layer 1), navigation (Layer 2) and users or entities (Layer 3).
\nAccording to Gartner’s layering scheme, an endpoint product analyzes computer, mobile device or telephony device characteristics, such as recent login data, and provides validation of a user’s account privileges.
\nA navigation system analyzes session navigation for anomalies.
\nA user- or entity-centric product compares transactions to the “norm” for that user or entity, for a specific channel such as e-commerce.
\nMany Web fraud detection systems provide protection for all three layers; others focus on only one layer.
\nIt’s possible to get complete coverage from various products, but it makes sense to look for a product that provides protection at all three layers.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cb07f82930&e=20056c7556<\/p>\n
A Call for Open Cybersecurity Middleware
\nSwisscom proposing a standard abstraction layer for integration and more rapid incident detection and response.
\nJungo described Swisscom\u2019s cybersecurity strategy which is anchored by a \u201cnerve center\u201d (based upon Splunk) that centralizes all security data \u2013 network data, endpoint forensics, application logs, identity and access management, threat intelligence, etc.
\nChristof mentioned that this process has helped Swisscom accelerate threat detection.
\nTo move beyond this cybersecurity bottleneck, Swisscom is championing an intriguing idea: Open security middleware through an abstraction layer, which Christof calls the collaborative security model.
\nThis middleware has a worthwhile objective as it is designed to accelerate the ability to operationalize security data analytics.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3fb7103cab&e=20056c7556<\/p>\n
The CISO role rises: How is it working out?
\nMany organizations have elevated the visibility of a dedicated chief information security function but the battle for top talent remains challenging.
\nSome companies are hiring fulltime CISOs for the first time.
\nOthers are revisiting reporting structures and shoring up their ranks with CISOs who can attract talent.
\nIf the CISO is really just a guy who manages the firewalls, then that’s a different situation, according to Rice. “If you have a grownup CISO, who is part of the business and sees his job as risk manager and is part of that solution for a company, with knowledge of regulatory and law and all these data standards, and he contributes to the conversation with the chief legal counsel and chief risk officer at the company \u2026 then that person is probably going to end up not reporting to the CIO in a large organization,” he says. “The reason for that is the board of directors and all the collateral that they are getting — magazines and things like that — ask if the [CISO] role should evolve into an autonomous role.”
\nAlong with the expanding role, CISOs at mature organizations require business acumen and new skill sets, according to Christiansen. “They need to go into a board meeting and articulate the risks that they are seeing and explain it to all the other people who are reporting to the board, which means they have to change their language, they have to change their presentation style, and they have to be good public speakers.”
\nReporting channels that bypass the CIO and go directly to the board of directors and other C-level executives often result in higher compensation, according to a 2013 salary benchmark report conducted by the Ponemon Institute.
\nThat same study indicated that more than 80% of CISOs still reported to CIOs.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bb8b37a52f&e=20056c7556<\/p>\n
When it comes to breaches, time is the biggest challenge
\nA new SANS report includes results of a survey that polled 430 security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees.
\n55 percent of respondents were dissatisfied with the length of time it takes them to contain and recover from attacks.
\n\u201cMost respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get.
\nIf our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly.\u201d
\nAccording to the survey, 59 percent of organizations are able to contain attacks within 24 hours, leaving many open to prolonged and increased damages as attacks spread laterally through data centers and clouds.
\nContainment times reported by respondents included:
\nTraditional tools not stopping breaches
\nSecurity losing ground in cloud, distributed computing game
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cfa169d56f&e=20056c7556<\/p>\n
Why ATM Fraud Will Continue to Grow
\nA new report from the European ATM Security Team shows that global ATM fraud losses increased 18 percent to \u20ac156 million (U.S. $177.5 million) in the first half of this year, compared to the same period a year ago.
\nEAST attributes much of that increase to an 18 percent rise in global card-skimming losses, which account for \u20ac131 million (U.S. $149 million) of that total.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6fe4446b6e&e=20056c7556<\/p>\n
Microsoft is ready to save your PC from huge ransomware infection
\nTeslaCrypt doesn\u2019t mean anything to many PC users, but there are thousands of people who have somehow contracted this infectious malware program that imprisons personal files on a computer until a monetary reward is paid.
\nThere already are tools that can deal with certain versions of this dangerous ransomware program, but Microsoft decided to step in, creating its own rescue tool.
\nThe tool was included in the Patch Tuesday update this week.
\nThe company created the malware-removal instrument in response to a spike in malware installations detected in August.
\nAs ZDNet reports, TeslaCrypt infections grew from below 1,000 per day in late August to over 3,500 on August 25.
\nSince then, the number of detections spiked and fell but remained higher than before that first peak, the company noted.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6b9537639c&e=20056c7556<\/p>\n
MasterCard Launches Safety Net to Protect Against Cyber Hacking of Banks and Processors in Europe
\nThe FINANCIAL — MasterCard on October 14 announced the launch of Safety Net in Europe.
\nSafety Net is a global tool that reduces the impact of cyber hacking of banks and processors.
\nIt is designed to use the power of MasterCard\u2019s global network, to identify unusual behavior and potential attacks \u2013 often, even before the bank or processor is even aware.
\nAjay Bhalla, Enterprise Security Solutions President for MasterCard said, \u201cSafety Net is the latest in a strong line up of network level defenses available to issuers in their fight against major cyberattacks.
\nWith Safety Net, we are screening billions of transactions twenty four hours a day, seven days a week, protecting our issuers against events like a cash out attacks and misuse of payment accounts.\u201d
\nSafety Net is an external layer of security complementing the issuing banks\u2019 own tools and defenses.
\nBy using sophisticated algorithms and by monitoring different channels and geographies to provide the most appropriate level of support for each market and partner business, Safety Net adds a new level of protection into the payment system without any disruptions to the network.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f412dada27&e=20056c7556<\/p>\n
U.S., U.K. Law Enforcement Takes Down Dridex Botnet
\nThe Dridex banking botnet, also known as Bugat or Cridex, takes a major hit after authorities take action.
\nThe botnet stole at least $10 million from victims.
\nThe Dridex botnet is somewhat diminished today, following a coordinated U.S. and U.K. effort to disrupt the global banking malware threat.
\nThe Dridex botnet, also known as Bugat and Cridex, has pilfered millions of dollars from unsuspecting victims.
\nThough U.S. and U.K. authorities have taken legal aim at Dridex, Kessem said the banking botnet may not be done, yet. “While other botnets do see their operations end with a law-enforcement takedown, I’m not sure this is the last we’ll hear from the Dridex gang,” Kessem said. “We’re closely monitoring for its resurrection.
\nThe next few weeks will be telling of the potential future of this Bugat-derived menace.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=788c35de30&e=20056c7556<\/p>\n
SEC Announces Second Wave of Cyber Exams of Broker Dealers and Advisors \u2013 Is Your Firm Ready?
\nIn April 2014, the Securities and Exchange Commission\u2019s (\u201cSEC\u201d) Office of Compliance Inspections and Examinations (\u201cOCIE\u201d) issued a Risk Alert announcing its first cybersecurity sweep initiative.[1] Pursuant to that initiative, the OCIE conducted an examination sweep of 57 registered broker-dealers and 49 registered investment advisors from a cross-section of the securities industry to assess their vulnerability to cyber-attacks.
\nOn February 3, 2015, the OCIE published a summary of the results of this examination sweep.[2] We previously published an update on that OCIE summary report on March 8, 2015.[3]
\nThe OCIE noted that the second round of examinations would emphasize testing aimed at assessing the implementation of firm cyber security procedures and controls.
\nThis focus is intended to build on the 2014 examination sweep and further assess the securities industry\u2019s cyber security preparedness and ability to protect broker-dealer customer and investment advisor client information.
\nThis emphasis is also occasioned by public reports about cyber security breaches arising from weaknesses in basic controls.
\nThe OCIE noted that this round of examinations will focus on the following areas:
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b62e1c03e7&e=20056c7556<\/p>\n
California Amends Data Breach Notification Statute by Requiring Specific Notification Content and Expanding the Definition of Personal Information
\nCalifornia\u2019s Data Breach Notification Statute was amended on October 6, 2015, by Governor Jerry Brown.
\nThe amendment, which takes effect on January 1, 2016, makes important changes to the existing law, including new requirements for security breach notification through the use of prescribed headings in the notification letter.
\nIn addition, the definition of \u201cpersonal information\u201d has been expanded, and there is a new definition of the word \u201cencrypted.\u201d This amendment applies to all persons and businesses that conduct business in California (Civil Code Section 1798.82) and to all California governmental agencies (California Civil Code Section 1798.29).
\nThe amendment requires that the notification shall now be titled \u201cNotice of Data Breach,\u201d and shall present information under the prescribed headings shown in the model form as set forth in the amendment (see below).
\nAdditional information may be provided as a supplement to the notice.
\nThe model security breach notification form, with the prescribed headings and written in plain English, shall be deemed to be in compliance.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3780352319&e=20056c7556<\/p>\n
Beware \u2018Starving\u2019 Cyber Risk Budgets, CFOs Warned
\nWith cyber risks looming ever larger, CFOs must avoid \u201cstarving\u201d information technology security budgets, the author of a recently released survey concerning cybersecurity and corporate governance warns.
\n\u201cWhen you start looking at why [a] company had a weak security program, it usually comes down to allocation of resources,\u201d says Jody Westby, the chief executive officer of Global Cyber Risk, a consulting firm. \u201cThe CFO should be very concerned, because often it\u2019s the security programs that have been starved for cash.\u201d
\nProblems with CIOs reporting to CFOs arise when cost-obsessed finance chiefs are prone to automatically nix every project. \u201cThen the security program can be starved, and it increases risk to the company.
\nBut if you have a CFO who really tries to understand the cyber risk and tries to insure there is adequate funding \u2014 within reason \u2014 then that is a very good person [for the CIO] to report to,\u201d she says. \u201cSo a lot depends on the mindset of the CFO.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=63f49383d3&e=20056c7556<\/p>\n
Asean members ready to share intelligence data to tackle militancy threats, says minister
\nBEIJING, Oct 16 \u2014 All 10 members of Asean have collectively stated their readiness to tackle the threats of the so-called IS militant group, including to share intelligence data, says Malaysian Defence Minister Datuk Seri Hishammuddin Hussein.
\nHishammuddin said this to reporters after the China-Asean (10+1) Defence Minister Unofficial Meeting that aimed at intensifying strategic ties and pragmatic cooperation between China and Asean here today.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=572579d445&e=20056c7556<\/p>\n
How boards calibrate strategy and risk
\nCorporate boards are deepening their involvement in company strategy and refining their oversight of the critical risks facing the company, according to a recent global survey from KPMG.
\nFifty-three percent of the directors and executives surveyed said their board has increased its involvement in the formulation of strategy alternatives, and 61 percent said the board has sharpened its focus on improving risk-related information. “Rather than an annual decision by management and the board, strategy is becoming an ongoing discussion, with continual assessment, evaluation, and adjustment as conditions change,” noted Whalen.
\nAmong the key findings:
\n– Boards continue to deepen their involvement in strategy
\n– Effectively linking strategy and risk continues to elude many boards.
\n– Better risk information and access to expertise are (still) top of mind.
\n– Cyber security may require deeper expertise, more attention from the full board, and potentially a new committee.
\n– Oversight of key strategic and operational risks could be more-effectively communicated among the board and its committees
\n– Respondents from Indonesia, Japan, Korea, and Singapore cited the greatest need for deeper board involvement in strategy.
\n– Directors and executives in India, Singapore, Switzerland, and UK, said they want to spend more time testing the ongoing validity of underlying assumptions.
\n– Financial services, insurance, health care, and communications\/media sector respondents are devoting notably more time to technology issues, including cyber risks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=22d3de00cb&e=20056c7556<\/p>\n
Europe Leads In Global Privacy — Announcing Forrester’s 2015 Data Privacy Heat Map
\nIn the age of the customer, defined by Forrester as a 20-year business cycle when successful enterprises will reinvent themselves as digital businesses in order to serve their increasingly powerful customers, protecting customer data is a critical aspect of fostering trust and building long-lasting relationships.
\nForrester\u2019s 2015 key findings include:
\n– The trend since 2012 continues: European countries are clear data privacy leaders.
\nForrester found that non-European countries are adopting similar provisions of Europe, most recently including Chile, South Africa and Thailand.-
\nConstitutional backing and government surveillance are key data privacy differentiators, as it\u2019s those countries with constitutional provisions that protect individuals\u2019 rights that enforce data privacy laws.
\nOn the other hand, governments with widely-known citizen surveillance, including recent highly-publicized activities in the US, are examples of those with lower ratings.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=adf070603a&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=5d2b8d974d)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Why Network Behavioural Analytics Should be a Critical Part of Your Security Strategy? Network behavioural analysis \u2013 a systematic, architectural approach to network security \u2013 involves deep packet…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1159","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1159"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1159\/revisions"}],"predecessor-version":[{"id":3646,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1159\/revisions\/3646"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}