[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* The Anatomy of a CISO: A breakdown of today\u2019s top security leaders
\n* Without information security processes, you are flying blind
\n* Malvertising Thrives in ‘Shady’ Parts of Highly-Automated Ad Networks
\n* Sneakier Cyber Attacks: Is Your Company Protected Against the Latest Threats?
\n* Should Ransomware Attacks Be Considered Breaches?
\n* DDoS attacks \u2013 Can hosting providers step up their game?
\n* The 5 Pillars Of Cybersecurity In Financial Services
\n* Ransomware Epidemic Prompts FBI Guidance
\n* Tennessee Amends Breach Notification Law to Cover Breaches of Encrypted Information
\n* Giving Customers Control: FCC Confronts Internet Service Providers with Privacy Rules
\n* NIST security standard to protect credit cards, health information
\n* Five Ways to Improve Security and Increase Collaboration
\n* Five Ways to Improve Security and Increase Collaboration
\n* PhishMe April Cybercrime Alert: Ransomware Attacks Expected to Increase
\n* A NIST guide tells enterprises how to secure email systems
\n* DISA Releases Update to DoD CIO\u2019s Cloud Security Guide for Service Providers
\n* Security, Cloud Computing Remain CIO Budget Priorities: Report
\n* What’s driving cyber spending in the federal market?<\/p>\n
The Anatomy of a CISO: A breakdown of today\u2019s top security leaders
\nWhat does the typical Fortune 100 CISO look like.
\nDigital Guardian researched the top security leaders at F100 companies to get a better idea \u2013 here\u2019s what they found.
\n[Fun infographic]
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1592614d59&e=20056c7556<\/p>\n
Without information security processes, you are flying blind
\nThe aim of the Security Analogies Project is to help spread the message of information security and its importance in the modern world.
\nBy drawing parallels between what people already know, or find interesting and how these relate to information security, the industry can increase understanding and support across the whole of society.
\nAs for me, I find that the world of aviation lends itself to many information security analogies.
\nWhile Rapp\u2019s analysis is written by a pilot for pilots, there is a lot in it that is highly relevant for IT and information security professionals.
\nParticularly around complacency and human error.
\nSo what does all this mean for information security.
\nThe ability to have a comprehensive set of information security processes can be of great benefit.
\nEnterprises may want to consider developing a catalog of security processes.
\nBy formalizing information security processes, some of the benefits that can be obtained include:
\nprocess improvement and optimization
\neasier continuity of operations in the event of turnover
\ncan reduce redundancy
\nability to audit security tasks
\nCreating a process framework doesn\u2019t mean simply writing a set of processes and then just dumping them on the corporate Intranet.
\nUltimately creating a security process catalog is about efficiencies.
\nThe worst thing you can do is make process formalization becoming the end-goal, rather than have it being the means to your effective information security program.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=689940b193&e=20056c7556<\/p>\n
Malvertising Thrives in ‘Shady’ Parts of Highly-Automated Ad Networks
\nFor two days in mid-March, visitors to major news and information sites\u2014such as the New York Times, Newsweek, The Hill and the Weather Network\u2014may have been redirected to Web servers that attempted to infect visitors’ systems with a variant of the Angler exploit kit and, ultimately, ransomware.
\nSo far, the impact of the attack is unknown, but a single antivirus vendor, Trend Micro, recorded 41,000 infection attempts among its users between March 12 and 14.
\nThe attack hit visitors to AOL, the BBC, NFL, The Hill, Newsweek, the New York Times, MSN, Realtor.com, The Weather Network and the Xfinity portal, according to Malwarebytes, an endpoint security firm.
\nAnother attack used ads on the site of a major British newspaper, The Daily Mail, to attempt to infect visitors the same week, but was likely part of a different campaign, the firm stated.
\nNorman Guadagno, chief evangelist for data-backup and security firm Carbonite and a former ad agency representative, also argued that the complexity makes malvertising a tough problem to solve.
\nEvery day, advertising networks deliver some 314 billion ad impressions to Website visitors, according to Guadagno, citing numbers from the Goodway Group, an online marketer.
\nIn a recent study of one malvertising campaign, Malwarebytes found that attackers used targeted ads to focus on certain segments of the consumer marketplace and have started adding code to their ad banners that fingerprint the targeted computer, determining its operating system, browser and what security software it may be running, according to the firm.
\nMalvertising underscores the security problems in the advertising ecosystem posed by the inconsistent vetting of third-party content suppliers.
\nWhile users are the ultimate victims, there is very little they can do to force publishers and advertising networks to insure that their content is non-malicious.
\nHowever, users can harden their systems and treat with suspicion any odd Website behavior, Trend Micro’s Budd said.
\nEndpoint security software\u2014whether an antimalware program, a network-based service such as OpenDNS, or an application firewall such as Little Snitch\u2014can help catch malvertising before it infects a system.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8e8398226b&e=20056c7556<\/p>\n
Sneakier Cyber Attacks: Is Your Company Protected Against the Latest Threats?
\nWe asked Sri Sridharan, managing director and chief operating officer of the Florida Center for Cybersecurity\u2014a shared resource for research, education and outreach\u2014to share his insights into the newest breeds of threats and best practices for protecting valuable business resources.
\nSridharan says hackers and cybercriminals are becoming increasingly sophisticated in their approaches to penetrating systems, and that experts from the center are tracking many emerging threats.
\nThe first is jailbreaking the cloud.
\nThe surge in cloud storage use is making the cloud an obvious and hugely appealing target for cybercriminals.
\nSecond, Sridharan says he\u2019s also starting to see more ransomware attacks.
\nA third trend is more sophisticated types of phishing, such as targeted \u201cspear fishing\u201d emails that appear to come from a known individual.
\nA fourth trend is headless worms, which feature malicious code that targets \u201cheadless\u201d devices such as smartwatches, smartphones, fitness trackers and medical devices.
\nThe fifth trend is ghostware and blastware, both new forms of malware.
\nGhostware penetrates a system, steals information and then erases any tracks.
\nBlastware is designed to automatically destroy or disable a system if detected, and it can destroy critical infrastructure.
\nDo vulnerability testing.
\nHave a qualified, independent third party do a vulnerability assessment and penetration testing.
\nSridharan explains that an assessment will generate a checklist that will be prioritized based on the how damaging the vulnerability is.
\nSmall- to medium-sized businesses are especially vulnerable to cybercrime because there isn\u2019t enough talent to go around.
\nAnd recruiting and retaining dedicated security staff is expensive.
\nSridharan says the skills gap is one reason many businesses are turning to managed cloud service providers, or CSPs. \u201cCSPs invest a lot of money to stay up to date on cybersecurity.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b32531ba87&e=20056c7556<\/p>\n
Should Ransomware Attacks Be Considered Breaches?
\nAs healthcare organizations increasingly face ransomware attacks that denies them access to their data, are these incidents breaches that they must report to the HHS Office for Civil Rights?
\nThat\u2019s a question that federal regulators and healthcare industry stakeholders must start answering, says David Holtzman, vice president of compliance strategies and security firm CynergisTek and a former OCR official.
\nDavid Harlow, principal at The Harlow Group, a healthcare law and consulting firm, agrees that ransomware attacks could be seen as a non-reportable event.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1598e552f2&e=20056c7556<\/p>\n
DDoS attacks \u2013 Can hosting providers step up their game?
\nWith the internet having reached its mid-20s, it\u2019s about time for some maturity to enter the arena when it comes to solving this problem.
\nWhile we may never be able to fully attribute the blame for why DDoS still causes millions in damage every year, we do need to question the role that service providers have in mitigating the threat.
\nThe responsibility in many cases lies with hosting providers and ISPs \u2013 something I explain to consultants with a simple analogy:
\nThe responsibility in many cases lies with hosting providers and ISPs
\nIf a hosting provider isn\u2019t providing effective DDoS mitigation as a part of its service offering they may send useless and potentially harmful traffic across their customers\u2019 networks.
\nIf folks refuse to pay the water company for contaminated water, why are so many companies paying for a similar situation with their hosting and service providers?
\nIf purpose-built technology is laid out at ISPs\u2019 peering points, DDoS traffic is halted before it can enter their networks.
\nThis is effectively shutting the door on the DDoS traffic, while leaving a window open for the legitimate user traffic to still get in.
\nFor security staff and service administrators, this means no more calls in the middle of the night, no more downtime and most importantly, no more victims of DDoS attacks.
\nA case in point is SdV Plurim\u00e9dia, a French hosting provider.
\nIt handles huge amounts of traffic and, like any other hosting provider, experiences DDoS attacks at speeds capable of derailing their networks.
\nSdV Plurim\u00e9dia guarantees customers 24\/7 operability; a risky promise if DDoS attacks are a persistent concern.
\nIf you opt for a company that does offer security as a service, you\u2019ll be saved a lot of the expensive call-outs, downtime and loss of customers that tend to go hand in hand with the DDoS attacks which negligent providers allow to run their course.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=709d558953&e=20056c7556<\/p>\n
The 5 Pillars Of Cybersecurity In Financial Services
\nWe\u2019ve found financial services to be one of the best performing sectors in terms of cybersecurity.
\nPillar #1: You have to meet the expectations of regulations (and beyond).
\nPillar #2: You must have vigilance in your cybersecurity execution.
\nPillar #3: You must excel at detection and recovery.
\nPillar #4: You need to manage risk in the third-party ecosystem.
\nPillar #5: You should consider information sharing.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0df9fb9be2&e=20056c7556<\/p>\n
Ransomware Epidemic Prompts FBI Guidance
\nThe FBI offered new guidance about mitigating the risks of ransomware in a podcast last week.
\nIt noted that ransomware is evolving, increasingly targeting businesses rather than consumers.
\nAnd it warned against paying ransoms.
\nIn addition to the guidance, the FBI also issued an alert about a new type of ransomware known as MSIL\/Samas, which encrypts entire networks, rather than data linked to one computer, according to Reuters.
\nAnd Kellermann says some endpoint security solutions can prove helpful in preventing malware infections. “But backing up drives daily and better URL filtering is tantamount to success in preventing an infection,” he says.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a4442331f7&e=20056c7556<\/p>\n
Tennessee Amends Breach Notification Law to Cover Breaches of Encrypted Information
\nLast week, Tennessee Governor Bill Haslam (R) signed S.B. 2005 into law, amending Tennessee\u2019s breach notification law to broaden the scope of information covered and require quicker notifications of the state\u2019s residents.
\nMost notably, when the amendments enter into force on July 1, 2016, Tennessee will become the only U.S. state that could require notification of affected individuals following breaches of encrypted information.
\nThe amendments will also require businesses to notify Tennessee residents within 45 days after the business discovers the breach.
\nTennessee also joins a growing trend of states that have recently amended their breach notification laws to establish explicit deadlines for notifying affected state residents.
\nWhile the 45-day deadline implemented by S.B. 2005 mirrors requirements found in several other states, these amendments go further than many other states by not including any language that extends this 45-day deadline if necessary to investigate a breach or restore the security of the breached system.
\nThe only circumstances under which the deadline can be extended is if law enforcement decides that providing notifications will impede a criminal investigation.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a9b6c5fc5d&e=20056c7556<\/p>\n
Giving Customers Control: FCC Confronts Internet Service Providers with Privacy Rules
\nThe Federal Communications Commission (\u201cFCC\u201d) voted yesterday to propose new privacy rules for broadband Internet Service Providers (\u201cISPs\u201d) a mere three weeks after Chairman Tom Wheeler proposed them.
\nThe proposed privacy rules, which are intended to give customers more control over their personal data, will now be released for public comment.
\nCurrently, no enforceable privacy rules exist for broadband networks.
\nUnder the proposed privacy rules, consumers are given increased choice, transparency and security with respect to how their personal information is used and shared by their broadband service provider.
\nAccording to the FCC proposal fact sheet, ISPs will not be prohibited \u201cfrom using or sharing customer data, for any purpose.\u201d Rather, the proposed privacy rules obligate ISPs to offer choices to consumers to opt-in or opt-out in certain instances.
\nUnder the proposal, ISPs will be permitted to use customer data necessary to provide its services and for marketing the service the customer purchased.
\nUnless a customer affirmatively opts-out, a broadband provider, under the new rules, may use a customer\u2019s data to market other communications-related services and share that data with affiliates who provide such services.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5356c727f7&e=20056c7556<\/p>\n
NIST security standard to protect credit cards, health information
\nThe publication addresses a longstanding issue in many software packages that handle financial data and other forms of sensitive information: How do you transform a string of digits such as a credit card number so that it is indecipherable to hackers, but still has the same length and look\u2014in other words, preserves the format\u2014of the original number, as the software expects?
\nNIST Special Publication (SP) 800-38G specifies two techniques for \u201cformat-preserving encryption,\u201d or FPE.
\nAccording to author Morris Dworkin, the new techniques are more suitable for this purpose than NIST\u2019s previously approved encryption methods, which were designed only for binary data \u2013 the frequently lengthy strings of 1s and 0s used by computers.
\nBut because financial software \u2013 used in card readers and billing, for example \u2013 often expects a credit card number to be the typical 16 digits long, encountering a lengthier encrypted number might cause problems in the software.
\nThe new FPE method works on both binary and conventional (decimal) numbers\u2014in fact, sequences created from any \u201calphabet\u201d of symbols\u2014and it produces a result with the same length as the original.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=32d95f9278&e=20056c7556<\/p>\n
Five Ways to Improve Security and Increase Collaboration
\nToday, cybersecurity is the new black.
\nSecurity incidents have become one of the unfortunate realities of business, and there is a heightened sense of awareness that pervades both businesses and consumers daily.
\nAs security veterans, we have learned a lot over the years and have wisdom to share that can help others learn from our mistakes.
\n– Give Them a Door to Knock On
\n– Talk It Out
\n– It Takes a Village
\n– Sharing is Caring
\n– Grill Your Partners
\nYou might have noticed a running theme \u2013 communication, communication, communication.
\nIt used to be that the security community functioned in silos \u2013 there was competition between groups and little to no mutual understanding.
\nToday, there is an unprecedented level of cooperation around security, and as a result, there is greater understanding and education across the board.
\nFor security rookies this is a gift.
\nAs long as we continue this extended dialogue and share information with one another, we can all be better at our jobs \u2013 and help make everyone else safer because of it.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2212e6e419&e=20056c7556<\/p>\n
Five Ways to Improve Security and Increase Collaboration
\nThe cyber insurance market in Singapore is forecast to grow by 50 per cent this year as more businesses look to mitigate the high reputational and financial risks associated with cyber breaches, according to AIG Asia Pacific Insurance Pte.
\nLtd.
\n\u201cWhile cyber attacks grow in size, volume and sophistication, defensive methods and technologies have not seen a corresponding evolution, potentially costing businesses millions in the event of a cyber breach,\u201d says AIG Singapore\u2019s Head of Financial Lines, Lai Yen Yen.
\nResearch undertaken by AIG revealed that two-thirds of public companies in Asia surveyed acknowledged cyber insurance to be increasingly important in the future, although only nine per cent of these companies were covered by cyber insurance.
\nAIG Singapore expects strong demand for cyber insurance to continue from finance and technology companies, and new demand to emerge from healthcare companies.
\nThe insurer also forecasts cyber risks in 2016 to range from both internal and external factors, including lack of data encryption, increased use of malware, and outsourcing to third party providers.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d6b3915674&e=20056c7556<\/p>\n
PhishMe April Cybercrime Alert: Ransomware Attacks Expected to Increase
\nLEESBURG, VA — (Marketwired) — 03\/31\/16 — PhishMe Inc., the leading provider of human phishing defense solutions, today released its April Cybercrime Alert, warning all organizations that its threat researchers expect ransomware attacks to increase as cybercriminals become increasingly aware that:
\nRansomware is readily-available and changes faster than detection technologies can respond
\nIn most cases, paying the ransom is the only way to free hostage data and systems
\nRecent successful ransom situations will only encourage more attempts
\nCryptocurrencies such as Bitcoin can be used to force untraceable ransom payments
\nHumans are widely susceptible to phishing, the most commonly used ransomware attack vector
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8e27bceddb&e=20056c7556<\/p>\n
A NIST guide tells enterprises how to secure email systems
\nFor the first time in a decade, the US National Institute of Standards and Technology (NIST) has updated its secure email guide.
\nThe last effort of the NIST Agency in the development of email security guidelines is dated 2007 when it published the NIST SP 800-45, Version 2 \u2013 Guidelines on Electronic Mail Security.
\nOrganizations need to make sure any email sent by third parties will pass SPF checks, the verification is simple because the enterprise administrator should include the IP addresses of third-party senders in the enterprise SPF policy statement RR.
\nThe NIST guide is out for public comment until May 1st, I suggest you to read it.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=798a692afe&e=20056c7556<\/p>\n
DISA Releases Update to DoD CIO\u2019s Cloud Security Guide for Service Providers
\nThe Defense Information Systems Agency has published an updated version of the Cloud Computing Security Requirements Guide by the Defense Department chief information officer in response to feedback from industry and mission partners.
\nDISA said Monday the CC SRG v1r2 release also includes a revision history and a comment matrix, which work to facilitate understanding of the changes among cloud service providers and enable them to provide immediate feedback.
\nThe update applies feedback to CC SRG v1r1 document released in January and provides guidance on DoD security objectives to CSPs that provide cloud computing technologies and services to the department, DISA said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8ac507c46e&e=20056c7556<\/p>\n
Security, Cloud Computing Remain CIO Budget Priorities: Report
\nIT budget growth is being revised downward by CIOs, but at the same time cloud computing has increased as a driver of IT spending, according to a CIO Survey released this week by Nomura.
\nCIOs expect IT spending to increase 1.2 percent in 2016, after predicting a 3.1 percent increase in the fall.
\nNomura surveyed 50 CIOs in the US in March, mostly at small and medium-sized business, about their expected IT spending, following a similar survey in October.
\nIt found that while security remains the top driver of IT spending, 62 percent said cloud computing is driving IT spending, up 10 percent from October, surpassing big data analytics (60 percent) for second most common driver.
\nData sprawl was named a spending driver by 18 percent of those surveyed, an increase of 12 percent, making it the one factor increasing IT spending more than cloud computing.
\nThat pair of increases also suggests that the scalability of cloud resources is a growing motivation for CIOs to migrate workloads to the cloud.
\nBeginning Sync AdSlot mrec_content for Ad unit dcknowledge.home ### size: [[300,250]] End AdSlot mrec_content
\nSaaS deployments are also expected to rise, from 33 percent of applications to 56 percent in 2021, and Workday is expected to be the short term winner, receiving more revenue from 56 percent of respondents in 2016 than in 2015, just ahead of Salesforce (52 percent).
\nOther IT software vendors expected to take a significantly bigger share of IT budgets include Proofpoint, Palo Alto Networks, VMware, Microsoft FireEye, NetSuite, and F5.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0a835f6d6a&e=20056c7556<\/p>\n
What’s driving cyber spending in the federal market?
\nFor cybersecurity companies mapping out federal sales strategies in 2016 and beyond, it\u2019s important to understand the nature and extent of the threat landscape that will influence buying decisions.
\nAnd what\u2019s driving those decisions today more than anything is the velocity by which the cyber threat is expanding as well as the ways in which government systems and networks become vulnerable.
\nGood cyber hygiene and best practices only go so far though, and stated priorities from the fiscal 2016 and 2017 budgets reflect an emphasis on fortifying IT ecosystems (both high-value assets and enterprise architectures) with built-in security.
\nLet\u2019s examine the major trends and drivers affecting cybersecurity procurement in the government, and the unique challenges facing civilian and defense sectors.
\nDepartment of Homeland Security
\nEinstein is one of the key pillars of the White House\u2019s Cybersecurity Strategy and Implementation Plan, which calls for expanding the latest iteration, Einstein 3A, to all civilian agencies.
\nAdoption of Einstein 3A has been slow at best and because Einstein 3A is signature-based, meaning it blocks threats based on known identifiers, it\u2019s inherently limited due to rapidly evolving threats.
\nAs the gatekeeper for the .gov domain, DHS needs a lot of help from industry with defensive technologies that are more reactive and predictive.
\nVeterans Affairs
\nOne of the biggest cybersecurity steps for the Department of Veteran\u2019s Affairs is the establishment of the Enterprise Cybersecurity Team.
\nThe two main focuses for 2016 and beyond are medical cyber and privacy.
\nVendors selling security tools geared towards protecting networked medical devices will find a receptive ear in the VA.
\nJustice Department
\nAccording to Department of Justice budget documents, the top cybersecurity priorities for fiscal 2017 and the foreseeable future are addressing insider threats and Advanced Persistent Threat Defense.
\nThere continues to be a consolidation at the Office of the Chief Information Officer for certain types of product buys, particularly cybersecurity.
\nVendors should target the headquarter\u2019 s CIO and, of course, the FBI.
\nWithin the FBI, the Information Assurance Division and the Enterprise Security Operations Center, both in the office of the CIO, are good starting points.
\nCommerce Department
\nThis year\u2019s focus is mostly on network management and firewalls.
\nIn addition, the Census Bureau will also have new on-premises infrastructure and applications that need to be secured as it prepares for Census 2020.
\nNavy
\nThe biggest pockets for Navy cyber spending are in NextGen (NGEN) and Consolidated Afloat Networks and Enterprise Services (CANES), the Navy\u2019s ashore and afloat networks respectively.
\nHP runs NGEN, while seven different companies operate under the CANES IDIQ to equip Navy ships with one secure network.
\nThis is an example of a common theme within DOD where you can find significant cybersecurity funding nested within major infrastructure programs.
\nDefense Information Systems Agency
\nFor DISA, the emphasis is on getting vulnerabilities out of its inventory, many of which are DOD-wide systems and enterprise services.
\nArmy
\nThe biggest cyber gaps it is trying to close, and where it needs help from industry, are solutions around increasing network visibility and cyber threat awareness for battlefield commanders, continuous monitoring, and risk assessment.
\nAir Force
\nA big priority in 2016 and 2017 will be fusing together cyber and intelligence.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e3768c016a&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6b666a308e)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * The Anatomy of a CISO: A breakdown of today\u2019s top security leaders * Without information security processes, you are flying blind * Malvertising Thrives in ‘Shady’ Parts of Highly-Automated Ad Networks…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1214","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1214"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1214\/revisions"}],"predecessor-version":[{"id":3701,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1214\/revisions\/3701"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}