[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* MEPs back sharing airline data to \u2018fight terrorism\u2019
\n* Cybersecurity of critical infrastructure is a ‘mess’ and nations must cooperate to fix it, warns Eugene Kaspersky
\n* Newark police: Cyberattack disrupted some computer systems
\n* How to get the most out of your security investment
\n* UEBA is only one piece of the cyber risk management puzzle
\n* IRS Chief: Agency Faces Loss of Key InfoSec Personnel
\n* SANS to Host First-Ever Salt Lake City, Utah Information Security Training Event
\n* Software tools and services used to achieve ISO 27001
\n* New Research From SANS And DomainTools Reveals Shift Towards Threat Hunting Model And ‘Work Smarter Not Harder’ Approach To Security
\n* 3 steps to embracing NIST 800 security controls
\n* Ottawa open for comments on proposed breach notification regulations<\/p>\n
MEPs back sharing airline data to \u2018fight terrorism\u2019
\nThe European Commission first proposed the so-called Passenger Name Record in 2011.
\nIt marks a five-year battle to get the legislation approved, having being held up over privacy concerns.
\nThe so-called Passenger Name Record was approved by 416 votes for, to 179 votes against, with nine abstentions.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d784182792&e=20056c7556<\/p>\n
Cybersecurity of critical infrastructure is a ‘mess’ and nations must cooperate to fix it, warns Eugene Kaspersky
\nThe European Commission first proposed the so-called Passenger Name Record in 2011.
\nIt marks a five-year battle to get the legislation approved, having being held up over privacy concerns.
\nThe so-called Passenger Name Record was approved by 416 votes for, to 179 votes against, with nine abstentions.
\nKaspersky urged governments to do more to combat the threats hackers pose to power-grids, turbines, reactors and other essential facilities.
\nKaspersky pointed out how, when it comes to ensuring buildings are physically secure, there are regulations which must be adhered to, but that there isn’t anything of this kind for cybersecurity at all, not even for critical infrastructure.
\nSpeaking at the same event, Cevn Vibert, industrial control security evangelist at industrial IT provider SolutionsPT, argued that governments do understand the challenges surrounding securing critical infrastructure, but rather the problem is they don’t know how to implement the changes.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9e11c1259d&e=20056c7556<\/p>\n
Newark police: Cyberattack disrupted some computer systems
\nBut they say the attack didn’t disrupt the delivery of emergency services.
\nAnd there’s no indication that any information stored on the affected servers was compromised.
\nActing Public Safety Director Anthony Ambrose told NJ.com (http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3707a9ba1b&e=20056c7556) that department staffers couldn’t access the various systems while crews worked to clear servers of a virus implanted during the attack.
\nThe virus temporarily locked down the servers, blocking access to the program used to track and analyze crime data and another used to dispatch police and emergency officers.
\nA backup system was used for dispatch services.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cb5be642cb&e=20056c7556<\/p>\n
How to get the most out of your security investment
\nAll too often organisations look to resolve security issues by simply purchasing more expensive security products, without ensuring the solution can evolve with the company.
\nHowever, misconfigured or poorly set up security tools do not offer increased security, rather, they can lead to increased vulnerability.
\n-Build a long-term plan for your security investment
\n-Find the best security solution for your company
\n-Continue to analyse and improve
\n-How to respond to a security breach: Plan,do, check, act
\n-Let go of your ego
\n-Figure out what went wrong
\n-Eliminate the problem
\n-Test, test, test
\nErdal has found that Data Loss Prevention solutions (DLP) offer valuable information if breaches occur, which normally doesn\u2019t happen if policies are properly built.
\nThe available reports provide details like confidential data transfers that took place, from which computers, at what time and the exact transferred content.
\nOnce IT Administrators or security staff analyse these reports, they can address the issue by restricting data transfers for the problematic users, they can even use the reports as proof in court or they can take further measures depending on the vulnerability.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=220a212dad&e=20056c7556<\/p>\n
UEBA is only one piece of the cyber risk management puzzle
\nEven “at the front”, UEBA is only a threat detection tool.
\nIt uncovers individuals or technologies that are exhibiting unusual behavior but it doesn\u2019t take into account greater context like the business context of the user\u2019s activities, associated vulnerabilities, indicators of attack, value of the assets at risk or the probability of an attack.
\nBy itself, UEBA output lacks situational awareness, and still leaves SOC analysts with the task of figuring out if the events are truly problematic or not.
\nIf the behavior, though unusual, is justified, then it is a false positive.
\nIf the threat is to corporate information that wouldn\u2019t impact the business if it were compromised, it\u2019s a real threat, but only worth chasing down after higher priority threats have been mitigated.
\nFor example, let\u2019s say through UEBA software, it is identified that an employee on the finance team is logging into a human resources application that he typically would not log into.
\nUEBA is only informing the incident responder of a potential threat.
\nThe SOC will have to review the activity, determine if it is legitimate, if not, check if the user has access privileges to access sensitive information in the application, see if their laptop has a compromise that may indicate a compromised account and then make what is at best a not so educated guess that will often result in inaccurate handling.
\nJust as important, the SOC analyst will likely do all of their homework and handle the incident appropriately, but without the right context they may have wasted a lot of time chasing down a threat that of low importance relative to others in the environment.
\nA true “inside-out” approach to cyber risk management begins with an understanding of the business impact of losing certain information assets.
\nThe information assets that, if compromised, would create the most damage are the information CISOs, line-of-business and application owners, SOC investigators, boards of directors and everyone else within the company should focus on protecting the most.
\nThey should determine where those assets are located, how they may be attacked, if they are vulnerable to those attacks and the probability of it all happening.
\nOnce that contextualized information is determined, everyone within the company can prioritize their efforts to minimize cyber risk.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2b10d8367b&e=20056c7556<\/p>\n
IRS Chief: Agency Faces Loss of Key InfoSec Personnel
\n“The loss of streamlined critical pay authority has created major challenges to our ability to retain employees with the necessary high-caliber expertise,” IRS Commissioner John Koskinen testified at an April 12 hearing on cybersecurity and protecting taxpayer information held by the Senate Finance Committee.
\nHe said the agency’s top cybersecurity expert recruited through the program recently left. “In fact, out of the many expert leaders and IT executives hired under critical pay authority, there are only 10 IT experts remaining at the IRS, and we anticipate there will be no staff left under critical pay authority by this time next year.”
\nThe lapsed law, which expired in September 2013, allowed the IRS to pay more than usual to hire up to 40 individuals for positions requiring extremely high-level expertise, including information security.
\nAmong those recruits: IRS Chief Technology Officer Terence Milholland, who served as executive vice president and CTO at card issuer Visa International when recruited 8\u00bd years ago and is leaving the agency later this year.
\n“When it comes to blocking hackers, Congress has done next to nothing while the IRS loses its ability to hire the experts who can keep taxpayer information safe,” Wyden said. “If you’re a top-notch tech expert, you’re already taking a pay cut to work in public service.
\nNow, without what’s called streamlined critical pay authority, it can take four to six months to bring a new hire on board at the IRS.
\nSo let’s be clear: Taxpayer information is under assault every day, but the IRS does not have the legal authority it needs from Congress to build a cybersecurity team that can beat back the crooks.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8ba3527010&e=20056c7556<\/p>\n
SANS to Host First-Ever Salt Lake City, Utah Information Security Training Event
\nBETHESDA, Md., April 14, 2016 \/PRNewswire-USNewswire\/ — SANS Institute, the global leader in information security training, today announced its first-ever Salt Lake City, Utah training event.
\nScheduled for June 27 through July 2, SANS Salt Lake City 2016 will feature InfoSec courses focused on traditional information security, digital forensics and industrial control systems (ICS) security.
\nDeveloper and management courses will be offered in addition to bonus evening sessions covering some of today’s most complex security issues.
\nIncluded among the courses offered at SANS Salt Lake City are the popular SEC504: Hacker Tools, Techniques, Exploits and Incident Handling course and the FOR508: Advanced Digital Forensics and Incident Response.
\nSANS will also offer its ICS410: ICS\/SCADA Security Essentials course.
\nIn addition to helping InfoSec professionals greatly sharpen and expand their skills, some of these courses will also help with DoD 8570 and GIAC approved certification exam preparation.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0bd03e366e&e=20056c7556<\/p>\n
Software tools and services used to achieve ISO 27001
\nMany organizations are unsure of what\u2019s available to help them implement and get certified in quick time, so CertiKit summarized the most common areas of the ISO 27001 standard where software tools and services come in handy.
\nHow many of these software tools and services you decide to use depends on your budget, timescales and how secure you want to be.
\nThe infographic below will help you to choose wisely in order to achieve ISO 27001.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0214020067&e=20056c7556<\/p>\n
New Research From SANS And DomainTools Reveals Shift Towards Threat Hunting Model And ‘Work Smarter Not Harder’ Approach To Security
\nSEATTLE, April 14, 2016 \/PRNewswire\/ — DomainTools, the leader in domain and DNS-based cyber threat intelligence, today announced the results of the first annual Threat Hunting: Open Season on the Adversary Survey, conducted by the SANS Institute.
\nThe research revealed that 85 percent of enterprises have already adopted some form of Threat Hunting to aggressively track and eliminate cyber adversaries as early as possible.
\nThis proactive “Threat Hunting Model” leverages existing tools combined with human intervention to strengthen the security posture of the organization.
\nAccording to the survey, adopters of this model reported positive results, with 74 percent citing reduced attack surfaces, 59 percent experiencing faster speed and accuracy of responses, and 52 percent finding previously undetected threats in their networks.
\nAdditional key findings from the SANS report include:
\nThe top seven data sets that support threat hunting are: IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behavior and analytics, and software baseline monitoring.
\n86 percent of respondents said the most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior.
\nOnly 23 percent of businesses have hunting processes that are invisible to attackers, meaning the majority of organizations are at risk from exposing internal hunting TTPs in a way that benefits the atta
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=714ec982a9&e=20056c7556<\/p>\n
3 steps to embracing NIST 800 security controls
\nNIST 800-53, in particular, lays out recommended policies and procedures covering access control, incident response, business continuity, disaster recoverability and about a dozen more key areas.
\nHere are three key lessons I learned along the way:
\n1. Top management commitment is absolutely crucial
\nSeek senior-level buy-in at the start, and take steps to reinforce it as you go.
\nWithout senior executives fully on board, any wonderful new security policies and procedures you come up with will languish on your hard drive.
\n2. You can\u2019t do it all, so do what you can
\nNIST 800-53 very extensively outlines how to establish baseline infosec controls based on an organizational assessment of risk.
\nCommon sense tells you that controls must be in place to have any effect.
\nCreating policy for which you lack the manpower and resources to enforce is a recipe for futility.
\nTo account for this, we engaged our subject matter experts in a triaging process.
\n3. Be wary of the butterfly effect
\nAn insect flapping its wings in China can trigger a tornado in Florida.
\nCreating new polices can trigger new responsibilities and intensify pressure on existing resources.
\nIt is vital to get buy-in, not just from top management, but especially from mid-level management, on whose shoulders a new tier specified responsibilities will likely fall.
\nOur goal is to use the NIST controls not just to tighten security, but to free up our organization so it\u2019s more productive.
\nThus our mantra has become \u201cenabling the business securely.\u201d We express this often.
\nTransparency and teamwork are the result.
\nMeanwhile, this continual feedback loop is helping us keep our NIST controls alive and vital.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6e16956654&e=20056c7556<\/p>\n
Ottawa open for comments on proposed breach notification regulations
\nIt\u2019s long been known that for many pieces of federal and provincial legislation, the regulations cabinet approves \u2014 but the wording of the law can have as much if not more impact on organizations.
\nIt\u2019s particularly true with the mandatory data breach notification and reporting regulations Ottawa is about to write for organizations that fall under the Personal Information Protection and Electronic Documents Act (PIPEDA).
\nLast month Innovation, Science and Economic Development Canada issued a 26-page discussion paper outlining issues and asking for answers to 26 questions that will help the government frame the regulations.
\nOrganizations have until the end of May to reply.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dec168b864&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f052dd3b32)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * MEPs back sharing airline data to \u2018fight terrorism\u2019 * Cybersecurity of critical infrastructure is a ‘mess’ and nations must cooperate to fix it, warns Eugene Kaspersky * Newark police: Cyberattack disrupted…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1219","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1219"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1219\/revisions"}],"predecessor-version":[{"id":3706,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1219\/revisions\/3706"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}