[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
\nI had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change.<\/p>\n
* Effectiveness of security training queried as data breaches highlight human failings
\n* RBI wants overhaul of cyber security in banks
\n* \u200bOrganisations should stop playing malware whack-a-mole: FireEye
\n* Bing offers improved warnings for possible malware and phishing sites
\n* Is Lloyds Banking Group plc at risk from a cyber attack?
\n* Honeywell Warns of Increasing Attacks by State-Sponsored Hackers
\n* SEC takes on cybercrime with new security advisor
\n* A Cheatsheet That Explains All Those Cyber-Espionage APT Names
\n* UPDATE 2-Philippine central bank bolsters cyber security, may regulate bitcoin operators
\n* Security Concerns Continue to Rise with Increased Reliance on EHR
\n* Debate continues over where CISOs sit in the C-suite
\n* Industry vs. industry on security
\n* What is the actual value of a CISO?
\n* What 17 years as an infosec trainer have taught me
\n* Enterprises Are Investing in Network Security Analytics
\n* SWIFT threatens to give insecure banks a slap if they don’t shape up
\n* How can you be a good security researcher<\/p>\n
Effectiveness of security training queried as data breaches highlight human failings
\nAXELOS warns organisations are putting their reputation, customer trust and competitive advantage at risk by failing to provide relevant and innovative cyber awareness training
\nFigures obtained from the Information Commissioner’s Office (ICO) have revealed that human error continues to be the main cause of data breaches, with healthcare organisations one of the key groups affected.
\nThe figures, obtained by Egress Software Technologies via a Freedom of Information (FOI) request, show a continual upward curve in reported data breach incidents.
\nThe statistics examined the most recent incidents from 1st January – 31st March 2016, comparing them against the same period in 2014 and 2015.
\nHe said: “This report highlights how many UK organisations are putting their reputation, customer trust and competitive advantage at greater risk by failing to provide their staff with engaging, relevant and innovative cyber awareness learning that will better protect their most valuable or commercially sensitive information and systems.
\nOur people and their behaviours, not just technology, must sit at the heart of organisational resilience.
\nThe honest and unwitting actions of an individual, regardless of their role or responsibility can all too easily enable a loss of critical information.
\nAccording to Wilding, recent AXELOS research published in March showed that only a minority of executives responsible for information security training in organisations with more than 500 employees believe their cyber security training is “very effective”.
\nWhile four in 10 (42%) say their training is “very effective” at providing general awareness of information security risks, only just over a quarter (28%) say their efforts are “very effective” at changing behaviour in relation to information security.
\nHe concluded, “The boardroom also needs to appreciate the importance their people can play in better protecting their reputation, competitive advantage and operational continuity.
\nIf company boards are not asking those responsible about the current effectiveness of their awareness learning among their people and what is being done to improve their cyber resilience, then they should be.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7401977085&e=20056c7556<\/p>\n
RBI wants overhaul of cyber security in banks
\nThe Reserve Bank of India (RBI) on Thursday directed banks to chalk out cyber security policies, separate from the lenders\u2019 IT policy, \u201cimmediately\u201d in view of the rising cybercrimes at banks.
\nIn its cyber security framework for banks, the central bank said the number, frequency and impact of cyberattacks \u201chave increased manifold in the recent past\u201d at banks and other financial institutions, \u201cunderlining the urgent need to put in place a robust cyber security\/resilience framework at banks and to ensure adequate cyber-security preparedness among banks on a continuous basis.\u201d
\nRBI said the cyber strategy of banks should be distinct from the broader IT and security policy of the lender and testing for vulnerabilities should be carried out at regular intervals as cyberattacks can occur at any time and in a manner that may not have been anticipated.
\nThe banks also must share the data with the central bank and report promptly about any cyber crime they face, it said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ef35e73be1&e=20056c7556<\/p>\n
\u200bOrganisations should stop playing malware whack-a-mole: FireEye
\nWhen it comes to identifying malware infections, organisations tend to stop the fight there, in what Josh Goldfarb, FireEye CTO of emerging technologies, said is a frustrating practice.
\nAccording to Goldfarb, what many organisations are doing is re-imaging a laptop or cleaning up the malware, and putting it back into service without foresight to realise it will happen again.
\nThe CTO said those affected are often missing the point and are asking why the same issue keeps happening, and why they are experiencing 10 infected laptops each week, rather than starting at the beginning.
\nHe said it is better to patch or find other ways to control the use of a certain platform that is continuously infected with malware.
\nAustralia lags behind the rest of the western world in terms of awareness, Goldfarb said, noting that businesses are not actively reporting breaches or handling them appropriately.
\nHe added that the culture in the US, Canada, and Western Europe is a little bit more aware of the need for incident response and the need to be prepared.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5669d6698e&e=20056c7556<\/p>\n
Bing offers improved warnings for possible malware and phishing sites
\n“The trick to fishing is making the fly float through the air as if it were alive.
\nDone right and the hungry trout eyeballing the fly is convinced to take the bait.
\nIt is not a coincidence that criminal activity shares a similar name: phishing.
\nThe bait are fake websites designed to look and feel like the legitimate ones.
\nThese sites catch people by taking advantage of a user’s trust in entering information such as passwords, usernames, and credit cards.”
\nBing has refined the generic warning to specifically call out this threat.
\nWhen users click a URL suspected of phishing, a warning will appear.
\nThis looks similar to the generic warning except it now warns that the site might steal personal information
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b8b7aa4cb8&e=20056c7556<\/p>\n
Is Lloyds Banking Group plc at risk from a cyber attack?
\nWith financial institutions being hacked with increasing frequency, many UK investors will be asking whether Lloyds Banking Group (LSE:LLOY) is at risk of a cyber attack.
\nLloyds made the news last year when thieves stole the personal details of thousands of Lloyds Bank customers after a data storage device was removed from a data centre.
\nWith financial institutions being hacked with increasing frequency, many UK investors will be asking whether Lloyds Banking Group (LSE:LLOY) is at risk of a cyber attack.
\nLloyds made the news last year when thieves stole the personal details of thousands of Lloyds Bank customers after a data storage device was removed from a data centre.
\nMr Rodriguez-Sola stated recently that as a result of greater coordination with law enforcement agencies and the implementation of extra layers of defences, cyber attacks at Lloyds were decreasing as online criminals switched their attention to other less-well-protected industries.
\nHaving said that, cyber threats are becoming increasingly more complex, and for that reason we can’t rule out future attacks at Lloyds or the other UK banks.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b57f1915d7&e=20056c7556<\/p>\n
Honeywell Warns of Increasing Attacks by State-Sponsored Hackers
\n(Bloomberg) — Hackers are increasingly targeting industrial facilities, from oil refineries to nuclear power plants, with sophisticated attacks aimed at capturing data and remotely controlling the sites, according to a Honeywell International Inc. executive.
\nHoneywell has seen evidence of threats from nation-states and “sponsored attackers” backed by nations in two-thirds of the 30 industrial sectors the company tracks at its Duluth, Georgia-based cyber research lab, according to Eric Knapp, chief cybersecurity engineer at Honeywell Process Solutions.
\nThe unit provides cybersecurity for more than 400 industrial sites worldwide, including oil and gas producers, chemical and power plants, natural gas processors, and mining and water treatment facilities.
\nKnapp wouldn\u2019t name specific countries but said that the advanced hacking methods being detected are typically associated with nations or groups they sponsor.
\nA U.S. indictment unsealed in March accused a hacker based in Iran of gaining remote access to a computer controlling a dam in Rye, New York, for about three weeks beginning in 2013, while six other Iranians attacked U.S. banks and companies including the New York Stock Exchange, Nasdaq, Bank of America Corp., JPMorgan Chase & Co. and AT&T Inc.
\nIran rejected the accusations.
\nCompanies have built stronger networks around their control systems, making direct access more difficult for hackers.
\nInstead, attackers craft malware to hit a company\u2019s more vulnerable corporate system and then infect any removable USB drives attached to that network.
\nThe control system\u2019s network, housed separately, is breached when a worker plugs the infected USB drive into it.
\n“There\u2019s still a need for information to flow between the business and the control system,” Knapp said. “The bad guys know that they need to go in that way so they\u2019re designing their attacks to take advantage of that.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=877acaa5b3&e=20056c7556<\/p>\n
SEC takes on cybercrime with new security advisor
\nThe US Securities and Exchange Commission has named Christopher Hetner the senior adviser to the chair, May Jo White, Reuters reported.
\nThe appointment comes two weeks after White told the Reuters Financial Regulation Summit in Washington DC that cyber attacks were the biggest risk facing the financial system, adding that the SEC “can’t do enough” in the cyber-security sector.
\nHetner, who currently coordinates cyber-security efforts within the SEC\u2019s office of compliance inspections and examinations, will help address cyber-security policy and assess market risk across the agency.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61bbb5e260&e=20056c7556<\/p>\n
A Cheatsheet That Explains All Those Cyber-Espionage APT Names
\nIn the past, there were some projects, like APTNotes, Cyber Campaigns, and a few others, that tried to put all of these in order.
\nBut there’s now an even better source, organized into a nice and colorful spreadsheet hosted on Google Docs, named APT Groups and Operations.
\nThe spreadsheet was put together by Florian Roth – @cyb3rops, but we did stumble upon it via Krypt3ia’s blog (so thanks, Krypt3ia).
\nIf you ever want to become an infosec ninja, learn it by heart.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=117f24dd04&e=20056c7556<\/p>\n
UPDATE 2-Philippine central bank bolsters cyber security, may regulate bitcoin operators
\nCEBU, Philippines, June 4 (Reuters) – The Philippine central bank is bolstering cyber security surveillance to help boost banks’ defenses and is looking at regulating bitcoin operators to combat money laundering, a senior official said on Saturday.
\nThe Philippine central bank has set up a separate cyber security surveillance division to craft cyber security policies and conduct surveillance work, monitor cyber threats and test the ability of supervised institutions to manage cyber security issues, Nestor Espenilla central bank deputy governor in charge of banking supervision, said in a lecture organized by the bank.
\nPolicymakers were also looking at tightening regulations for remittance companies and money changers, and regulating operators of virtual currencies to boost efforts to combat money laundering, he said.
\nUsers of digital currency bitcoin more than doubled in the Philippines in the first half of last year from a year earlier, Espenilla said, while bitcoin transactions purportedly passing through registered companies in the country range from $2 million to $3 million per month based on available estimates.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=def89f3535&e=20056c7556<\/p>\n
Security Concerns Continue to Rise with Increased Reliance on EHR
\nThe rise of electronic health records (EHR) has brought about numerous benefits for both patients and caregivers.
\nFor patients, EHRs have led to improved health care quality (through increased access to patient information and improved support in making health decisions), increased participation in the healthcare process (through higher accuracy and availability), easier access to personal health records (as they are electronic in nature), and more accurate diagnostics and positive health outcomes (through computational analysis of various healthcare factors and ability to personalize treatment).
\nIn addition, patients are saved valuable time at their doctor\u2019s visits, since their medical information can be accessed much quicker than before.
\nIt\u2019s no secret that there are cyber criminals around, and as with any digital information, that the threat of having data stolen is all too real. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=742c78ddc9&e=20056c7556
\nData breaches in healthcare organizations are continuing to happen, with one study even suggesting that almost 90% of healthcare organizations have been victims of data breaches within the last two years.
\nThese constant threats and challenges, however, further underscore the need for reputable healthcare data management companies who provide high-level security within their data reporting and business analytics programs.
\nSyntrix Consulting is one such group able to ensure data security in their Epic reporting\/consulting solutions and health data management by implementing more than just flawed anti-virus software.
\nThey adhere to industry-wide standards in privacy rules, and utilize effective technical controls (anti-malware, data loss prevention software, two-factor authentication, patch management, disc encryption, as well as logging and monitoring software), through operational controls including security assessments, incident response plans, user awareness and training, information classifications, and more.
\nThe best consulting groups are also able to detect attempted breaches by outside actors, audit individual users of their software and workstations, utilize encryption to disguise data within medical files and employ specific device and media controls to inhibit the accidental leak of private data through reused or reprocessed hardware.
\nIt seems like a lot, but the shifting healthcare cybersecurity landscape needs stringent controls to enable the highest level of user confidence possible.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=22c262b005&e=20056c7556<\/p>\n
Debate continues over where CISOs sit in the C-suite
\nPundits scrutinizing senior executive dynamics have opined for years about to whom the CISO should report.
\nSome say the CISO should report to only the CIO because the top security role is inextricably linked to IT.
\nOthers say this is a terrible idea because the CISO’s must lock down the corporate network while the CIO is challenged to innovate.
\nA CISO panel convened at the MIT Sloan CIO Symposium last month rekindled this longstanding C-suite debate.
\nMIT professor and panel moderator Stuart Madnick asked the CISOs to whom they believed they should report.
\nState Street CISO Mark Morrison suggested that the common model of security chiefs reporting to IT leaders is no longer tenable. “I think there needs to be some independence of the CISO from the IT organization,\u201d said Morrison, who provides information security for a financial services company with $30 trillion under custody.
\nMorrison has dual reporting lines to CIO Antoine Shagoury and the board, whose technology committee he meets with nine times a year, accompanied by the CIO.
\nInevitably the board asks Morrison to report on cyber risk, including what additional tools they should invest in to improve protection.
\nThat\u2019s when things start to get dicey as the board asks him if he\u2019s getting enough support and money to do everything he needs to do.
\nSitting next to his CIO, \u201cit\u2019s hard to give a very honest answer to that [question],\u201d Morrison said.
\nDespite all the heady talk about GRC, CISOs still toil in a highly technical role; those who seek and win independence from IT risk sacrificing credibility with their peers.
\nShumard and Associates principal consultant Craig Shumard told CIO.com that the CISO is better placed in the IT organization than not because as much as 80 percent of the role is technical in nature.
\nIndeed, not every CISO on the MIT panel said reporting to IT presents a conflict of interest.
\nRoota Almeida, head of information security for Delta Dental of New Jersey says she has reported to CIOs in two of her CISO jobs, including her current position.
\nBut she said that organizational culture dictates whether the CISO-CIO reporting structure works. “In a different industry, a different organization, maybe I should be reporting to the chief legal officer,” Almeida said.
\nWith breaches continuing at a rapid clip and the attack surface widening thanks to the Internet of Things, cybersecurity will increasingly be shunted away from IT, predicted R.
\nDavid Moon, CEO of incident response consultancy TriPath Media.
\nHe said companies must bolster their defenses without overburdening IT departments.
\nThat creates more opportunities for CISOs to grab governance and operational oversight while freeing the CIO to focus on innovation. \u201cWe don\u2019t see a lot of CIOs who want to be responsible for the GPS\u2019 in truck fleets, or smart doors and thermostats,\u201d Moon said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=06b864b1ff&e=20056c7556<\/p>\n
Industry vs. industry on security
\nRESTAURANTS VS.
\nINSURERS \u2014 A little-noticed court ruling this week has ramifications for cyber insurance policyholders and providers, present and future \u2014 and, according to attorney Robert Chesler, it might even be the first ruling ever on a cyber insurance policy.
\nThe ruling was a defeat for the P.F.
\nChang\u2019s restaurant chain, which lost in its bid to get Chubb\/Federal Insurance to pay an additional $2 million on top of the $1.7 million that the insurer had already paid out from a 2014 data breach.
\nETAILERS VS.
\nCREDIT CARD COMPANIES \u2014 A simmering feud between retailers and the financial services sector got a little hotter Thursday when the National Retail Federation announced it had asked the FTC to investigate a credit card industry-led security standards organization over antitrust concerns.
\nUNDER MY UMBRELLA, ELLA, ELLA, EH, EH, EH \u2014 The United States and Europe are often at odds on data issues, and they still haven\u2019t come to terms on the Privacy Shield \u2014 but U.S. and EU officials did celebrate an agreement Thursday that\u2019s meant to let police and law enforcement agencies more easily exchange data in criminal and terrorist investigations.
\nLIFE SO CHILL FOR INFOSEC ANALYSTS \u2014 The least stressful U.S. job of them all, figures job website CareerCast, is infosecurity analyst.
\nThe site didn\u2019t conduct a poll or anything; it estimated the stress based on a mathematical analysis.
\nCHINESE HACKERS APPARENTLY TARGETING TAIWANESE POLITICAL PARTY \u2014 Hackers have compromised the website of Taiwan\u2019s Democratic Progressive Party in an apparent attempt to gather intel on what\u2019s driving a move away from pro-mainland policies, FireEye says.
\nNIST GOES FEMA \u2014 The National Institute of Standards and Technology is seeking help on a project to aid recovery from destructive malware attacks.
\nSTOP US IF YOU\u2019VE HEARD US BEFORE: \u2018LENOVO BLOATWARE \u2026 \u2019 \u2014 Top PC maker Lenovo is telling customers to abandon a pre-installed software updater after a critical security report.
\nChristopher Hetner has been named senior cybersecurity policy adviser to SEC Chair Mary Jo White.
\nSarah Geffroy has assumed the title of director of global public policy for AT&T, where she will handle cyber and national security.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ed447796f2&e=20056c7556<\/p>\n
What is the actual value of a CISO?
\nThe key value provided by a CISO is the business leadership role that includes the driving of both information technology and security education.
\nWhen the CISO does that, the efficacy of information security policies get clearer and the process of moving the workforce to a collaborative engagement toward information security starts.
\nThis collaborative effort not only includes the putting of technological solutions on network nodes or employee devices but also includes training and awareness efforts.
\nThe cost of cybercrime and the real quantified value of the CISO these days is skyrocketing as the cost of data breaches continues to rise.
\nThe recent Ponemon IBM report reveals that breach costs have grown from $5.4 million in 2013 to $6.53 million in 2015, an increase of 21% in only two years.
\nConstantly updating and maintaining the best line of defense is a complicated, never-ending task, manifested within a blend that would typically include data encryption and protection, event management, intrusion prevention, and employee awareness building.
\nThis requires a high-level executive commitment, expertise and processes.
\nCorrect handling and implementation reduces vulnerabilities, shortens the amount of time threats take to detect, resolves attacks and can save companies millions annually.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f0b8a1a789&e=20056c7556<\/p>\n
What 17 years as an infosec trainer have taught me
\nMy ideal class size is 24 students.
\nAgain, empirical data from my past trainings have shown that a class size of 24 contains the right critical mass for meaningful classroom discussions and Q&A sessions, while still maintaining a very good student-to-instructor ratio.
\nBlack Hat is on its way to become a training factory, with many classes now having over 100 students each.
\nOur Black Hat training features a larger crew, with two teaching assistants to ensure that even a larger class runs smoothly.
\nA class size beyond 50 just doesn\u2019t work.
\nThe diversity in capabilities becomes too wide and I risk the class being held up for a few insistent stragglers.
\nI\u2019d rather stick with quality and depth over quantity at this point in my journey.
\nThe other challenge we face is in managing expectations.
\nIt took a couple of years for us to figure out the gaps.
\nWe took great pains to ensure that our syllabus and learning objectives are very clearly communicated in the course description.
\nFor private infosec training, I like to have a conference call with the stakeholders to discuss the topics they want, and then work out the final syllabus after a couple of iterations.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f915c31529&e=20056c7556<\/p>\n
Enterprises Are Investing in Network Security Analytics
\nBased upon lots of qualitative and quantitative research, I\u2019m finding that many large organizations with experienced security teams tend to jump into security analytics by focusing their effort on the network for several reasons:
\n1. Networks are already instrumented for data collection and analysis.
\n2. Security analysts tend to have lots of network security analytics experience.
\n3. Network security analytics can be mapped to APT \u201ckill chains.\u201d
\n4. Network security analytics can span layer 2 through 7 visibility.
\n5. Threat intelligence aligns well with network security analytics.
\n6. Network security analytics provide a bridge between cybersecurity and network operations teams.
\nAs the old security saying goes, \u201cthe network doesn\u2019t lie.\u201d Clearly the supply- and demand-side of the cybersecurity industry understand what this means and are busy reacting to this truism.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b0886210a1&e=20056c7556<\/p>\n
SWIFT threatens to give insecure banks a slap if they don’t shape up
\nThe SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security.
\nThe threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank.
\nSWIFT\u2019s customer security programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions.
\nSWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d2eefcdf7f&e=20056c7556<\/p>\n
How can you be a good security researcher
\nSo you want to be a security researcher.
\nSecurity researchers are much in demand these days due the rise in cyber security threats as well as growth in tech companies.
\nSome of you want to become a security researcher for the fame it offers while others may be in it for the awesome money.
\nSecurity researchers need a broad set of skills to investigate a constantly-changing threat landscape.
\nBut if you broaden your spectrum you may end up being a jack of all trades.
\nTherefore specializing in areas such as reverse engineering or network forensics will boost opportunities for you.
\nA reader on Quora aptly put the following requirements for becoming a security researcher :
\n– Firstly, one should know many programming language like Java, Python, Ruby, C and many more.
\n– Secondly one should have proper knowledge of computer system i.e., operating system and computer networks and how these work.
\n– Also study the tools and software which check for vulnerabilities.
\n– Practice!
\n– Join online courses offering certified hacking courses.
\n– Read books.
\nSecurity research includes a wide spectrum of tasks, says James Treinen, vice president of security research at ProtectWise, developer of a cloud-based platform that uses a virtual camera to record everything on an organization\u2019s network, letting security personnel see threats in real- time.
\nRemember, a life of a security researcher is hard.
\nSometimes they are arrested by police even for reporting flaws or exposing leaks in public.
\nOther times you may run foul with a particular cyber criminal or hacking group who may dox you, threaten your or hack your accounts.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e2f3af64d&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=685e3fbca4)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] I had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change. * Effectiveness of security training queried…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1233","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1233"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1233\/revisions"}],"predecessor-version":[{"id":3720,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1233\/revisions\/3720"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}