Cryptography – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

Crossword Cybersecurity supporting Sultan Qaboos University in Oman on capture the flag cybersecurity competition

riskacademy — Fri, 11 Dec 2020 10:41:31 +0000

11 December 2020 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation company focused on cyber security and risk management, is pleased to announce its first consulting client in the Sultanate of Oman. Working with Sultan Qaboos University and the UK Oman Digital Hub, Crossword is developing a series of technical cyber security challenges for the qualifying rounds of the national cybersecurity capture the flag tournament, taking place on 14 January 2021.

The competition will see students from across the region exercising their cybersecurity skills and learning from their peers. Cybersecurity topics in the competition will include web security, digital forensics, reverse engineering, network security and cryptography. The competition forms part of a wider programme in Oman to promote cybersecurity as a career, and to build a cyber eco-system through coherent initiatives across education, economy and Government.

Tom Ilube CBE, CEO at Crossword Cybersecurity PLC, said: “Crossword is delighted to be working on such an exciting initiative and competition in the Sultanate…

Giacom adds usecure security awareness training platform in fight against cyber risks – PCR

riskacademy — Wed, 02 Dec 2020 10:56:38 +0000

Giacom is partnering with usecure, a security awareness platform, to offer its customers access to Security Awareness Training and Simulated Phishing resources to help mitigate end-user cyber risk and drive secure user behaviour.

With many businesses still working from home, it’s crucial for companies to ensure they continuously educate their employees to become more security conscious and be able to spot cyber attacks. But even with the most advanced endpoint protection, it only takes one user to accidentally open the backdoor to a cyber attack, ultimately putting the whole organisation at risk.

With 95% of cybersecurity breaches caused by human error, usecure’s intelligent training platform identifies users’ individual cybersecurity knowledge gaps by enrolling them onto a training programme unique to their risk profile. It then crafts a personalised programme which addresses their unique learning needs, prioritising courses covering their most vulnerable areas of cybersecurity.

The simplified solution is easy-to-use and offers a range of short video, blog-style and interactive cybersecurity content which is designed to engage every type of learner….

APRA targets cyber hygiene and board oversight with new security strategy – Finance – Security

riskacademy — Sun, 29 Nov 2020 07:39:57 +0000

APRA has unveiled a new cyber security strategy and flagged it will step up its review of current cyber compliance, holding boards accountable for shortfalls.

The prudential regulator’s cyber security strategy for 2020 to 2024 seeks to lift cyber security standards and introduce heightened accountability where companies fail to meet their legally binding requirements.

In a speech to the Financial Services Assurance Forum yesterday, Geoff Summerhayes, executive board member of APRA said the new strategy seeks to safeguard an increasingly connected network of financial entities, increase board oversight and improve basic cyber hygiene practices.

Summerhayes said APRA wants to “eradicate unnecessary or careless cyber exposures” by establishing a baseline of cyber controls. It is starting with sharpening its enforcement CPS 234 compliance.

CPS 234 was introduced last year to shore up the sector’s cyber resilience and requires banks, insurers and superannuation funds to maintain security capabilities, conduct regular tests and notify the regulator if incidents occur.

Boards will be required to engage an external audit firm to review CPS…

Securing the ‘next normal’ through improved cybersecurity (Includes interview)

riskacademy — Sun, 29 Nov 2020 02:38:44 +0000

To gain an insight as to the suitable cybersecurity priorities, Digital Journal conducted an interview with Shitesh Sachan, CEO of Detox Technologies. Shitesh Sachan is a white hat hacker and a Certified Information Security Auditor (CISA) with over 20 years’ experience.

Digital Journal: Since the COVID-19 Pandemic began and teams have become more dispersed, cybersecurity and privacy has become a priority for many businesses. But what steps should they be taking to protect ourselves?

Shitesh Sachan: At the outset of the global COVID-19 pandemic, many organisations decided to enforce social distancing by encouraging their employees to work from home. This decision created new security challenges for many organizations, who now had larger remote workforces. As people have started to work remotely, businesses are, quite rightly, concerned about their data privacy. Social engineering attacks and ransomware attacks have become 4 times more common during lockdown. Most of those attacks are a result of a lack of cybersecurity awareness and in-competent or incomplete security policies. There are five key steps all businesses should take to protect themselves. These…

What’s New in NIST SP 800 53 Rev 5

riskacademy — Sat, 28 Nov 2020 01:31:10 +0000

NIST Special Publication (SP) 800-53 offers regulatory guidelines and controls for federal information systems except those relating to national security. This catalog of security and privacy controls has been used and adopted by a range of organizations both apart of the federal government and beyond due to the comprehensive nature of the control set.

Back in 2017, NIST released the first public draft of SP 800-53 Revision 5. In September of 2020, NIST released the official version of Rev 5, following what NIST describes as “a multi-year effort to develop the next generation of security and privacy controls needed to strengthen and support the Federal Government and every sector of critical infrastructure,” and with it has come a monumental sweep of changes for federal agencies and non-governmental organizations alike to use in an effort to protect the critical systems, components, and services that defend the United States.

Many of the major changes in NIST Special Publication 800-53 include, but are not limited to…

Controls for information systems and security controls are integrated into a seamless catalog for information systems and organizations. Privacy elements are…

IDG’s 2020 Security Priorities Research Outlines New Security Practices & Investments

riskacademy — Thu, 19 Nov 2020 16:42:13 +0000

Boston, MA, Nov. 19, 2020 (GLOBE NEWSWIRE) — IDG Communications, Inc. – the world’s leading tech media, data, and marketing services company – releases the 2020 IDG Security Priorities study, which outlines the security projects organizations are focused on, the factors driving security spending, and the security-related challenges that organizations are experiencing. In its fourth year, this study also explores issues that will demand the most time and strategic thinking from IT and security teams, with an increased focus on security strategy during the COVID-19 pandemic.

Security and the Pandemic
The majority of security/IT executives (62%) say they expect the pandemic to impact the way their organization evaluates and responds to risks moving forward. This has stabilized some since March, when 73% of respondents to the 2020 CSO Pandemic Impact survey said that the impact of this pandemic will alter the way their business evaluates risk for at least the next five years. This additional focus on security includes investing more in people to enable their response to risk (43%), increasing investment in response planning resources to address risk (38%), and updating…

Key Strategies for Managing New Risks in Cybersecurity – BankInfoSecurity.com

riskacademy — Tue, 17 Nov 2020 04:25:38 +0000

Key Strategies for Managing New Risks in Cybersecurity BankInfoSecurity.com

DOD Must Expand Its Mission-Critical Cybersecurity Focus to Include Connected Weapons

riskacademy — Thu, 12 Nov 2020 04:01:03 +0000

As military and defense industry leaders came together in October for the AUSA Annual Meeting & Expo, they learned about the new and innovative systems available to the nation’s military. Many of these systems will be smart, connected weapons, which give our fighters a greater advantage on the battlefield. But they also pose serious cybersecurity risks that must be addressed.

Indeed, in a report released by the Government Accountability Office nearly two years ago, it was revealed that DOD security researchers gained access to nearly all major weapons systems currently in use and under development. Once, because the system was still using the default password visible through an open-source search. In another instance, researchers were able to disable an entire weapons system without detection, later to learn the system crashed so often on its own that it was difficult for officials to detect a breach. Perhaps most concerning is that one test team found that only one of 20 previously identified vulnerabilities had been fixed.

These are shocking lapses in cyber hygiene that could have real-world consequences. These weaknesses should not be difficult to address; changing the…

Audit committee best practices for understanding and acting on cyber-threats | Article

riskacademy — Thu, 05 Nov 2020 21:28:49 +0000

Disclosures related to the audit committee’s responsibility for cyber-security risk oversight have increased significantly over the past five years. Thirty-nine percent of S&P 500 companies made such disclosures in 2020, up from 19 percent in 2018 and 11 percent in 2016. Further, 28 percent of S&P 500 companies disclosed whether their board has a cyber-security expert in 2020, up from 14 percent in 2018 and 7 percent in 2016. There were also significant increases in these disclosures over the same timeframe for S&P mid- and small-cap companies.

“Traditionally, corporate cyber-security programs were primarily the responsibility of the chief information security officer (CISO), and boards only had a fundamental understanding because it was somewhat a ‘black box.’ But the need for visibility into the cyber-security spectrum by the executive team and board is increasing as boards are facing questions from investors, customers, and regulators, and they have to educate themselves.”

David Kessler, VP and Associate General Counsel, IT and Cyber-Security, BAE Systems

The barometer includes specific examples of best practice cyber-security disclosures, which provide…

Practical tips and resources to improve the cybersecurity posture of your business | 2020-11-04

riskacademy — Wed, 04 Nov 2020 05:19:18 +0000

Practical tips and resources to improve the cybersecurity posture of your business | 2020-11-04 | Security Magazine