Sunday, 31 March 2019

5 Benefits of Concrete Cyber Security Risk Management Strategy

Why you need to establish the right information security risk strategy.

ISC2 Study Materials, ISC2 Guides, ISC2 Learning, ISC2 Tutorial and Material

Managing risk is part of every business. A risk is a major part of having a balanced business strategy, as it can help organizations reach new levels of success. A modern comprehensive risk management strategy includes a solid cyber security component. Technology advances mean that cyber security continues to be a business focus that requires serious attention.

Smart businesses have an effective cyber security strategy built into their risk management policy. With objectives like data loss prevention,  better security measures to protect the system and network services, and active data management and control, cyber security strategies can have a huge impact on a business’s being able to meet their goals and performance metrics.  Here are some of the benefits of prioritizing a cyber security risk management plan.

1. Better business reputation


Whether you work with clients or sell to customers, it’s important to keep their best interests in mind. One of the best ways to establish trust and build your business is to ensure that their data is protected. Data breaches continue to threaten businesses, costing them customers and profits, and make the news in a negative way. Organizations that proactively prioritize their information security and customer data tend to do more business, have more loyal clients, and experience more long-term success.

2. Increased revenue


Data breaches can lead to lost profits from fewer customers, as well as from fines and lawsuits. Cyber security threats, like DDoS attacks, can shut down company websites and prevent traffic from engaging with your site and making the online purchase. Lax cyber security is a truly expensive endeavor. Businesses that have a cyber security risk management strategy do spend company resources – such as employee labor and money on software solutions – but this is an investment in the future of the company. Better security measures can help businesses ensure that they minimize the risk of unexpected profit losses.

3. Competitive advantage


Cyber security can encompass all branches of the business – in addition to protecting customer and employee data, cyber security measures protect proprietary information that can help businesses get ahead. The proper cyber security risk management strategy includes ensuring proper permissions get granted to employees so that the right teams have access to the right data. Plus it helps keep private business information from being leaked to other businesses or competitors.

4. Increased employee engagement


Cyber security isn’t just for shareholders and customers – it can help increase employee confidence. Employee information includes sensitive information like social security numbers, dates of birth, addresses, and more. Companies that have a defined and focused cyber security strategy protect their employee’s interests and earn their trust, leading to better engagement. More engaged employees are more productive, more positive, and have better performance ratings than unengaged coworkers, leading to businesses with higher profits and efficiency.

5. Better IT team support


Having an actual cyber security strategy and implanting a protection solution – through a combination of software programs and on-site measures – means your technology team isn’t reacting to a crisis that emerges but is following an established protocol. This means less stress for an extremely important department. It allows for better working relationships and can ensure that there is the proper number of personnel and appropriate resources to dedicate to all technology projects. Instead of a team who’s energy gets redirected to put out potential fires and handle emergencies, cyber security plans help keep all projects on track and also enable teams to handle problems.

Having a cyber security plan in place is much more than an option; it is crucial to the security and success of a business. Risk management may start with leadership, and cyber security often initiates in IT or technology teams, but risk management is everyone’s responsibility. No matter what business or industry you find yourself in, to protect the integrity of your information and ensure employee and customer trust, cyber security is a modern-day must.

Saturday, 30 March 2019

Network Security

Network security is the security provided to a network from unauthorized access and risks. It is the duty of network administrators to adopt preventive measures to protect their networks from potential security threats.

Network Security, Security, ISC2 Guides, ISC2 Certifications, ISC2 Guides, ISC2 Study Materials

Computer networks that are involved in regular transactions and communication within the government, individuals, or business require security. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Types of Network Security Devices


Active Devices

These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content filtering devices are the examples of such devices.

Passive Devices

These devices identify and report on unwanted traffic, for example, intrusion detection appliances.

Preventative Devices

These devices scan the networks and identify potential security problems. For example, penetration testing devices and vulnerability assessment appliances.

Unified Threat Management (UTM)

These devices serve as all-in-one security devices. Examples include firewalls, content filtering, web caching, etc.

Firewalls


A firewall is a network security system that manages and regulates the network traffic based on some protocols. A firewall establishes a barrier between a trusted internal network and the internet.

Firewalls exist both as software that run on a hardware and as hardware appliances. Firewalls that are hardware-based also provide other functions like acting as a DHCP server for that network.

Most personal computers use software-based firewalls to secure data from threats from the internet. Many routers that pass data between networks contain firewall components and conversely, many firewalls can perform basic routing functions.

Firewalls are commonly used in private networks or intranets to prevent unauthorized access from the internet. Every message entering or leaving the intranet goes through the firewall to be examined for security measures.

An ideal firewall configuration consists of both hardware and software based devices. A firewall also helps in providing remote access to a private network through secure authentication certificates and logins.

Hardware and Software Firewalls

Hardware firewalls are standalone products. These are also found in broadband routers. Most hardware firewalls provide a minimum of four network ports to connect other computers. For larger networks − e.g., for business purpose − business networking firewall solutions are available.

Software firewalls are installed on your computers. A software firewall protects your computer from internet threats.

Antivirus


An antivirus is a tool that is used to detect and remove malicious software. It was originally designed to detect and remove viruses from computers.

Modern antivirus software provide protection not only from virus, but also from worms, Trojan-horses, adwares, spywares, keyloggers, etc. Some products also provide protection from malicious URLs, spam, phishing attacks, botnets, DDoS attacks, etc.

Content Filtering


Content filtering devices screen unpleasant and offensive emails or webpages. These are used as a part of firewalls in corporations as well as in personal computers. These devices generate the message "Access Denied" when someone tries to access any unauthorized web page or email.

Content is usually screened for pornographic content and also for violence- or hate-oriented content. Organizations also exclude shopping and job related contents.

Content filtering can be divided into the following categories −

◈ Web filtering
◈ Screening of Web sites or pages
◈ E-mail filtering
◈ Screening of e-mail for spam
◈ Other objectionable content

Intrusion Detection Systems


Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the appliances that monitor malicious activities in a network, log information about such activities, take steps to stop them, and finally report them.

Intrusion detection systems help in sending an alarm against any malicious activity in the network, drop the packets, and reset the connection to save the IP address from any blockage. Intrusion detection systems can also perform the following actions −

◈ Correct Cyclic Redundancy Check (CRC) errors
◈ Prevent TCP sequencing issues
◈ Clean up unwanted transport and network layer options

Thursday, 28 March 2019

Cyber Security Strategies

To design and implement a secure cyberspace, some stringent strategies have been put in place. This chapter explains the major strategies employed to ensure cybersecurity, which include the following.

Cyber Security Strategies, ISC2 Tutorial and Material, ISC2 Guides, ISC2 Learning, ISC2 Study Materials

◈ Creating a Secure Cyber Ecosystem
◈ Creating an Assurance Framework
◈ Encouraging Open Standards
◈ Strengthening the Regulatory Framework
◈ Creating Mechanisms for IT Security
◈ Securing E-governance Services
◈ Protecting Critical Information Infrastructure

Strategy 1 − Creating a Secure Cyber Ecosystem


The cyber ecosystem involves a wide range of varied entities like devices (communication technologies and computers), individuals, governments, private organizations, etc., which interact with each other for numerous reasons.

This strategy explores the idea of having a strong and robust cyber-ecosystem where the cyber-devices can work with each other in the future to prevent cyber-attacks, reduce their effectiveness, or find solutions to recover from a cyber-attack.

Such a cyber-ecosystem would have the ability built into its cyber devices to permit secured ways of action to be organized within and among groups of devices. This cyber-ecosystem can be supervised by present monitoring techniques where software products are used to detect and report security weaknesses.

A strong cyber-ecosystem has three symbiotic structures − Automation, Interoperability, and Authentication.
  • Automation − It eases the implementation of advanced security measures, enhances the swiftness, and optimizes the decision-making processes.
  • Interoperability − It toughens the collaborative actions, improves awareness, and accelerates the learning procedure. There are three types of interoperability −
    • Semantic (i.e., shared lexicon based on common understanding)
    • Technical
    • Policy − Important in assimilating different contributors into an inclusive cyber-defense structure.
  • Authentication − It improves the identification and verification technologies that work in order to provide −
    • Security
    • Affordability
    • Ease of use and administration
    • Scalability
    • Interoperability

Comparison of Attacks


The following table shows the Comparison of Attack Categories against Desired Cyber Ecosystem Capabilities −

Cyber Security Strategies, ISC2 Tutorial and Material, ISC2 Guides, ISC2 Learning, ISC2 Study Materials

Case Study


The following diagram was prepared by Guilbert Gates for The New York Times, which shows how an Iranian plant was hacked through the internet.

Cyber Security Strategies, ISC2 Tutorial and Material, ISC2 Guides, ISC2 Learning, ISC2 Study Materials

Explanation − A program was designed to automatically run the Iranian nuclear plant. Unfortunately, a worker who was unaware of the threats introduced the program into the controller. The program collected all the data related to the plant and sent the information to the intelligence agencies who then developed and inserted a worm into the plant. Using the worm, the plant was controlled by miscreants which led to the generation of more worms and as a result, the plant failed completely.

Types of Attacks


The following table describes the attack categories −

Attack Category
Description of Attack
Attrition 
Methods used to damage networks and systems. It includes the following −

 distributed denial of service attacks
 impair or deny access to a service or application
 resource depletion attacks
Malware 
Any malicious software used to interrupt normal computer operation and harm information assets without the owner’s consent. Any execution from a removable device can enhance the threat of a malware.
Hacking 
An attempt to intentionally exploit weaknesses to get unethical access, usually conducted remotely. It may include −

 data-leakage attacks
 injection attacks and abuse of functionality
 spoofing
 time-state attacks
 buffer and data structure attacks
 resource manipulation
 stolen credentials usage
 backdoors
 dictionary attacks on passwords
 exploitation of authentication
Social Tactics  
Using social tactics such as deception and manipulation to acquire access to data, systems or controls. It includes −

 pre-texting (forged surveys)
 inciting phishing
 retrieving of information through conversation
Improper Usage (Insider Threat) 
Misuse of rights to data and controls by an individual in an organization that would violate the organization’s policies. It includes −

◈ installation of unauthorized software
 removal of sensitive data
Physical Action/Loss or Theft of Equipment 
Human-Driven attacks such as −

◈ stolen identity tokens and credit cards
◈ fiddling with or replacing card readers and point of sale terminals
◈ interfering with sensors
◈ theft of a computing device used by the organization, such as a laptop
Multiple Component 
Single attach techniques which contains several advanced attack techniques and components.
Other 
Attacks such as −

◈ supply chain attacks
◈ network investigation

Strategy 2 − Creating an Assurance Framework


The objective of this strategy is to design an outline in compliance with the global security standards through traditional products, processes, people, and technology.

To cater to the national security requirements, a national framework known as the Cybersecurity Assurance Framework was developed. It accommodates critical infrastructure organizations and the governments through "Enabling and Endorsing" actions.

Enabling actions are performed by government entities that are autonomous bodies free from commercial interests. The publication of "National Security Policy Compliance Requirements" and IT security guidelines and documents to enable IT security implementation and compliance are done by these authorities.

Endorsing actions are involved in profitable services after meeting the obligatory qualification standards and they include the following −

◈ ISO 27001/BS 7799 ISMS certification, IS system audits etc., which are essentially the compliance certifications.

◈ 'Common Criteria' standard ISO 15408 and Crypto module verification standards, which are the IT Security product evaluation and certification.

◈ Services to assist consumers in implementation of IT security such as IT security manpower training.

Trusted Company Certification


Indian IT/ITES/BPOs need to comply with the international standards and best practices on security and privacy with the development of the outsourcing market. ISO 9000, CMM, Six Sigma, Total Quality Management, ISO 27001 etc., are some of the certifications.

Existing models such as SEI CMM levels are exclusively meant for software development processes and do not address security issues. Therefore, several efforts are made to create a model based on self-certification concept and on the lines of Software Capability Maturity Model (SW-CMM) of CMU, USA.

The structure that has been produced through such association between industry and government, comprises of the following −

◈ standards
◈ guidelines
◈ practices

These parameters help the owners and operators of critical infrastructure to manage cybersecurity-related risks.

Strategy 3 − Encouraging Open Standards


Standards play a significant role in defining how we approach information security related issues across geographical regions and societies. Open standards are encouraged to −

◈ Enhance the efficiency of key processes,
◈ Enable systems incorporations,
◈ Provide a medium for users to measure new products or services,
◈ Organize the approach to arrange new technologies or business models,
◈ Interpret complex environments, and
◈ Endorse economic growth.

Standards such as ISO 27001[3] encourage the implementation of a standard organization structure, where customers can understand processes, and reduce the costs of auditing.

Strategy 4 − Strengthening the Regulatory Framework


The objective of this strategy is to create a secure cyberspace ecosystem and strengthen the regulatory framework. A 24X7 mechanism has been envisioned to deal with cyber threats through National Critical Information Infrastructure Protection Centre (NCIIPC). The Computer Emergency Response Team (CERT-In) has been designated to act as a nodal agency for crisis management.

Some highlights of this strategy are as follows −

◈ Promotion of research and development in cybersecurity.

◈ Developing human resource through education and training programs.

◈ Encouraging all organizations, whether public or private, to designate a person to serve as Chief Information Security Officer (CISO) who will be responsible for cybersecurity initiatives.

◈ Indian Armed Forces are in the process of establishing a cyber-command as a part of strengthening the cybersecurity of defense network and installations.

◈ Effective implementation of public-private partnership is in pipeline that will go a long way in creating solutions to the ever-changing threat landscape.

Strategy 5 − Creating Mechanisms for IT Security


Some basic mechanisms that are in place for ensuring IT security are − link-oriented security measures, end-to-end security measures, association-oriented measures, and data encryption. These methods differ in their internal application features and also in the attributes of the security they provide. Let us discuss them in brief.

Link-Oriented Measures

It delivers security while transferring data between two nodes, irrespective of the eventual source and destination of the data.

End-to-End Measures

It is a medium for transporting Protocol Data Units (PDUs) in a protected manner from source to destination in such a way that disruption of any of their communication links does not violate security.

Association-Oriented Measures

Association-oriented measures are a modified set of end-to-end measures that protect every association individually.

Data Encryption

It defines some general features of conventional ciphers and the recently developed class of public-key ciphers. It encodes information in a way that only the authorized personnel can decrypt them.

Strategy 6 − Securing E-Governance Services


Electronic governance (e-governance) is the most treasured instrument with the government to provide public services in an accountable manner. Unfortunately, in the current scenario, there is no devoted legal structure for e-governance in India.

Similarly, there is no law for obligatory e-delivery of public services in India. And nothing is more hazardous and troublesome than executing e-governance projects without sufficient cybersecurity. Hence, securing the e-governance services has become a crucial task, especially when the nation is making daily transactions through cards.

Fortunately, the Reserve Bank of India has implemented security and risk mitigation measures for card transactions in India enforceable from 1st October, 2013. It has put the responsibility of ensuring secured card transactions upon banks rather than on customers.

"E-government" or electronic government refers to the use of Information and Communication Technologies (ICTs) by government bodies for the following −

◈ Efficient delivery of public services
◈ Refining internal efficiency
◈ Easy information exchange among citizens, organizations, and government bodies
◈ Re-structuring of administrative processes.

Strategy 7 − Protecting Critical Information Infrastructure


Critical information infrastructure is the backbone of a country’s national and economic security. It includes power plants, highways, bridges, chemical plants, networks, as well as the buildings where millions of people work every day. These can be secured with stringent collaboration plans and disciplined implementations.

Safeguarding critical infrastructure against developing cyber-threats needs a structured approach. It is required that the government aggressively collaborates with public and private sectors on a regular basis to prevent, respond to, and coordinate mitigation efforts against attempted disruptions and adverse impacts to the nation’s critical infrastructure.

It is in demand that the government works with business owners and operators to reinforce their services and groups by sharing cyber and other threat information.

A common platform should be shared with the users to submit comments and ideas, which can be worked together to build a tougher foundation for securing and protecting critical infrastructures.

The government of USA has passed an executive order "Improving Critical Infrastructure Cybersecurity" in 2013 that prioritizes the management of cybersecurity risk involved in the delivery of critical infrastructure services. This Framework provides a common classification and mechanism for organizations to −

◈ Define their existing cybersecurity bearing,
◈ Define their objectives for cybersecurity,
◈ Categorize and prioritize chances for development within the framework of a constant process, and
◈ Communicate with all the investors about cybersecurity.

Sunday, 24 March 2019

Cybersecurity Workforce Development: Takeaways From a NIST Workshop

I had the opportunity to serve as a panelist at the NIST Workshop on Cybersecurity Workforce Development held in Chicago earlier this month. Based on the day’s conversations, there is still much work to be done.

Cybersecurity, ISC2 Tutorial and Material, Check Point Certifications, Check Point Study Materials

Representatives from academia, associations, private industry and government converged for discussions on this critical topic, and there remains broad consensus that several steps are critical to make progress on narrowing the cyber skills gap:

1. A shift to skills-based training. Much of the conversation at the NIST workshop addressed the need for hands-on training that demonstrates real skill. ISACA has committed to helping enterprises, academia and individuals through its skills-based training courses and the CSX Practitioner (CSXP) credential.

2. Retraining programs to make more progress in the near term. Look to programs like one in the UK, in which people from a number of fields (bartenders, morticians, barbers) were trained in cyber security positions. About half of the trainees now work in cyber security jobs.

3. Inspiring an interest in tech among K-12 students to help solve the problem in the long term (with solutions on how to reach all schools, including rural schools that may not have the equipment they need to run strong technology programs). Engage mentors from the tech industry to teach courses that teachers may not have the necessary skill sets to teach.

4. Creating a culture that increases cyber awareness and encourages diversity of those choosing to pursue cyber security professionally.

5. More public-private partnerships. Too many organizations are operating in silos. Partnerships and strategic investment will make efforts more scalable and effective.

The good news is that discussions are taking place; the not-so-good news is that the required actions are not happening fast enough.

Government, nonprofits and industry need to make significant strategic investments to ensure scalable programs that begin to make a measurable difference in closing the skills gap.

ISACA looks forward to being an enabler of solutions. Over the next year, you’ll see us make significant progress in the following areas:

1. Helping organizations assess and advance their cyber capabilities
2. Bringing skills-based training to academic settings
3. Equipping enterprises with on-demand, constantly updated skills-based cyber security training
4. Building relationships with government institutions and industry partners to reach a wide audience with our cyber security training and guidance
5. Building public will to invest in other worthwhile programs

The only solution is to work collaboratively and collectively for impact.

Saturday, 23 March 2019

New Cybersecurity Reports Point to Increased Need for Retraining and Vulnerability Management

By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry.

ISC2 Tutorial and Material, ISC2 Learning, ISC2 Certification, ISC2 Study Materials

Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation.

In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle here? 93% of the respondents also indicated that the reason it’s so difficult is that the required skills have changed over the past few years, hinting at a need for retraining and continuous learning opportunities.

According to Tripwire’s CTO, David Meltzer, “security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments.”

This evolution of needed skills was one of the driving forces behind the creation of the recently-launched (ISC)² Professional Development Institute (PDI). PDI provides a growing portfolio of on-demand courses whose content reflects feedback from members and the cybersecurity community on burgeoning areas in which skills development will help them better secure their organizations.

The Tripwire report also found that with limited cybersecurity staffs, 68% of respondents are concerned with losing the ability to stay on top of vulnerabilities. According to IBM’s new report they are right to be concerned, as the 2019 IBM X-Force Threat Intelligence Index found that the average company had an estimated 1,440 cybersecurity vulnerabilities in its technology systems in 2018, up 4% from 1,380 the year before.

All of this points to not only the need for training and continuous learning opportunities for cybersecurity professionals to flesh out security department teams, but also opportunities for both MSSPs and new technologies such as artificial intelligence to support vulnerability monitoring and identification processes.

How is your organization tackling keeping cybersecurity staff up to speed on the latest attack surfaces, techniques and threats?

Tuesday, 19 March 2019

5 Benefits of a Cloud Computing Security Solution

As companies migrate more and more of their data and infrastructure to the cloud, the question of cloud computing security becomes paramount. Cloud security provides multiple levels of control in a network infrastructure to afford continuity and protection. It’s an essential ingredient in creating an environment that works for companies around the world.

Cloud Computing Security, Data Security, ISC2 Certifications, ISC2 Guides, ISC2 Learning

The benefits of cloud computing can be affordably attained by partnering with advanced private cloud computing providers in a way that doesn’t jeopardize your company’s security. Here are 5 benefits of a top cloud computing security solution:

1. Protection against DDoS. Distributed denial of service attacks are on the rise, and a top cloud computing security solution focuses measures to stop huge amounts of traffic aimed at a company’s cloud servers. This entails monitoring, absorbing and dispersing a DDoS attacks to minimize risk.

2. Data security. In the ever-increasing era of data breaches, a top cloud computing security solution has security protocols in place to protect sensitive information and transactions. This prevents a third party from eavesdropping or tampering with data being transmitted.

3. Regulatory compliance. Top cloud computing security solutions help companies in regulated industries by managing and maintaining enhanced infrastructures for compliance and to protect personal and financial data.

4. Flexibility. A cloud computing solution provides you with the security you need whether you’re turning up or down capacity. You have the flexibility to avoid server crashes during high traffic periods by scaling up your cloud solution. Then when the high traffic is over, you can scale back down to reduce costs.

5. High availability and support. A best-practices cloud computing security solution offers constant support for a company’s assets. This includes live monitoring 24 hours a day, 7 days a week, and every day of the year. Redundancies are built-in to ensure your company’s website and applications are always online.

A top-level cloud computing security solution provides companies with the availability, reliability, and security they need to conduct business in a global marketplace. Advanced cyber security features combine with physical infrastructure to create a comprehensive, secure solution to your cloud computing needs.

Saturday, 16 March 2019

What is a Trojan or Trojan Horse?

Trojan, Trojan Horse, ISC2 Certifications, ISC2 Guides, ISC2 Learning, ISC2 Study Materials

A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users' systems. Users are typically tricked by some attractive social media adds who then directed to malicious website thereby loading and executing Trojans on their systems. Cyber-criminals use Trojans to spy on the victim user, gain illegal access to the system to extract sensitive data.

These actions can include:

◈ Deletes Data
◈ Copies data
◈ Modifies Data
◈ Blocks Data
◈ Disrupts the performance of the target computers or networks

Types of Trojan Virus


1. Trojan-Downloader is a type of virus that downloads and installs other malware.

2. Trojan-Droppers are complex programs used by cyber criminals to install malware. Most antivirus programs do not detect droppers as malicious, and hence it is used to install viruses.

3. Ransomware - It is a type of Trojan (Trojan - ransom) that can encrypt the data on your computer/device. The cyber criminals who control this ransomware would demand a ransom for providing the decryption key. It is very difficult to recover the data without the decryption key. The WannaCry and Petya were recent ransomware attacks. Cyber security experts recommend users to follow a robust and systematic backup and recovery policy

4. Trojan-Banker malware programs steal account-related information related to card payments and online banking.

5. Trojan-Rootkits prevent detection of malware and malicious activities on the computer. These are sophisticated malware that provides control of the victim's device. Rootkits are also used to enroll the victim's device as part of a botnet.

6. Trojan-Backdoor is a popular type of Trojan. It creates a backdoor to allow cyber criminals to access the computer later on from remote using a remote access tool (RAT). As this Trojan provides complete control over the computer, it is a dangerous but commonly used Trojan.

There are many more types of trojans - some can send premium SMS, steal your instant messaging credentials, spy on system activities to capture keystroke data, steal email addresses and gaming credentials.

How Do Trojans Horse Virus infect the system?


Backdoor

A backdoor Trojan gives the hackers malicious access to take remote control over the infected computer. They entitle the malicious hacker to work on the infected computer as per the malicious intentions. They can send, receive, delete and launch files, display data and reboot the computer. Backdoor Trojans are mostly used by hackers to exploit a group of infected computers to form a zombie network or malicious botnet that can be used for criminal purposes.

Exploit

Exploit is a type of Trojan that contains a malicious code or data to attack a vulnerable software or application that runs on an infected computer.

Rootkits

Rootkits are developed by malware authors to gain access to the victim’s system, while they conceal their presence or their malicious activities from being detected to extend their presence to run and execute on the infected computer.

Trojan-Banker

This is a type of trojan developed to extract user's account data, debit or credit card data through online banking systems, e-payment gateway.

Trojan-DDoS

These programs are developed to perform Denial of Service (DOS) attacks so as to infect the victim's web address. the malware program sends multiple from the victim's infected computer and forms a network with several other infected computers –to strongly enforce an attack against the target address causing a denial of service.

Trojan-Downloader

Trojan-Downloaders as the name suggests, it is developed by hackers to download and install new versions of malicious programs onto the target victim's computer.

Trojan-Dropper

These programs are developed by malware authors to install Trojans/viruses and escape the detection of malicious programs. Most of the traditional antivirus programs are inefficient to scan all the components this Trojan.

Trojan-FakeAV

Trojan-FakeAV programs pretend to operate like an antivirus software. They are developed by cyber thieves to obtain money from the target user – in return, in order to detect and remove threats, despite the threats that they report are non-existent in real-time.

Trojan-GameThief

The main targets for Trojan-Game Thief are online gamers and their prime motive is to steal the user account information.

Trojan-IM

Trojan-IM programs primarily extract users' logins and passwords of Skype, Facebook Messenger, ICQ, MSN Messenger, Yahoo Pager, AOL, and many more.

Trojan-Ransom

Trojan-Ransom is developed to alter data on the victim's computer – so that the system doesn’t perform its function correctly and also it does not let the user, use certain data. The criminal would demand a ransom to be paid by the victim to unblock the restricted access to the data and restore the computer’s performance.

Trojan-SMS

Trojan-SMS programs send text messages from the victim's mobile device to other phone numbers.

Trojan-Spy

Trojan-Spy programs, as the name suggests, can spy on how the victim is using the computer – for example, tracking data, taking screen shots or extracting a list of running applications.

Trojan-Mailfinder

These programs are developed by hackers to extract email addresses from the victim's computer.

Thursday, 14 March 2019

What Is Network Security?

Network security is an organization’s strategy that enables guaranteeing the security of its assets including all network traffic. It includes both software and hardware technologies. Access to the network is managed by effective network security, which targets a wide range of threats and then arrests them from spreading or entering in the network.

Network Security Definition


Network security is an integration of multiple layers of defenses in the network and at the network. Policies and controls are implemented by each network security layer. Access to networks is gained by authorized users, whereas, malicious actors are indeed blocked from executing threats and exploits.

Network Security, ISC2 Study Materials, ISC2 Guides, ISC2 Learning, ISC2 Certifications

Our world has presently been transformed by digitization, resulting in changes in almost all our daily activities. It is essential for all organizations to protect their networks if they aim at delivering the services demanded by employees and customers. This eventually protects the reputation of your organization. With hackers increasing and becoming smarter day by day, the need to utilize network security tool becomes more and more impotent.

Types of Network Security


◈ Antivirus and Antimalware Software
◈ Application Security
◈ Behavioral Analytics
◈ Data Loss Prevention (DLP)
◈ Email Security
◈ Firewalls
◈ Mobile Device Security
◈ Network Segmentation
◈ Security Information and Event Management (SIEM)
◈ Virtual Private Network (VPN)
◈ Web Security
◈ Wireless Security
◈ Endpoint Security
◈ Network Access Control (NAC)

Antivirus and Antimalware Software : This software is used for protecting against malware, which includes spyware, ransomware, Trojans, worms, and viruses. Malware can also become very dangerous as it can infect a network and then remain calm for days or even weeks. This software handles this threat by scanning for malware entry and regularly tracks files afterward in order to detect anomalies, remove malware, and fix damage.

Application Security: It is important to have an application security since no app is created perfectly. It is possible for any application to comprise of vulnerabilities, or holes, that are used by attackers to enter your network. Application security thus encompasses the software, hardware, and processes you select for closing those holes.

Behavioral Analytics: In order to detect abnormal network behaviour, you will have to know what normal behavior looks like. Behavioral analytics tools are capable of automatically discerning activities that deviate from the norm. Your security team will thus be able to efficiently detect indicators of compromise that pose a potential problem and rapidly remediate threats.

Data Loss Prevention (DLP): Organizations should guarantee that their staff does not send sensitive information outside the network. They should thus use DLP technologies, network security measures, that prevent people from uploading, forwarding, or even printing vital information in an unsafe manner.

Email Security: Email gateways are considered to be the number one threat vector for a security breach. Attackers use social engineering tactics and personal information in order to build refined phishing campaigns to deceive recipients and then send them to sites serving up malware. An email security application is capable of blocking incoming attacks and controlling outbound messages in order to prevent the loss of sensitive data.

Firewalls: Firewalls place a barrier between your trusted internal network and untrusted outside networks, like the Internet. A set of defined rules are employed to block or allow traffic. A firewall can be software, hardware, or both. The free firewall efficiently manages traffic on your PC, monitors in/out connections, and secures all connections when you are online.

Intrusion Prevention System (IPS): An IPS is a network security capable of scanning network traffic in order to actively block attacks. The IPS Setting interface permits the administrator to configure the ruleset updates for Snort. It is possible to schedule the ruleset updates allowing them to automatically run at particular intervals and these updates can be run manually on demand.

Mobile Device Security: Mobile devices and apps are increasingly being targeted by cybercriminals. 90% of IT organizations could very soon support corporate applications on personal mobile devices. There is indeed the necessity for you to control which devices can access your network. It is also necessary to configure their connections in order to keep network traffic private.

Network Segmentation: Software-defined segmentation places network traffic into varied classifications and makes enforcing security policies a lot easier. The classifications are ideally based on endpoint identity, not just IP addresses. Rights can be accessed based on location, role, and more so that the right people get the correct level of access and suspicious devices are thus contained and remediated.

Security Information and Event Management (SIEM): SIEM products bring together all the information needed by your security staff in order to identify and respond to threats. These products are available in different forms, including virtual and physical appliances and server software.

Virtual Private Network (VPN): A VPN is another type of network security capable of encrypting the connection from an endpoint to a network, mostly over the Internet. A remote-access VPN typically uses IPsec or Secure Sockets Layer in order to authenticate the communication between network and device.

Web Security: A perfect web security solution will help in controlling your staff’s web use, denying access to malicious websites, and blocking

Wireless Security: The mobile office movement is presently gaining momentum along with wireless networks and access points. However, wireless networks are not as secure as wired ones and this makes way for hackers to enter. It is thus essential for the wireless security to be strong. It should be noted that without stringent security measures installing a wireless LAN could be like placing Ethernet ports everywhere. Products specifically designed for protecting a wireless network will have to be used in order to prevent an exploit from taking place.

Endpoint Security: Endpoint Security, also known Endpoint Protection or Network Security, is a methodology used for protecting corporate networks when accessed through remote devices such as laptops or several other wireless devices and mobile devices.

Network Access Control (NAC): This network security process helps you to control who can access your network. It is essential to recognize each device and user in order to keep out potential attackers. This indeed will help you to enforce your security policies. Noncompliant endpoint devices can be given only limited access or just blocked.

Tuesday, 12 March 2019

CISSP Certification

CISSP Certification proves a mastery of IT security and information-assurance.

CISSP Certification, CISSP Tutorial and Material, CISSP Guides, CISSP Learning

A Certified Information Systems Security Professional (CISSP) plans, designs and manages the controls that keep IT and business systems secure. CISSPs are policy-makers & thought leaders in today's hottest security domains, including mobile device security, application development security, cryptography, security architecture & operations, cloud security and risk management.

If you want to advance your information security career and you have at least five years of relevant experience, then CISSP certification should be the next step in your IT security learning plan. Certified Information Systems Security Professionals are in demand in a range of public and private organizations, including Fortune enterprises, government & martial agencies, health care practices, military contractors and the Department of Defense.

Skills Measured by CISSP Certification


The CISSP certification exam measures your skills and expertise in ten (10) key information security domains:

◈ Access Control – A collection of mechanisms that work together to create security architecture to protect the assets of the information system.

◈ Telecommunications and Network Security – Discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.

◈ Information Security Governance and Risk Management – The identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.

◈ Application Development Security – Refers to the controls that are included within systems and applications software and the steps used in their development.

◈ Cryptography – The principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.

◈ Security Architecture and Design – Contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.

◈ Operations Security – Used to identify the controls over hardware, media and the operators with access privileges to any of these resources.

◈ Business Continuity and Disaster Recovery Planning – Addresses the preservation of the business in the face of major disruptions to normal business operations.

◈ Legal, Regulations, Investigations and Compliance – Addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.

◈ Physical (Environmental) Security – Addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.

CISSP Certification Eligibility Requirements


You must meet the following criteria to sit for the CISSP certification exam:

◈ Five years of direct full-time security work experience in two or more of the 10 CISSP security domains listed above
OR
◈ Four years of the aforementioned work experience, plus an information security degree from a National Center of Academic Excellence or the regional equivalent (the degree can substitute for one year towards the five-year experience requirement).

To complete the CISSP certification process, candidates must:

◈ Commit in writing to the (ISC)² Code of Ethics
◈ Attest to the truth of their professional experience
◈ Successfully answer four questions about their criminal history
◈ Have your qualifications endorsed by another (ISC)² certified professional
◈ Pass the (ISC)² CISSP Certification Exam

Once achieved, CISSPs must recertify every 3 years to remain in good standing. This is accomplished by earning Continuing Professional Education (CPE) credits. 120 CPEs are required every 3 years.

CISSP Certification Exam


Candidates must pass one exam to become CISSP certified:

◈ (ISC)2 CISSP Certification Exam

CISSP Time Limit: 6 hours
Exam Length: 250 questions
Passing Score: 700 points out of possible 1000
Exam Cost: $549 USD for early registration | $599 USD for standard registration
Test Format: Multiple choice questions | Computer based testing (CBT)
CISSP Availability: Multiple locations worldwide via Pearson Vue Testing Centers

Monday, 11 March 2019

SSCP Certification requirements, benefits and salary

SSCP Certification, SSCP Tutorial and Material, SSCP Guides, SSCP Learning

Systems Security Certified Practitioner (SSCP) is an entry-level certification for Security professionals offered by (ISC)2. International Information Systems Security Certification Consortium is an internationally recognized non-profit organization which specialized in training and certification for cybersecurity professionals. It is one of the world’s largest IT security organization. Along with other certifications offered by (ISC)2 SSCP is one of the certifications and is a popular one too.
SSCP Certification tests one’s skill and knowledge across seven security domains. These domains are from the Common Body of Knowledge (CBK®). The seven security domains are Access Controls, Security Operations and Administration, Risk Identification, Monitoring and Analysis, Incident response and recovery, Cryptography, Network, and Communications Security and Systems and Applications Security. Passing this exam proves that you have a working knowledge of all these seven domains.

SSCP Exam Overview


SSCP Exam runs for a maximum of 3 hours in which you must answer 125 questions. Each question will carry 8 marks. To pass the exam, one must score above 700. The exam is available in 3 languages English, Japanese and Brazilian Portuguese.
SSCP Exam costs $249 for US, Asia Pacific, Middle East, Africa, and other countries, for Europe EUR 230 and for United Kingdom GBR199.

Who can attend SSCP Certification exam?


SSCP is ideal for IT administrators, managers, directors, and network security professionals. To become an SSCP certified professional you must possess knowledge and expertise to implement, monitor and administer IT infrastructure using security best practices, policies and procedures.
To qualify for SSCP, candidates must pass the exam and have at least 1 year of work experience in at least one of the seven domains of (ISC)2 SSCP Common Body of Knowledge (CBK®).

Benefits of SSCP Certification


Apart from considered as one of the skilled IT security professional with a recognized credential you’ll also have other benefits from this certification

◈ Career Growth: SSCP Certification will raise visibility and increase your credibility, thus ensuring job security and create new opportunities
◈ Versatile Skills: SSCP is vendor-neutral so skills can be applied to different technologies and methodologies
◈ Network of Professionals: Gain access to a global community of peers
◈ Higher Salaries: Certified professionals on an average earn 20% more than non-certified professionals
◈ Expanded Knowledge: Learn deeper and gain better understanding of the core concepts of cyber security
◈ Stronger Skill set: Expand your skills to fit your organizational needs


Salary of SSCP Certified Professionals


According to (ISC)2, SSCP’s earn $93,240 USD annually. Based on Indeed approximately, entry-level Security Officer will earn $12.29 per hour and experienced Principal Architect will earn $85.98 per hour.

Saturday, 9 March 2019

CISSP Recognized as Top Cybersecurity Certification Program by SC Media

Winner, winner, chicken dinner. That’s what was on the menu for (ISC)² at this week’s SC Awards gala event held in San Francisco, where the CISSP was recognized as the industry’s Best Professional Certification Program for 2019 by SC Media, which is coincidentally celebrating its 30th anniversary in the same year as (ISC)².

The SC Awards are recognized throughout the cybersecurity industry as the crowning achievement for IT security, and winners are run through a rigorous judging process that includes testimonials, industry assessments and additional research. The CISSP was hand-picked by a panel of judges for its advancements in cybersecurity training and certification.

As SC Magazine reported in its summary of the award winners, “CISSP-certified members earned an average annual salary of $109,000 – 36 percent more than non-members . . . [and] a recent search of “CISSP” on Monster.com turned up 9,000 job postings.”

Aside from the more general bounty of high-salary opportunities the CISSP may lead to, it’s also a mark of distinction that can help create more diversity within cybersecurity teams.


The article quoted Natalia Hanson, technical audit senior director at Nasdaq, who said her CISSP “helps me to be taken more seriously,” in often male-dominated IT organizations.

The 2019 SC Award win is the latest in a string of accolades for (ISC)²'s top certification. In addition to research that showed that it was the top-pursued certification of 2018, Upwork Skills Index also listed the CISSP as one of the top 20 hottest job “skills” in the entire U.S. labor market.

What opportunities has your CISSP provided you in your career?

Friday, 8 March 2019

What is the Difference Between Cyber Security and Information Security?

Cyber Security and Information Security, ISC2 Study Materials, ISC2 Learning, ISC2 Certifications

Although they are often used interchangeably, there is a difference between the terms cybersecurity and information security. They both have to do with security and protecting computer systems from information breaches and threats, but they’re also very different. One has to do with protecting data from cyberspace while the other deals with protecting data in general. To fully understand the difference between cyber security and information security, it’s important to first understand each of them is and what their connection is to each other.

What is Cyber Security?


Cyber security is the practice of protecting information and data from outside sources on the Internet. Cybersecurity professionals provide protection for networks, servers, intranets and computer systems. It also ensures that only authorized people have access to that information. In an office setting, one individual might go to another’s computer, install a flash drive and copy confidential information. This falls more under the category of information security. If someone halfway across world manages to hack into another company’s network and breach their system, this company is in need of better cyber security.

What is Information Security?


Information security is all about protecting information and information systems from unauthorized use, assess, modification or removal. It’s similar to data security, which has to do with protecting data from being hacked or stolen. Data is classified as information that means something. All information is data of some kind, but not all data is information. When certain things are stored in a computer system, they are considered data. It isn’t until it’s actually processed that it becomes information. Once it becomes information is when it needs protection from outside sources. These outside sources may not necessarily be in cyberspace.

Difference Between Cyber Security and Information Security


While many people still consider them one and the same, they’re actually different. Their capabilities are different. They both officer protection against information and data being stolen, accessed or changed, but that’s where the similarities end. Information doesn’t have to be on a computer to be in need of an information security system. Even if it’s stored in a file cabinet, it needs good information security. Cybersecurity deals with protecting data and information from outside sources in cyberspace or the Internet.

Careers Outlook


Cybersecurity and information security professionals are very much in demand. Postings for cybersecurity jobs nationwide increased 91 percent from 2010-2014 with approximately 238,158 postings listed in 2014, according to Burning Glass Technologies. Information security analysts are expected to see a job growth of 28 percent during the decade 2016-2026 as reported by the U.S. Bureau of Labor Statistics (BLS). By the year 2026, there should be about 128,500 new information security analyst jobs created. There are various types of jobs available in both these areas.

◈ Information security analyst
◈ Information security coordinator
◈ Information security officer
◈ Cybersecurity compliance security analyst
◈ Information security manager
◈ Information security engineer
◈ Cybersecurity analyst
◈ Program security specialist
◈ Cryptographer
◈ Forensics expert
◈ Chief information security officer
◈ Penetrations tester

With the Internet and cloud computing taking the world by storm and controlling almost every part of our lives, individuals and businesses need to be protected from the various internal and external threats. As important as it is to understand the difference between cyber security and information security, it’s equally as important to have adequate protection from both types of threats.

Wednesday, 6 March 2019

What are malware, viruses, Spyware, and cookies, and what differentiates them ?

"Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan.

Malware, Viruses, Spyware, and Cookies, ISC2 Tutorial and Material, ISC2 Certifications, ISC2 Study Material

Worms:- Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems

Examples of worm are: - W32.SillyFDC.BBY
Packed.Generic.236
W32.Troresba

Due to its replication nature it takes a lot of space in the hard drive and consumes more cpu uses which in turn makes the pc too slow also consumes more network bandwidth.

Virus:- Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data.

Examples of virus are: - W32.Sfc!mod
ABAP.Rivpas.A
Accept.3773

Viruses can enter to your computer as an attachment of images, greeting, or audio / video files. Viruses also enters through downloads on the Internet. They can be hidden in a free/trial softwares or other files that you download.

So before you download anything from internet be sure about it first. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, such as running an infected program to keep it going.

Virus is of different types which are as follows.

1) File viruses
2) Macro viruses
3) Master boot record viruses
4) Boot sector viruses
5) Multipartite viruses
6) Polymorphic viruses
7) Stealth viruses

File Virus:-This type of virus normally infects program files such as .exe, .com, .bat. Once this virus stays in memory it tries to infect all programs that load on to memory.

Macro Virus: - These type of virus infects word, excel, PowerPoint, access and other data files. Once infected repairing of these files is very much difficult.

Master boot record files: - MBR viruses are memory-resident viruses and copy itself to the first sector of a storage device which is used for partition tables or OS loading programs .A MBR virus will infect this particular area of Storage device instead of normal files. The easiest way to remove a MBR virus is to clean the MBR area,

Boot sector virus: - Boot sector virus infects the boot sector of a HDD or FDD. These are also memory resident in nature. As soon as the computer starts it gets infected from the boot sector.
Cleaning this type of virus is very difficult.

Multipartite virus: - A hybrid of Boot and Program/file viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then start infecting other program files on disk

Polymorphic viruses: - A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.

Stealth viruses: - These types of viruses use different kind of techniques to avoid detection. They either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For example, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.

Trojans: - A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.

Example: - JS.Debeski.Trojan

Trojan horses are broken down in classification based on how they infect the systems and the damage caused by them. The seven main types of Trojan horses are:

• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack Trojans

Adware: - Generically adware is a software application in which advertising banners are displayed while any program is running. Adware can automatically get downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on a computer screen automatically. Adwares are used by companies for marketing purpose.

Spywares: - Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user. It also can download other malicious programs from internet and install it on the computer.Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware type program or application.

Spam: - Spamming is a method of flooding the Internet with copies of the same message. Most spams are commercial advertisements which are sent as an unwanted email to users. Spams are also known as Electronic junk mails or junk newsgroup postings. These spam mails are very annoying as it keeps coming every day and keeps your mailbox full.

Tracking cookies: - A cookie is a plain text file that is stored on your computer in a cookies folder and it stores data about your browsing session. Cookies are used by many websites to track visitor information A tracking cookie is a cookie which keeps tracks of all your browsing information and this is used by hackers and companies to know all your personal details like bank account details, your credit card information etc. which is dangerous .

Misleading applications: - Misleading applications misguide you about the security status of your computer and shows you that your computer is infected by some malware and you have to download the tool to remove the threat. As you download the tool it shows some threats in your computer and to remove it you have to buy the product for which it asks some personal information like credit card information etc. which is dangerous.

Friday, 1 March 2019

Which (ISC)² Certification is Right for YOU?

As cybercrime rises, the world faces a shortage of nearly 3 million cybersecurity professionals. Show employers and prospects you have the advanced knowledge and technical skills to fill this critical and growing demand. With a globally recognized credential from (ISC)², you stand out at the forefront of the field.

ISC2 Certifications, ISC2 Tutorial and Materials, ISC2 Learning

We know starting the journey to becoming certified can be challenging and even the brightest minds can benefit from having a guide on the journey to success. (ISC)²’s Ultimate Guides are your must-have resource for your certification journey. By downloading a NEW and IMPROVED Ultimate Guide, you will obtain an excellent understanding of the (ISC)² certification, training, exam and more. Along with information about the certification, read about benefits of being (ISC)2 certified and how the certification helped individuals just like you get ahead in their career.

ISC2 Certifications, ISC2 Tutorial and Materials, ISC2 Learning
Inside (ISC)² Ultimate Guides you’ll find:

◈ Fast Facts About the Certification
◈ Benefits of Being (ISC)2 Certified
◈ Exam Overview
◈ Official Training Opportunities
◈ Free CPE Opportunities
◈ Tips and More

New in 2019: CISSP, CCSP, SSCP, HCISPP and CSSLP

Improvements Under Way for: CAP, CISSP-ISSAP, CISSP-ISSEP and CISSP-ISSMP