Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Wednesday, 26 April 2017

6 things you need to know about GDPR

The General Data Protection Regulation (GDPR) is set to come into effect from 25 May 2018. UK businesses need to be ready or face severe consequences.

In November 2016, Tesco Bank fell victim to a cyber attack in which £2.5 million was stolen from the current accounts of 20,000 customers. If the Information Commissioner’s Office (ICO) finds Tesco failed to comply with measures to keep people’s personal data secure, they could face a fine up to £500,000. Under the new regulations set out in the EU GDPR, the same fine could be set at £1.9 billion.

After May 2018, businesses failing this new strict data protection compliance regime will face severe penalties of up to 4% of worldwide turnover. The GDPR means significant changes for all businesses that use or store the personal data of EU citizens.  
“When it comes to data security, the silent spectre of EU General Data Protection Regulation is slowly kicking organisations into action, and incidents such as this will only accelerate this trend” - Nigel Hawthorn, the Chief European spokesperson at Skyhigh Networks.

In this blog we’ll look at 6 things you need to know about GDPR in order to prepare for its implementation in 2018. 

1.  Understand who GDPR applies to


Regardless of your business’s location, if you’re handling the data of European citizens then GDPR applies to you. Companies across the globe will be held to the exact same security standards.

This gives the European data protection authority the power to take action against any organisation breaching these regulations, regardless of geographic location.

Driven by the huge fines businesses face - if they fail to meet the protection requirements - 70% of businesses are now expected to increase spending to address data protection and sovereignty, according to Ovum

2.  Understand what counts as personal data


GDPR will widen the definition of what constitutes personal data. The Data Protection Act 1998 (DPA) failed to recognise genetic and biometric information as personal data, while the GDPR does.

Under the EU GDPR, personal data will be defined as:
“Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation”.

This broad definition means almost all customer information now falls under the category of ‘personal data’. Your business must comprehend the significant changes in the incoming regulation, securing any and all data to avoid severe punishment. 


3.  Review your business’s Terms & Conditions


The GDPR regulation introduces new guidelines stressing the need for explicit individual consent before using a citizen’s data. Businesses will need to use simpler language when asking for consent, be clear on how the data will be used and understand that inactivity does not constitute consent. Lengthy and complicated terms and conditions which lack clarity will no longer be tolerated.

EU citizens will also have greater influence over what happens to their data. Including data erasure (commonly known as ‘the right to be forgotten’) and data portability (transmitting data to another controller).

GDPR also introduces the data minimisation principle, requiring organisations not to hold data for any longer than absolutely necessary. This law also prevents businesses from changing the use of data from what it was originally collected for – unless they request permission. 

4.  You’ll need to conduct Privacy Impact Assessments


The GDPR introduces the need for Privacy Impact Assessments (PIAs) for any project where privacy breach risks are high.

Your business can no longer begin projects involving personal information, unless a privacy risk assessment has been conducted first. Your business must also work closely with a Data Protection Officer to ensure compliance throughout all projects.

Your organisation must integrate security into the core of all projects, rather than it being a simple consideration.

5. You may need a Data Protection Officer


The EU GDPR removes the notion that regulations should relate to an organisation’s size or the number of employees. 

If your organisation fits any of the three scenarios below – outlined in article 37 -  it’s mandatory that you appoint a Data Protection Officer (DPO). The core activities of the organisation involve:

  • the processing of personal data by a public authority
  • “regular and systematic monitoring of data subjects on a large scale”
  • large-scale processing of special data—for example, biometric, genetic, geo-location,

The role of the DPO is to monitor organisational compliance to the regulations and report all and any findings to the highest management level. A study by the International Association of Privacy Professionals (IAPP) suggests that in 75,000 DPOs will have to be appointed globally in the next two years.

This same study shows that staffing requirements are likely to present a big challenge to organisations that don’t hire or develop the skills quickly.

Firebrand offer the Certified Data Protection Officer certification designed for those with at least two years of experience in data protection. Sitting this 3-day course will build the skills and knowledge required to fulfill the role of DPO to maintain compliance against the EU GDPR.    

6.  Reporting a breach – constant monitoring required


In addition to outlining how your businesses should secure their data, the GDPR also has strict regulations on how your business must respond in the event of a data breach.

This includes the common breach notification requirement, combining all breach notification laws across Europe under one definition, providing clarity on how your business reports a data breach. This notification law “requires organisations to notify the local data protection authority of a data breach within 72 hours of discovering it”.

Considering Yahoo stumbled across one of the largest security breaches in history two years after it occurred, this law forces even the largest organisations to be more proactive in identifying and reporting incidents.  If GDPR applies to your organisation, you’ll need to put in place tools and processes to monitor and create alerts in the event of an incident 24/7/365. 


Time is running out...

You have just 12 months to prepare for the incoming GDPR. As outlined above, there must be significant changes to the way your business collects, handles, secures and shares data in May 2018 and beyond. 

Once these regulations are introduced, your organisation won't get away with a minor fine for mishandling sensitive information. Failure to prepare will lead to severe - inf not business ending - financial consequences. Don't get caught out, start your GDPR readiness journey today.

Friday, 10 February 2017

EC-Council launch Certified Hacking Forensics Investigator (CHFI) v9 Update

As businesses wake up to the growing and imminent threat of cyber crime, cyber security is a top priority, now more than ever.

In 2004, the global cyber security market was worth just $3.5 billion. But, by 2020 it will be worth a staggering $120 billion according to Wired.

Because of the new and innovative ways businesses are experiencing hack attacks, it’s important that both security and response measures remain up-to-date.

EC-Council’s recent update to the Certified Hacking Forensics Investigator (CHFI) is a prime example of the security industry looking to keep your knowledge current and up-to-date on the latest techniques.

What to do after the worst happened?


The CHFI certification validates your skills in conducting a digital forensics investigation. From understanding which scripts to run in the all important moments following a breach to piecing together clues to catch a trespasser, digital forensics is your first response. 

Digital forensics detectives draw on a wide range of investigation and analysis techniques to identify an intruder's virtual footprints, in the hope of gathering potential legal evidence. 

Put into context, CHFIs are effectively virtual detectives. Just like you’d want an investigator on the case if jewellery was stolen from your home, you’ll want a CHFI if you’re the victim of a cyber breach.  The only difference is, even the most expensive pieces of jewellery can’t compare to the millions it can cost if you’re hacked.

The CHFI course covers major forensic investigation scenarios and presents a methodological approach to forensics. You'll cover searching and seizing, chain-of-custody, acquisition, preservation and analysis and reporting of digital evidence. 
   
There’s always an opportunity for a hacker to penetrate your system. When your organisation is hit by a cyber breach, the real issue is how you respond to the attack.

What are the new updates?


The new CHFI version 9 update has a number of key changes.

Firstly, this update introduces new content. You’ll dive into the latest forensics examination techniques, with new operating systems including Linux and MAC Forensics. In the previous version (v8), only Windows forensics was addressed. 

Furthermore, a host of new modules have been added to this course to reflect industry developments. The three modules added are database, cloud and malware forensics. With UK businesses at a cloud adoption rate of 84% and with 54% being hit by ransomware attacks, it's easy to see why these modules have been added.  

EC-Council have also added more than 40% new, hands-on labs to the program. These descriptive and analytical labs are well tested and results oriented. Even with these new labs however, EC-Council have in fact reduced the total number of labs and modules. From 22 modules, 42 labs and 2400 slides, they've now got 14 modules, 39 labs and only 1222 slidesThis change seeks to make the information more concise and digestible, whilst still covering all of the key areas in the same depth. 

 

Why is it essential to your cyber security in 2017?


In a world where 90% of all criminal cases have at least one form of electronic evidence (The Guardian), the importance of being able to conduct a digital forensics investigation is growing rapidly.

Furthermore, the digital forensics market is expected to grow around 15% globally from 2015 to 2020 as businesses quickly realise the importance of cyber forensics. 

Learn how to protect against a cyber attack, fast


Achieve the CHFI certification in just 5 days with Firebrand Training, or check out the extensive cyber security portfolio we have to offer. 

Here's what others thought about the CHFI course: 




   

Friday, 23 September 2016

Affected by the Yahoo hack? Here’s what you need to do:

If you have a Yahoo account, you should act fast. Just yesterday it was confirmed that hackers stole the personal data of half a billion Yahoo accounts in the most recent cyber-catastrophe. 

Details, including names, email addresses, phone numbers and security questions were stolen from the company’s network in late 2014. It's also now been revealed that passwords were also taken, but in a “hashed” form, with the company reporting they believe the financial information held with it remains safe, unless the hashed passwords are decrypted.


Yahoo believe this was a state-sponsored act – an increasingly common scapegoat following cyber hacks today. Although Yahoo are currently notifying those potentially affected by the hack, as a precaution you can take steps now to protect your data.

Below, we will identify these steps in order to secure your information now and in the future.

This is what you need to do:


Take back your account: If your Yahoo account has been compromised, the first thing you need to do is take it back. Hackers, may have also gone after your linked accounts so check them also. Below are a series of links to the most common social and mail platforms where you can take back your account.
·         Yahoo
·         Apple
·         Facebook
·         Google
·         Microsoft
·         Twitter

Report it to the police: If you believe you have been hacked and are now the victim of identity theft or fraud, file a report with Action Fraud

Change your passwords and security questions: Even if you haven't been hacked, change your password and security questions immediately. This is especially important if your email is connected in any way to your bank or a PayPal account. 

Additionally, you should look to change the passwords in any other account that uses the same or similar security information. This ensures hackers cannot access other accounts through your Yahoo information. It is also sensible to check your password recovery settings and ensure they have not been changed to a third party. 

Tell everyone you know: In this situation it is a common tactic for hackers to target friends and family of compromised accounts to extract financial gains. So spread the news to your friends and family. Not only will this help them inform you if they see unusual activity, but it may also spare them falling victim to a similar hack.

Be wary of emails from Yahoo: Now is the perfect time for cyber criminals to strike through a phishing attack. Avoid downloading or clicking links in any emails coming from Yahoo. Almost all malware is installed unknowingly by the victims themselves. 

Update your security settings and run a security scan: Make sure you run a virus scan and have the most recent security updates on your operating system. If you don't have an anti-virus application, invest in a high quality one like McAfee or Norton Antivirus. This is something you should be doing as best practice regardless of the issue.

Continue to review your activity: Just because you’ve gotten your account back, doesn’t mean you’re safe. Hackers often leave ‘backdoors’ so they or other hackers can regain access at a later date. Make sure you continually review any activity to make sure no emails are being forwarded or security questions have been changed.

De-authorise applications: Although it may be frustrating, de-authorising accounts that are in any way linked to your Yahoo account will be essential. Although many may deem this unnecessary, it certainly is a better idea than leaving an unknown individual in your system – even if it is just precautionary.   


How serious is this? And what does it mean for Yahoo?

The most serious concern for you as a Yahoo users is if the cryptographically hashed passwords were deciphered and used maliciously. Although the hashing scheme used to encrypt the passwords is known to be relatively tough, Yahoo have yet to release any details on it.

For Yahoo, this breach comes at the worst possible time. Earlier this summer, Yahoo had announced it was investigating a breach reported to involve 200m customers. The sudden increase to 500m means “Yahoo may be facing an existential crisis” with their “already besieged business execution issues and an enduring fire sale to Verizon, this may be the straw that breaks the camel’s back” according to Corey Williams from identity management software company Centrify.

Security researcher Kurt Baumgartner from Kaspersky Labs believes that Yahoo’s failings hardly come as a surprise: “It’s unfortunate that when we are talking about this organisation, a massive breach doesn’t come as a big surprise”. Baumgartner has also criticised Yahoo’s delayed response, citing it as characteristic if we look at their “delay in encrypting IM communications, implementing https for its web properties and more”.



Thursday, 21 May 2015

Brand new (ISC)2 CCSP and Microsoft MCSD: Azure Solutions Architect courses from Firebrand


By Sarah Morgan


With IDC predicting 7 million cloud jobs created by 2015, mastering cloud technology can lead to a fulfilling and profitable career.

And to help you build – and prove – your knowledge of cloud computing, Firebrand has launched two brand new career changing accelerated cloud certification courses:



(ISC)2 Certified Cloud Security Professional (CCSP) - only six days

On this six day accelerated course, you’ll get the knowledge you need to secure your organisation’s cloud infrastructure.

Your business may be using an outdated approach to cloud technology which could open the way for costly and embarrassing cyber-attacks. To prevent these malicious attacks, businesses around the world need CCSP certified professionals with advanced cloud security skills.

Achieve the CCSP and you’ll learn how to secure cloud environments & purchased cloud services. You’ll also study:

  • Cloud data, platform, infrastructure and application security
  • Architectural concepts & design requirements
  • Compliance and legality
  • Operations

This advanced certification, developed by leading information security organisations, the Cloud Security Alliance (CSA) and (ISC)2, proves your cloud security expertise at a global level – get it in only six days.



Microsoft MCSD: Azure Solutions Architect - only seven days

Get four Microsoft certifications in only seven days on this accelerated Microsoft MCSD: Azure Solutions Architect course.

You’ll learn how to migrate your existing on-premise infrastructure to Azure – Microsoft’s globally integrated cloud platform.

Plus, get the skills you need to design websites, application storage and infrastructure in Microsoft Azure.

On this course you’ll achieve a Microsoft MCSD and three Microsoft Specialist certifications, by studying and passing these Specialist courses:
  • Developing Microsoft Azure Solutions
  • Implementing Microsoft Azure Infrastructure Solutions
  • Architecting Microsoft Azure Solutions


190+ courses and counting

Firebrand’s portfolio now exceeds 180 accelerated courses from vendors like Microsoft, Cisco, and CompTIA.
(ISC)2

We’re committed to developing new accelerated courses. To stay up to date with our newest and most cutting edge training follow us on Twitter, Facebook and Google+ and LinkedIn.

Find out how you can get certified at twice the speed and take a look at our full range of accelerated training.


Related articles

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 26 January 2015

Get £500 towards training from the Tech Partnership Training Fund


By Sarah Morgan


The Tech Partnership Training Fund provides funding for employers to invest in IT training. This means you can get a contribution of up to £500 off your Firebrand Training course – or up to £1,000 off an apprenticeship.

The Tech Partnership is a network of employers, collaborating to create the skills to accelerate the growth of the IT industry. The fund has been made available from the Government’s Employer Ownership of Skills Pilot.


£500 towards hundreds of accelerated Firebrand courses

Now not only will you save time on your Firebrand training course, you can also get a £500 contribution via the fund.

We offer courses in all the key areas that the Tech Partnership Fund is actively investing in, meaning you can apply for funding on most Firebrand courses, including : EC-Council Certified Ethical Hacker (CEH), Microsoft MCSA: Windows Server and VMware vSphere 5.5 Fast Track.

Tech Partnership Funding is available across a range of key IT areas. Use the links below to find the training you need, or take a look at hundreds of other accelerated courses:



Show this to your boss

Funding is available per course, per delegate. This could mean massive cost-savings across your business.

Show this to your boss and take advantage of this government-backed scheme: get you and your colleagues trained and certified at twice the speed – while saving £500 each.


Self Employed?

If you're self employed or a contractor, you can still get the £500 funding per course.


How to apply

To get the funding, your business must have an office in England, and the training must be taken at a Firebrand UK training centre.

This is all you need to do:

  1. Once you’ve chosen your Firebrand course, complete the funding application form for short course funding or apprenticeship funding
  2. You’ll then get a letter to confirm if you've been approved (most applications are), which you need to sign and return, along with details of the learner(s)

It’s as simple as that!

You can see samples of the application forms here:
To find out more about the Tech Partnership Training Fund – or for help with the application form - call us on 080 80 800 888.

Note: There are a handful of Firebrand courses that don’t qualify for the funding. Call us now to check that your course is covered.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 11 August 2014

What your cert’s worth: security salaries under scrutiny


By 
Security roles have always been in the top half of the “IT salary hierarchy” and it seems unlikely to change anytime soon. According to a recent article on Tripwire business are investing more than ever, in order to protect themselves from security threats. Of course these investments include the recruitment and/or training of capable IT security staff.

Infographic created by the University of Alabama

With IT security becoming a top priority for businesses, certifications like the CISSP, CISA or CISM are gaining even more recognition. So if you’ve got one of these acronyms next to year name, you’re off to a great start in earning a high salary. Here are some of the average salaries in the UK for jobs requiring the following IT security certs, according to ITJobswatch.com
  1. ISACA CGEIT - £45,000
  2. EC-Council CEH - £49,000
  3. EC-Council CHFI - £51,500
  4. ISACA CISM - £55,000
  5. ISACA CRISC - £55,000
  6. (ISC)2 CISSP - £55,000
  7. ISACA CISA - £55,750
  8. ISACA COBIT - £57,500
ISACA Certified in the Governance of Enterprise IT (CGEIT) - £45,000

Certified in the Governance of Enterprise IT (CGEIT) is a program designed for professionals directing, managing and supporting enterprise IT governance. Holders of CGEIT are experts in risk management, performance measurement, value delivery and the governance and management of IT. As a CGEIT, you’ll earn an average salary of £45,000.

EC-Council Certified Ethical Hacker (CEH) - £49,000

Beat a hacker, by thinking like one. With EC-Council’s Certified Ethical Hacker certification you’ll know how to defend against the latest techniques used to exploit your organisation’s vulnerabilities. The CEH stretches far beyond the field of penetration testing and into everyday application and network security. Certified Ethical Hackers on average earn around £49,000.


Image courtesy of hyena reality/freedigitalphotos.net

EC-Council Computer Hacking Forensics Investigator (CHFI) - £51,500

EC-Council’s CHFI certification teaches you the use of forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting computer forensic evidence and data in a court of law. Computer Forensics experts with a CHFI can earn £51,500 on average.

ISACA Certified Information Security Manager (CISM) - £55,000

CISM by ISACA is a widely recognised credential for IT security professionals specialising in managing, developing and overseeing information security systems and for developing best security practices. CISM certified professionals have proven skills in risk management, governance and incident management as well as program development and management. Similarly to CRISC, CISM holders have good prospects of earning an average salary of £55,000 a year.

ISACA Certified in Risk and Information Systems Control (CRISC) - £55,000


ISACA’s CRISC is for experienced IT professionals working in the fields of technology risk management and Information Systems Control. CRISC-holders can manage risk design and oversee response measures, scan and monitor systems for risk, and meet their organisation's risk management strategies. The average salary offer for CRISC certified professionals is around £55,000.



Image courtesy of njaj/freedigitalphotos.net

(ISC)2 Certified Information Systems Security Professional (CISSP) - £55,000

(ISC)2’s CISSP demonstrates your expert skills in developing, guiding, and managing security standards, policies, and procedures within your organisation. The certification is considered to be one of the most prominent and prestigious security credentials out there, which is due to its rather demanding prerequisites. As a Certified Information Systems Security Professional you can be earning an average salary of £55,000.

ISACA Certified Information Systems Auditor (CISA) - £55,750

CISA is a globally renowned credential for Information Systems audit and security experts. CISA certified professionals possess the necessary skills, knowledge and expertise to identify and manage vulnerabilities and risks within their organisations, while implementing solutions to deal with them. The average salary for CISA holders is around £55,750 per annum.

ISACA Control Objectives for Information and Related Technology (COBIT) - £57,500

ISACA’s COBIT framework helps you to maximise the value of Information Technology within your organisation. With this certification under your belt, you’ll know how to achieve strategic goals and minimise risks, whilst optimising the cost of IT services. COBIT certified professionals earn an average salary of £57,500.

There you have it, the worth of some of the top security certs expressed in monetary terms. And don’t forget, the more experience you have, the closer you get to making these numbers even bigger.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 15 July 2014

Windows Server 2003 Support to end: you don’t have much time


By 


In just 364 days, support will finally end for Windows Server 2003. As of 14th July 2015 Microsoft will no longer be providing patches and security updates for the 10-year-old software. Many applications will cease to be supported and you’ll also risk losing your compliance with important industry standards and regulations.

RIP
Image courtesy of jchandler
One year may sound like a long time, but according to Microsoft’s initial estimations, it could take you 200 days to migrate.

How failing to upgrade could cost you over £100,000 a year

Every day you use the unsupported software, you run a massive risk:

  • Custom Support costs - Support costs money and you’ll have to do plenty of it. You can expect to spend tens of thousands on more advanced security. Without updates to Windows Server 2003, you’d have to spend your own cash on firewalls and intrusion detection. Custom support will cost upwards of £115,000 a year, according to Microsoft.
  • Security insecurities – Without support, you’re on your own. The end of all patches, bug fixes and updates puts your system at a dire risk. Unpatched systems pose a huge vulnerability, they just can’t adapt to ever changing technology standards. Cyber criminals will view you as easy prey - and rightly so. It’s not cheaper either; the average cost of a data breach rose to £2M in 2013. Not to mention the reputational damage you’d face getting hacked.
  •  Application woes - It’s officially End of Support from Microsoft and that means it’s unofficially end of support for third party developers. Developers around the world won’t keep their programs optimised for dead software, so support for numerous apps will end. Microsoft are doing their part too and discontinuing support for all apps running on Windows Server 2003.
  • Compliance Issues - Running unsupported software is a hassle, and an expensive one at that. When running out-of-date software you are legally obliged to undergo regular independent audits. In some cases, these audits could cost more than upgrading your systems.

Don’t have a plan to upgrade?

(Un)fortunately you’re not alone. 62% haven’t planned to upgrade or migrate, a survey by App Zero found. Despite strenuous efforts by Microsoft to make customers aware, analysts estimate there are more than 10 million machines still running Windows Server 2003.

End of Support for Windows Server 2003 poses a greater challenge than the retirement of Windows XP. “It’s not just what applications and services you have, it’s also the relationships between them that are important,” Tony Lock, programme director at analyst firm Freeform Dynamics explains.

“Because of the length of time they have been deployed, the way that some of these applications and services feed off each other might not be in people’s heads any more. Getting a clear picture of what you have is vital.”

But it’s not all bad, as Lock points out, you might find that there are servers deployed which no one is using. In such a case, reacquainting yourself with your server infrastructure could also prove to be a cost saving exercise.

Get ready to implement Windows Server 2012 in just 9-days

As well as the basic advantages of owning supported software, Windows Server 2012 is a massive improvement. You’ll benefit from reduced costs, virtualisation and cloud support, better performance, increased security, and of course, official Microsoft support.

Make sure your migration to Windows Server 2012 is a smooth one - get Windows Server 2012 certified with official Microsoft Training. You’ll learn the fundamental set of skills needed to develop and manage your Windows Server environment.

You must be planning your migration over the next few weeks so don’t waste time. Take the Firebrand course, in only 9-days, you’ll learn everything twice as fast as traditional training.

Don't neglect this upgrade
Image courtesy of click/morgueFile








About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 23 June 2014

Safe cloud computing is great cloud computing – secure it with these certs


By 

Earlier this month Tech Times and Top Tech News published two articles regarding some newly surfacing concerns about security in the cloud. Do businesses have to be worried about storing their data in those remotely located servers? Is the cloud more risky than storing your data locally? This article will discover how cloud computing can be made safer with the help of the relevant certifications.

Data breach: could the cloud triple the odds?

The latest study (Data Breach: The Cloud Multiplier Effect) by the Ponemon Institute revealed that IT security professionals expect that moving their data to the cloud will increase the chances of getting hit by a data breach. In fact, the 613 surveyed pros agreed that an increased use of cloud computing could potentially triple the risks of a data breach.

Rajat Bhargava, co-founder of JumpCloud, said "When you don't own the network, it's open to the rest of the world, and you don't control the layers of the stack, the cloud - by definition - is more insecure than storing data on premises." This surely sounds alarming coming from a cloud security professional, but don’t go switching that local server in your basement back on just yet, because Chris Wysopal begs to differ.

Secure the “third-party element”

Chris Wysopal, co-founder and CTO of Veracode thinks: “Risky software, regardless of deployment method, is what is adding unnecessary risk to organisations.”

“Enterprises are right to be wary of third-party cloud applications. However, this should have nothing to do with whether they are in the cloud or not. Instead it is because they are produced by third-parties, and thus enterprises have less insight into the security that went into the development. If an enterprise wants to reduce unnecessary risk at their company, avoiding the cloud isn’t going to protect them – but taking a hard look at their software procurement policies and processes will.”

Image courtesy of ddpavumba/FreeDigitalPhotos.net

Get familiar with cloud security

As you can see, it is misleading to state and conclude that cloud computing – by default – brings greater risks to your business; you just need to thoroughly check your provider’s security standards and measures. But are you familiar with security in the cloud?

Learn all about security concepts, encryption technologies and access control methods on our cloud computing courses. Pick from the likes of CompTIA’s Cloud+ and Cloud Essentials or Microsoft’s MCSE: Private Cloud and you’ll learn everything you need to know about secure cloud computing. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 4 June 2014

Avoid an infosec catastrophe – three certifications that help


By 

Cyber-crime divisions of law enforcement agencies around the world took a great step towards defeating hackers responsible for malware such as Gameover Zeus and Cryptolocker, a ransomware that encrypts its victim’s information and demands money in exchange for the decryption key.

The authorities had recently seized control of two computer networks, specifically used for distributing malware to steal sensitive personal information, including banking credentials and passwords.

However, this is only a short-term victory and the UK’s National Crime Agency (NCA) warned people to take action now, in order to protect themselves against possible future attacks. 

Image courtesy of chanpipat/FreeDigitalPhotos.net

Help your organisation stay protected against cyber-criminals; here are three IT security certifications that will help you:

(ISC)2 – CISSP

Due to the increasing complexity of cyber-attacks, the CISSP certification has become one of the most sought after IT security certifications.
As an advanced level certification, the CISSP was designed for experienced infosec professionals. As a CISSP-certified pro, you’ll be an expert in developing and managing security standards, policies, and procedures within your organisation.
To get this certification, you’ll need minimum 5-years of experience in at least two of the following vital topics:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

EC-Council – CEH

The Certified Ethical Hacker (CEH) certification is a relatively new credential in the industry, but its importance and influence have increased significantly since its inception. CEH introduces you to the so-called dark side of IT, i.e. the tools and techniques hackers use to attack systems.

With the CEH under your belt, you’ll know how hackers think to find and exploit vulnerabilities. Therefore you’ll also know how to take a more proactive approach and protect against threats by seeing beyond current security tools and policies.

On this course you’ll learn about a wide range of security topics, including but not limited to:
  • Scanning Networks
  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Social Engineering
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection

ISACA – CISM

CISM, developed by ISACA, is a top IT security credential focusing on managing, developing and supervising information security systems and developing security best practices.
This certification addresses the needs of security professionals with enterprise level security management responsibilities. As a CISM certified pro, you’ll have advanced skills in:
  • Security Risk Management
  • Program Development and Management
  • Responding to Incidents
  • Governance, and Incident Management
If you haven't yet taken the necessary countermeasures to protect against cyber-criminals, do it now to make sure your money and data stay safe and intact.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.