Showing posts with label security training. Show all posts
Showing posts with label security training. Show all posts

Wednesday, 4 June 2014

Avoid an infosec catastrophe – three certifications that help


By 

Cyber-crime divisions of law enforcement agencies around the world took a great step towards defeating hackers responsible for malware such as Gameover Zeus and Cryptolocker, a ransomware that encrypts its victim’s information and demands money in exchange for the decryption key.

The authorities had recently seized control of two computer networks, specifically used for distributing malware to steal sensitive personal information, including banking credentials and passwords.

However, this is only a short-term victory and the UK’s National Crime Agency (NCA) warned people to take action now, in order to protect themselves against possible future attacks. 

Image courtesy of chanpipat/FreeDigitalPhotos.net

Help your organisation stay protected against cyber-criminals; here are three IT security certifications that will help you:

(ISC)2 – CISSP

Due to the increasing complexity of cyber-attacks, the CISSP certification has become one of the most sought after IT security certifications.
As an advanced level certification, the CISSP was designed for experienced infosec professionals. As a CISSP-certified pro, you’ll be an expert in developing and managing security standards, policies, and procedures within your organisation.
To get this certification, you’ll need minimum 5-years of experience in at least two of the following vital topics:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

EC-Council – CEH

The Certified Ethical Hacker (CEH) certification is a relatively new credential in the industry, but its importance and influence have increased significantly since its inception. CEH introduces you to the so-called dark side of IT, i.e. the tools and techniques hackers use to attack systems.

With the CEH under your belt, you’ll know how hackers think to find and exploit vulnerabilities. Therefore you’ll also know how to take a more proactive approach and protect against threats by seeing beyond current security tools and policies.

On this course you’ll learn about a wide range of security topics, including but not limited to:
  • Scanning Networks
  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Social Engineering
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection

ISACA – CISM

CISM, developed by ISACA, is a top IT security credential focusing on managing, developing and supervising information security systems and developing security best practices.
This certification addresses the needs of security professionals with enterprise level security management responsibilities. As a CISM certified pro, you’ll have advanced skills in:
  • Security Risk Management
  • Program Development and Management
  • Responding to Incidents
  • Governance, and Incident Management
If you haven't yet taken the necessary countermeasures to protect against cyber-criminals, do it now to make sure your money and data stay safe and intact.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 1 April 2014

UK launches Computer Emergency Response Team to deal with cyber security incidents


By 

Keeping the UK safe in cyber space” reads in the official press release about CERT-UK, the UK’s national Computer Emergency Response Team, which will prepare for and deal with national cyber security incidents.

Besides responding to threats, the body will also act as an advisory and provide alerts on cyber hazards to government, corporations and educational institutions.

CERT-UK will provide advice and guidance to help companies prepare and protect themselves, as well as expertise to help respond promptly once an incident has occurred.

It’s an important step

Francis Maude, Cabinet Office Minister responsible for Cyber Security said:
“This government’s most important task is to protect our security and ensure Britain is a safe place to work, live and do business. That’s why I’m delighted to launch the UK’s Cyber Emergency Response Team.”

“We know government cannot do everything by itself. CERT-UK shows we want closer coordination between government, business and academia to share insight and advice, as well as better cooperation with our international partners.”

“The job of protecting our security will never be done – it will always be a work in progress. But, from today, CERT-UK means we are better prepared, better informed, better connected and ultimately more resilient.”

Main responsibilities

CERT-UK has four main responsibilities, all following the UK Cyber Security Strategy:
  • National cyber security incident management
  • Supporting critical national infrastructure companies in handling cyber security incidents
  • Promoting cyber security situational awareness across industry, academia and the public sector
  • Providing the single international point of contact for co-ordination and co-operation with other nations’ CERTs

Meet the director

Although CERT-UK had its official launch yesterday, director Chris Gibson, formerly the director of e-crime at Citigroup, was appointed in November and he has been working as head of the body ever since.

With over 9 years of experience on the leadership team of the international Forum of Incident Response and Security Teams (FIRST), with the last 2 as global chair, Gibson is a globally recognised expert on cyber incident response. 

He was also a member of the British Bankers’ Association (BBA) Cyber Advisory Panel and for 10 years one of Citigroup’s representatives to the Centre for the Protection of National Infrastructure’s Financial Service’s Information Exchange.

Watch the following video of Chris Gibson introducing CERT-UK at the International Cyber Security Forum in January. 



Become an expert in IT security

Get ahead of the curve, learn about the latest security threats and protect your organisation by becoming certified on our accelerated IT security courses.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 25 October 2010

1Gbps Broadband From Google

Google, in association with Stanford University, has announced the launch of trials on super-fast broadband. This is an attempt to make broadband speeds of 1Gigabit-per-second a reality.

More than 850 lucky Stanford University students will be testing the connection in their halls of residence. It is hoped that the scale will be increased, to an eventual 500,000 users.

The trial is expected to start in early 2011. Meanwhile,
Virgin Media is currently trialling 200Mbps connections in the UK - which suddenly becomes rather overshadowed.

I wonder who will be regulating the Stanford University students' downloads??

Monday, 18 October 2010

Half Of Home Wi-Fi Networks Can Be Hacked In Less Than Five Seconds

Robert Chapman spoke to Computing, SC Magazine and Computer Business Review about a report that reveals that nearly half of home Wi-Fi networks can be hacked in less than five seconds.

CPP, a provider of Life Assistance products and services, released the report "UK’'s Wireless Networks Open To Attack." The report revealed that personal wireless networks are prone to hacking, with 82% not even having a password.

Robert explains: "It appears this problem is still not being taken seriously by enough companies and individuals. One day - probably soon - there is going to be a security breach that does irreversible damage. Will it be only then that people wake up to this threat?"

Wednesday, 6 October 2010

65% of Internet Users Fall Victim to Cybercrime

Coinciding with the release of Norton AntiVirus 2011 and Norton Internet Security 2011, Symantec has published "The Norton Cybercrime Report: The Human Impact."

It claims that 65% of the world's internet users have already fallen victim to cybercrimes (including computer viruses, online credit card fraud and identity theft). The top four countries to fall victim were: 83% in China,
76% Brazil and India and 73% in the USA.

Though it appears that this crimewave can't be attributed to complacency: only 3% of web users don’t think that it will happen to them. But a pessimistic 80% do not expect cybercriminals to be brought to justice.


It's interesting to see
web user's emotions following a cybercrime taking place. Victims’ strongest reactions are feeling angry (58%), annoyed (51%) and cheated (40%).

Thursday, 30 September 2010

New Twitter Security Flaw

No sooner had Twitter fixed the 'Mouse Over JavaScript flaw', - which allowed messages to pop-up and third-party websites to open in your browser - another issue reared its ugly head. The Sophos Blog reports that Twitter has quickly removed a new worm, which posted messages from affected users' accounts saying that they loved goats (or words to that effect).

High-profile tech blogger Robert Scoble fell foul of the attack and, you guessed it, it appeared that he was admitting to a love for goats. Twitter users around the world were falling victim as soon as they clicked on: "WTF: (link)"

Upon clicking the link, users would only be a greeted by a blank screen. But the evil deed was taking place in the background, and soon the embarrassment was unveiled on their account. Although the issue was fixed, it once again highlights the security flaws waiting to be exposed on Twitter.

Wednesday, 25 August 2010

Web Apps Blamed For Rise In Enterprise Security Threat

In its latest report on security threats, IBM found a 36 percent rise in security vulnerabilities. It points to web applications being the main culprit.

Web apps with security weaknesses accounted for 55 percent of these vulnerabilities. Javascript accounted for the biggest threats. There has been a 52 percent rise in 'attacks' in the first half of 2010 - with cloud computing and virtualization bringing its own security threats.

With one third of virtualization vulnerabilities affecting the hypervisor, gaining control of one virtual machine can gain hackers control of other machines on the system.

Monday, 12 July 2010

8 Out Of 10 Employees Cause A Security Risk

More than 80% of employees admit that using their personal device for work purposes may cause a security risk to their company. However - one in three would continue to use the device, even if it does cause harm!

Research by Sourcefire found that the most commonly used personal devices in the workplace were laptops and home PCs. An alarming 32% of those surveyed use their own USB sticks at work.

Dominic Storey, Technical Director EMEA at Sourcefire, said: “There will always be insider threat because that is human nature and that is the whole usernomics thing.”

Colin Woodland, VP EMEA at IronKey, agrees: “It is a gadget thing and companies need to protect themselves. It is about communications and policy. People want to use social networking sites, so how do you protect them so that they are still productive but still secure?”

Read the full article at SC Magazine.

Wednesday, 16 June 2010

Malware is being sent via Twitter

We're all wary (and weary) of receiving a 'dodgy' tweet or email that leads to an even dodgier site. These are now becoming nastier, with payloads embedded in Twitter links, with random '@'s being used to catch users' attention.

Example of a naughty Tweet
The image above is an example of a shortened url, which leads to a site hosting some JavaScript. The potential pitfall of a shortened url.

Trendmicro explains that if this link were to be clicked, an “unpleasant payload” would be downloaded to the unsuspecting user’s PC.

Other recent examples include the Gaza and FIFA World Cup spamming campaigns, which used social engineering to make users think they were clicking on a news item. The malware downloaded in these cases were able to send and receive files and retrieve user names and passwords.

Tuesday, 15 June 2010

The Importance of Penetration Testing

The latest edition of Certification Magazine looks at the importance of - and developments in - penetration testing.

The use of networks is rife in our everyday work and leisure. This means that our personal - and valuable - data is heading off in all different directions. It is now more apparant than ever that this data needs to be safeguarded for the benefit of all of us.

These technological developments have led to the increased importance of the role of the penetration tester.
Certification Magazine describes this person as: "a kind of digital spy, deliberately hacking into companies’ networks to identify weaknesses and fix them, preferably before an actual breach occurs."

Billy Austin, chief security officer for Saint Corp, explains: “You’ve got to switch your white hat into a black hat.

“What we have to do is become more offensive-type minded people. It’s crucial to have the characteristics or mindset of understanding what the attacker’s moves are going to be, and what those processes and procedures and all the different routes that someone can take [are].”


The importance of the role shouldn't detract from how interesting it is too. Whether the individual is attempting to hack into their own systems or piecing together the evidence at a hacking 'crime' scene, it rarely proves to be dull.

Firebrand is Europe's number one provider of IT security training, check out our Security Centre or call us on 080 80 800 888 to learn more.

Friday, 28 May 2010

Firebrand Training in The Guardian

Firebrand Training was featured in The Guardian - the UK national newspaper - on Wednesday 28 May. Visit the Firebrand Training press room on the Firebrand Training website to view the article.

We were in the Information Security supplement, and were recommended as part of four steps to guaranteeing business security.

Visit our Security Centre to see how you can better protect yourself.

Thursday, 25 February 2010

What are 10 best IT Jobs right now?

As the demand for emerging technologies such as virtualization, cloud, network security and social computing grows in 2010, IT professionals would look to stand out in the crowded job market.  Here are top 10 IT job titles that could gain traction in 2010:

  1. Ethical Hacker/Security Specialist:  According to a CompTIA survey, 37% of high tech workers intend to pursue a security certification over the next 5 years.  Nearly 20% would seek ethical hacker certification during the same period.  13% were looking for computer forensics as the next immediate certification they would pursue.
  2. Virtual systems manager
  3. Capacity manager
  4. Network Engineer
  5. Open source specialist
  6. Service assurance manager
  7. Electronic health records systems manager
  8. Sourcing specialist
  9. Service catalog manager
  10. Business process manager.