Archive for June, 2013


President, EC-Council and Founder of Code Uncode India Honored at the United States National Security Agency Colloquium 2013 awards with the 2013 Industry Leadership Award

Top officials and thought leaders in Academia, Government and Industry Honor Jay Bavisi, Global President, EC-Council for outstanding leadership in the Cyber Security Industry and Information Assurance Education.

India- June 13th: William Maconachy, PhD former deputy senior computer science authority at the National Security Agency (NSA) on behalf of National Security Agency’s Colloquium for Information Systems Security Education Honored Mr.  Bavisi with the 2013 Industry Leadership Award.

Every year, the Colloquium Awards honor one outstanding individual from Academia, Industry and Government respectively. This year, Mr. Jay Bavisi was the recipient of the 2013 Colloquium Industry Award that recognizes outstanding leadership in industry relations with information assurance education. Jay humbly accepted the award at the Committee on National Security Systems (CNSS) Award Ceremony during the 17th Colloquium for Information Systems Security Education (CISSE) Conference, held June 10th – 12th, 2007, on the campus of University of South Alabama, Mobile Bay, Alabama.

Founded in 1996, the Colloquium has become the leading proponent for implementing courses of instruction in information security education and provides a forum for academia, government and industry experts to discuss and form needed direction in information security undergraduate and graduate curricula, common requirements, specific knowledge, skills and abilities, certification requirements and establishment of professional certification boards.

“It is truly an honor to be selected as the opening Keynote at the Colloquium 2013 as well as to receive this prestigious award. I am grateful to the entire Board and the National Security Agencies CAE Community as a whole for this award and recognition” stated Jay. Jay delivered his keynote address at the event and lent an interesting perspective, entitled “The Cyber Security Quagmire: Finding the Panacea” which aimed to elucidate the information security industry’s successes, failures, and future out of the box solutions that the cyber security industry can implement, as they learn from the pharmaceutical industry in their fight against diseases.

Dr. Maconachy indicated it was the Board of Directors nomination and election to award Jay Bavisi based on outstanding leadership in promoting Information Assurance Training programs, long time advocacy in teaching ethics Information Assurance Education programs as well as generous philanthropic efforts to colleges and universities around the nation, and his leadership in developing cyber competitions in information assurance.

Jay, is the Co-Founder and President of one of the largest IT Security certification bodies in the world, EC-Council, and the co-creator of the groundbreaking Certified Ethical Hacker (CEH) certification that launched ethical hacking as a mainstream career.

Jay has been widely credited for being the brain child of the Global Cyberlympics competition that is supported by the Secretary General of the International Telecommunications Union a United Nations Agency, whose patron is Dr. Hamadoun Toure. Bavisi’s other work at the EC-Council Foundation includes the announcement of a grant of $350,000 toward the wounded warrior program that aims to retrain wounded warriors to become cyber warriors. The Foundation will also provide over 100 schools in North America with the support to launch Cyber Security Awareness programs for children in K-12 programs titled Live.Learn.Secure. He is possibly the first non US citizen to be the recipient of this award.

The Colloquium is active throughout the year and holds an annual conference in June. Conference information is available on the Colloquium website at www.cisse.info. The Colloquium board consists of members such as Brenda Oldfield, formerly the Director of the National Cyber Security Division of the U.S. Department of Homeland Security, William Maconachy, PhD former deputy senior computer science authority at the National Security Agency (NSA) as well as Daniel P Shoemaker, PhD, Principal Investigator and Senior Research Scientist at UD Mercy’s Center for Cyber Security and Intelligence Studies.

About EC-Council
EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information visit: www.eccouncil.org


EC-Council Warns the industry of Cyber Plague- addresses the urgent need for the implementation of a vaccine

Jay Bavisi, President, EC-Council, addressed leading figures in government, industry, and academia at the US National Security Agency’s CISSE Colloquium 2013, warning academic minds to introduce cyber vaccination programs via secure coding education.

India- June 13th: Jay Bavisi, President, EC-Council, warned thought-leaders from across the world- namely, from the Department of Homeland Security (DHS), the National Security Agency (NSA), and the finest academic minds of the NSA’s centers of academic excellence of the worsening Cyber Plague at the Colloquium for Information Systems Security Education (CISSE Colloquium). The event was hosted by the University of South Alabama in Mobile Bay on June 10, 2013. The CISSE Colloquium was created in 1997 to provide a forum for dialogue among leading figures in government, industry, and academia.

The Colloquium, one of the largest gatherings of academics, government, and industry,  had Bavisi’s keynote address, entitled “The Cyber Security Quagmire: Finding the Panacea”, aimed to elucidate the information security industry’s successes, failures, and future out-of-the-box solutions that can be implemented, using the pharmaceutical industry’s fight against diseases as a model.

As the co-founder and President of one of the largest IT Security certification bodies in the world, EC-Council, and the co-creator of the groundbreaking Certified Ethical Hacker (CEH) certification that launched ethical hacking as a mainstream career, Bavisi lent an interesting and unique perspective to the event.

Bavisi pointed out that while the medical industry has been able to nearly eradicate diseases such as polio and small pox through medical vaccinations, the information security industry hasn’t yet been able to achieve similar success against the scourges of cyberspace because of the lack of implementation of its vaccine equivalent: secure coding.

Throwing more light on this Jay Bavisi said, “We have unknowingly followed on the same path as the pharma industry. We quarantined our networks from attacks via firewalls, intrusion detection systems, and intrusion prevention systems. When this was insufficient, we introduced cyber hygiene by introducing security awareness programs, which introduced policies, processes, and controls.” Bavisi went on to say that the next step should be a cyber-vaccine in order to propel the world’s organizations into a more secure future.

Bavisi continued by linking the results of a recent national level secure coding competition being conducted in India with nearly five thousand participants, Code Uncode, to the continuing plague of insecurity. Findings from the Code Uncode competition decisively prove there is a serious lack of knowledge in secure coding practices that could be a causative source of security breaches around the world.

The Colloquium is active throughout the year and holds an annual conference in June. Conference information is available on the Colloquium website at http://www.cisse.info. The Colloquium board consists of members such as Brenda Oldfield, formerly the Director of the National Cyber Security Division of the U.S. Department of Homeland Security; William Maconachy, PhD and former deputy senior computer science authority at the National Security Agency (NSA); as well as Daniel P Shoemaker, PhD, and Principal Investigator and Senior Research Scientist at UDM’s Center for Cyber Security and Intelligence Studies.

About EC-Council
EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information visit: www.eccouncil.org


EC-Council Partners with one of India’s Largest Universities for Code Uncode

Thapar University supports Code Uncode- India’s First Ever Nationwide Secure Programming Competition.

INDIA- April 16, 2013 – EC-Council, the world’s leading provider of certifications and training in the information security domain, recently launched Code Uncode, India’s first ever nationwide hunt to recognize the top secure programmers in India. Code Uncode set to kickstart on May 19th is a 3 level online competition where individuals can test and showcase their talent in secure programming.

According to a recent Times of India article, India needs 4.7 lakh cyber security professionals by 2015 for protection of IT infrastructure in the country as well as to serve the export market.  To bridge this gap and provide India with the much needed cyber warriors, EC-Council has initiated Code Uncode, a platform for existing and aspiring programmers to come together.

To further help bridge this gap of need and availability of skilled professionals, Thapar University has taken the leadership position to support secure programming in India by conducting workshops on Information Security and having over 500 of its students to participate in this competition.  This will help Thapar University and EC-Council to develop and showcase outstanding talent of individuals that will meet the challenges of the IT industry in the coming years.

Dr. Seema Bawa, Dean of Student Affairs along with Dr. Maninder Singh, Head of the Computer

Science and Engineering Department spoke to students recently on the very lucrative and

upcoming career path in the information security domain.Talking of Code Uncode he said, “We are pleased that this partnership will help us educate students and better their knowledge in secure programming- a very important part of the cyber security domain. EC-Council is a renowned name in Information Technology certifications and trainings globally and this will be an excellent opportunity to create and recognize the talent in the programing world and build the future of a cybersecure India. Educational Institutes cannot afford to lay back at this moment and we at Thapar University have always taken the lead role in providing the best of opportunities to our students and Code Uncode is one, we definitely could not miss out on!”

EC Council is dedicated to strengthening cyber security in India and to tackle the issue of lack of skilled professionals we are partnering with training institutions across India. Thapar University is one of the largest universities in India and we are glad to come together with them to promote the awareness and education of cyber security through Code Uncode. ,” said Akash Agarwal, Country Manager, EC-Council India.

For more information about EC Council, visit www.eccouncil.org.

About EC Council

EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.


EC Council and Institute of Advance Network Technology come together to create Cyber Warriors in India; Join Hands to fight Global Cyber War

10,000 students to be trained in EC-Council’s Certified Ethical Hacker and Secure Coding programs as part of IANT’s academic curricula to prepare them to become cyber warriors in India

INDIA- April 18th, 2013 – EC-Council, the world’s leading provider of certifications and training in the information security domain, join hands with Institute of Advance Network Technology- IANT, to train maximum students and professionals across India.

According to the recent data, India needs 4.7 lakh cyber security professionals by 2015 for protection of IT infrastructure in the country as well as to serve the export market. As per a report by Gartner in 2011, the IT security market in India is estimated to be around USD 218 million (2012), with an annual growth rate of 20-30 percent and the market is expected to have a CAGR of 16.4 percent from 2011-2016.

To help bridge this gap of need and availability of skilled professionals, IANT, an ISO 9001-2000 certified institute, has taken the leadership position to offer EC-Council’s world famous certifications to its students to ensure that the graduates are significantly advanced in cyber security skills as compared to graduates from other colleges in India, that lack world recognized cyber security credentials like the ANSI -ISO 17024 accredited Certified Ethical Hacker (CEH) and EC-Council Certified Secure Programmer (ECSP). This will help EC-Council, to develop outstanding professionals to meet the challenges of IT industry.

To prepare Indian youth to meet the challenges of information age, and make them cyber educative, EC Council is glad to collaborate with IANT, India’s No 1 hardware & network institute. IANT, widely acclaimed for its quality team and state-of-art infrastructure brings forth highest number of quality IT students.

Rahim Kherani, Chairman, IANT said, “We are pleased that this partnership will help us educate students and better their knowledge in the cyber security domain. EC-Council is a renowned name in Information Technology certifications and trainings globally and this will be an excellent opportunity to build the future of a cybersecure India. Academic Institutes cannot afford to lay back and wait for the Government to do something. Instead, they need to be proactive and take measures to help the Nation to produce Cyber Warriors. Once again, we at IANT, have taken the leadership role in doing this for the Nation. ”

IANT caters to over 10,000 students through its 100+ institutes across India and all of their students will go through an intensive course in Certified Ethical Hacker (CEH) and EC-Council Certified Secure Programmer (ECSP).

“EC Council is dedicated to strengthening cyber security in India and to tackle the issue of lack of skilled professionals we are partnering with training institutions across India. IANT is one of the largest training institutes in India and we are glad to come together with them to promote the awareness and education of cyber security. We aim to help India in creating its breed of cyber warriors to defend its cyber space and assets via academic partnerships with institutions like IANT,” said Jay Bavisi, President, EC-Council.

Jav Bavisi, President of EC Council and Rahim Kherani, Chairman & Managing Director of IANT, started their organizations with a vision to educate the youth of the nation. The patriotism towards their motherland encouraged them to work in the realm of education and bring India up to the global benchmark in the infosec space. With this tie-up both EC-Council and IANT eye to strengthen India for cyber war.

For more information about EC Council, visit www.eccouncil.org.

About EC Council

EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

About IANT

IANT (Institute of Advance Network Technology) was incorporated in 1999 with multifaceted projects like IT training, Infrastructure development, international certification, manpower outsourcing & recruitment. It’s one of the many ventures of the Kherani Group of Companies, which primarily deals in education & training. Headed by Mr. R. F. Kherani, IANT has witnessed the rapid growth of business & vision. Profiled with immense exposure of technology & experience of life, Mr. Kherani has succeeded to develop a team, which is skilled & highly motivated to transform an academic student into a corporate professional. The students trained at IANT, have proved to be a landmark in the growth of IANT and in becoming a prestigious & reputed institution in the market.

IANT has tie-ups and affiliations with education vendors like CompTIA, Microsoft, Red hat , Cisco, SCO, Sun etc. and has projected their international certification courses to the aspirants in an excellent manner. This is proven by the fact that IANT is the first and only institute Awarded as a CompTIA platinum Partner in CAPP, the best Red hat Certified partner ( National Network ) Training in India and the #1 Hardware & Networking Instate in India.

The Company is ISO 9001-2008 certified. IANT has developed a network of 110+ education centres all across India and is determined to expand to every corner of the country and also overseas. The mission of IANT is to make India a powerful and strong leader in cyber security by 2015 by educating and equipping individuals with the required knowledge.


Code Uncode Witnesses a Successful First Week and Partners with Leading Universities of India

The competition that aims to recognize India’s top secure programmers opened its preliminary window on May 19th

India, May 2013: Code Uncode, India’s first ever nationwide hunt for the best secure programmer, an initiative launched by EC- Council has witnessed participation from more than 500 participants- students and professionals across India.

The window to take the preliminary round of Code Uncode opened on 19th May and is open till the 1st week of July. The first week of Code Uncode saw over 500 participants from colleges like Brilliant Group of Institutions, Aurora Scientific and Technological institute, PRRM College and Gandhi Institute for Technology and leading IT company, CA Technologies.

The registrations are pouring in on a daily basis and Code Uncode is all set to have a grand successful preliminary round. As per the format of the competition after every round 10% of the participants will move to the next round finally moving to the Grand Finale.

To take Code Uncode to another level, EC-Council has also partnered with two of India’s leading universities- Amity University, wherein they will have participation from 30 of their campuses and Mahamaya Technical University, U.P’s biggest university with 400 colleges affiliated to it. On the Corporate front, registrations are ringing in from TCS, Infosys and many other IT firms.

“With this competition, participants will have an opportunity to move beyond theory and test their coding abilities. The rising entries that we are receiving only indicates the incredible talent pool of competent young people in India, who will become tomorrow’s IT leaders and also the need of an initiative and platform like this. We are glad to have had the foresight to launch an initiative like this that benefits not only the present but also the future of the IT industry of India.” said Akash Agarwal, Country Manager, EC-Council India.

The event will be conducted in 3 parts- Preliminary Semi Finals and the Grand Finale leading to identifying the top programmers in our country.

EC-Council backed with their vast experience in global competitions and conferences like Hacker Halted, TakeDownCon and Global Cyberlympics, is bringing the global movement and trend to India through Code Uncode.

For more information about Code Uncode 2013, visit www.eccouncil.org/codeuncode.

For more information about EC-Council, visit http://www.eccouncil.org/about_us.aspx

About EC-Council

EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.


Why are cybercrimes NOT always white-collar crimes?

– Dhananjay Rokde – Global Head – Information Security, Cox & Kings Group

A generic definition of a crime would be an act that is in violation of the applicable laws. A crime / criminal offense may essentially hurt an individual or the community (city or a nation) at large. This concept has now been taken to the next level with rising popularity of cybercrimes. In recent years, there are several analyst reports on the increasing trends of cybercrimes. Of late; several interchangeable terms for cyber crimes such as, computer crime, cyber fraud, internet crime, cyber exploitation, electronic rackets and many others, have emerged. Interestingly; there is no such term as a “cybercrime”, as per any Indian law.

In ‘The State of Information Security Survey -India, 2013′, a report by PWC it reported that the size of the information security market in India in 2012 was Rs 1,200 crore and their estimate for 2013 is Rs 1,415 crore, a growth of 18 per cent. According to the survey, medium businesses with revenues ranging from Rs 500 crore to Rs 5,000 crore, saw an estimated 17 per cent increase in security spending in 2011-12 followed by small businesses with revenues less than Rs 500 crore where the spending increased by 14 per cent. This proves that organizations are not only aware of the menace of cyber threats and attacks but are also focusing on addressing these issues.

There are local laws in almost all countries pertinent to cybercrimes and their admission in the legal system for trials. However, until an actual “terrorist intent” is detected; these perpetrators are never addressed as criminals – instead as white collar criminals or simply as ‘Hackers’. White collar crimes are generally victimless crimes and do not get the attention in society, as much as crimes of theft, hate, violence narcotics and terrorism. However in terms of actual state or national revenue lost, white collar crimes amount to just as much. A hack or a cyberattack can lead to organizations losing data worth millions and can have their revenues compromised. It is also because these criminals are often educated and have jobs in reputed organizations, that gives them leeway. They don’t get the same amount negative embellishment or social interest compared to other criminals. The damage that these crime do is often worse and has far-reaching effects.

To illustrate this let us look at an average cybercrime caused by a DoS (Denial of Service) or a DDoS (Distributed Denial of Service, which is often an organized cybercrime). Web applications belonging to financial institutions like banks, stock exchanges, government bodies & universities remain hot-targets for such attacks. A simple DDoS on a banking site affects all the banks customers and parties associated to the bank. Very simply put it is a two-way damage affecting the payee and the recipient of funds. In many cases this can mean the difference between life and death. Clearly this is NOT a victimless crime. Because the victims are not around to lodge a complaint, or do not even know in most cases that they have been exploited.
The sheer penetration of internet, dependence on it and consumer-convenience of internet banking, e-commerce, trading and online management systems is what often provokes cyber criminals to commit crime. Services like internet baking, airlines bookings / check-ins are no longer a luxury; but life essential amenities. The outage of such services often causes a lot of media hype and gets the attackers exactly the attention they are looking for. Hacktivist groups and cyber vandals are constantly on lookout for such easy consumer based targets.

Just imagine; you are stuck in a blizzard cannot check into a hotel because your credit card limit has abruptly maxed-out, or you are unable to transfer funds back home for an emergency, or not being able to charge your health insurance policy because the networks are down. These are scenarios that are often not taken into account while defining a punishment for the act of a cybercrime. It has also been my personal experience that during such attacks the target banks and application / internet / telecom service providers often do not disclose the occurrence of such attacks; to avoid public embarrassment. It is because there is substantial lack of transparency in the reporting of such incidents by the affected parties that makes it increasingly difficult to catch the culprits. It takes the average victims more than a week to determine if they have actually been exploited. The combination of the two factors mentioned above along with the time-delay assists the criminals to get away.

Law enforcement agencies and legal bodies need to realize a simple truth – “Cyber crimes are actually capable of taking lives”. While the statement may sound a little exaggerated, the actual ripple effects of cyber crimes are felt very late. The impact of a cyber crime is far more than what can be seen at the outset. It is not simply about a unavailability of services or some sites being defaced. This is somewhat like the “Butterfly Effect” theory.

Cyber crimes are becoming costlier by the day. They are costing the global industrial landscape billions of dollars. Such crimes also have severe fall out effects such as permanent loss of reputation, loss of jobs and an overall negative hit on the economy. Not too long ago, Microsoft had officially put up a bounty of USD 250,000 for apprehending the creators of the MSBlast malware.

The Indian IT Act has come a long way from where it began. However it needs to become stringent in two ways – by enforcing onus on the authorities like the police and empowering them with the right tools and knowledge to apprehend such criminals, and also by increasing the severity of the applicable punishments. While harsher sentences are not the complete solution, they are a very strong deterrent. Frost & Sullivan reveals that nearly 80 percent of Indian business enterprises have reported data theft through online hacking and that the cost of computer crimes has reached a whopping USD 10 billion – India is ranked fifth in terms of ecommerce security breaches. These criminals should be tried & prosecuted under the extent of the law. There also needs to be inter-agency synergy between the local cybercrime authorities and the bodies such as the Interpol, NSA, and the CERT.