Valencia, Spain, December 1, 2009 – According to a report by Frost & Sullivan, Europe’s information security workforce is expected to set a record growth of 13 percent by year 2012. In line with the increasing demand for information security professionals in the region, Escuela Superior Arte y Tecnologia (ESAT), a central for creative and information technology learning in Spain officially acknowledges the importance of information security education with its participation in the EC-Council Academia Partner program. Conceived by EC-Council, the program engages academic partners across the world in an ongoing effort to educate students on information security industry and the critical roles it plays.
With 12,000 students across the globe currently benefiting from the program, EC-Council Academia Partner is a valuable association in
both the academic and information security communities. Besides serving as a platform for industry networking among its alumni and
current students, the program is also an avenue for knowledge sharing and exchanging of information – an important factor in the dynamic industry of information security.
According to ESAT´s Director, Mr. Jaime Torres, “ESAT is recognized as one of the best schools of its kind in Europe since its inception
in 2006. As we have always tried to be at the forefront of technology, it is for this reason that we form a partnership with EC-Council, the
owner & developer of the best ethical hacking certification today”.
“Our philosophy is to offer our students the best possible training so that they could achieve their goals, as well as ours”, Torres added.
Under the Academia program, ESAT has begun integratingEC-Council’s curricula into their respective academic syllabus. Students pursuing their degrees at the university are currently exposed to intensive theoretical & practical training, which will add substantial value to their qualifications upon graduation. This will effectively give them an edge over their peers and most importantly, a head-start to a long and fulfilling career in the information security industry.
Vice President of EC-Council, Mr. Sean Lim revealed, “We applaud the move by ESAT in joining the EC-Council Academia Partner program as it demonstrates progressiveness in their approach towards information security”.
“We believe that this partnership will go a long way in creating awareness towards the significance of information security education. Most importantly, these students will soon be prepared to fill a niche gap in the region’s workforce”, he added.
About EC-Council Academia Partner Program
The EC-Council Academia Partner is a platform developed by EC-Council where academic institutes across the world are actively engaged as education partners in an-ongoing effort to educate students on information security industry and the critical roles it plays. There are 12,000 students from across the world currently benefiting from the program.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: http://www.eccouncil.org
About Escuela Superior Arte y Tecnologia (ESAT)
Escuela Superior Arte y Tecnologia (ESAT) is the central for Design and Information Technology in the city of Valencia. Located in a beautiful & unique building in the historical part of the city, it is very close to the Valencian Parliament and The Plaza de la Virgen (Virgin Square). ESAT focuses on training in art and technology areas. It specialises in educating and preparing its students in attaining Bachelor degrees at the most prestigious universities in UK and USA. ESAT training covers three distinct areas: higher education in Design & Information, specialized training in businesses and specialized graduate courses. For more information about ESAT, please log on to: http://www.esat.es
November 2, 2009
Singapore Polytechnic (SP), will be the first institute of higher learning in Singapore to incorporate EC-Council programs into its existing courses; the Part-Time Specialist Diploma (E-Commerce Technology) and the Certificate of Competence in Information Technology (Infocomm Security).
EC-Council is a member-based organisation that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe.
Said Dr. Timothy Chan, Director, School of Digital Media and Information Technology (DMIT) of Singapore Polytechnic, “Integrating EC-Council programs into our courses is a step that underlines SP’s legacy, which is developing a professional workforce with specialised skills for the country. As we steadily evolve into a fully knowledge-based economy, we acknowledge the increase in demand for manpower with expertise in the information security sector. We are confident that EC-Council qualifications will fortify our students’ knowledge and skills, making them stand out from the rest.”
Students taking the Diploma in Infocomm Security Management (DISM) at SP will also be the first to receive scholarships and awards totaling S$45,000 from EC-Council. The scholarships & awards are made possible with the signing of a Memorandum of Co-operation (MOC) between DMIT and EC-Council last week.
Under this MOC, three scholarships valued at $2,500 each will be awarded annually over the next five years to deserving SP students taking the full-time diploma course. In addition, the organisation will also reward a $1,000 graduation award and a $500 EC-Council Circle of Excellence Award to exemplary students during the same period.
On top of that, SP will be the first polytechnic to offer EC-Council courses to students under the Academia Partner Program. In line with the MOC, SP’s School of DMIT has become an EC-Council Academia Partner and an Accredited Training Centre that will offer EC-Council professional certification training programs.
EC-Council will be providing reference materials and publications related to information security, which will be accessible to students at the DMIT’s Infocomm Security Labs. There will also be opportunities for knowledge sharing, staff exchanges and engagements between both parties.
Six SP lecturers have successfully completed the world-renowned Certified Ethical Hacker (CEH) program recently and another two final-year students are set to undergo the training as well, making them the first SP lecturers and students to join the global community of certified EC-Council members, currently standing at over 26,000 across more than 60 countries.
“In this era of K-economy, EC-Council recognises the need to nurture more information security personnel and experts. There’s no better way to do so than paving the way for a group of deserving students who aspire to be part of the information security community. As such, we are immensely pleased to have Singapore Polytechnic as one of our education partners”, said Mr. Sean Lim, Vice President of EC-Council.
October 29, 2009
InterSoftware will be the first Accredited Training Center (ATC) in Latin America to partner with EC-Council for the exclusive launch of VoIP Professional (ECVP) program, a new certification from EC-Council that educates professionals on how to install, implement, set up and secure a VoIP Network. According to industry research firm, IBISWorld, Voice over IP (VoIP) services are expected to have the largest revenue increase with a projected growth of 20.1% by the end of 2009.
In addition, the Radicati Group forecasted that nearly 75% of corporate phone lines will adopt VoIP technology within the next year and they would range from small businesses to blue chip companies such as Bank of America and The New York Times Co.
Organizations with intent to modernize their voice communication systems may opt for a cost-effective technology such as VoIP, but may lack the skills to ensure a smooth and secure implementation. Specialized knowledge and skills are required to configure and manage the VoIP infrastructure, which is a complex convergence of both voice and data technologies. Unfortunately, the shortage of knowledge in VoIP technology, especially pertaining to its security issues, has given rise to many new challenges.
SC Magazine reported that rogue groups have managed to hack into the VoIP systems of large companies, US Federal Emergency Management Agency being one of them and even small companies, chalking up millions of dollars in data charges. In Australia, VoIP hackers managed to breach the system of a small business and made11,000 calls that cost over $120,000.
To address this gap, EC-Council developed the Certified VoIP Professional (ECVP) program, a comprehensive approach towards understanding VoIP technology. The ECVP program is designed to provide candidates with the knowledge of installing, implementing, hacking and securing the entire VoIP network.
Besides addressing a number of recently discovered vulnerabilities in VoIP, this program will serve as a bridge to close the gap and encourage the convergence of knowledge between telecommunications experts and information technology specialists. In addition, the course itself complements the comprehension of networking technologies and internet telephony systems with practical lab tools that provide one with skills pertinent in assessing and designing a VoIP network.
IT personnel in charge of implementing VoIP networks and security professionals that are concerned with VoIP’s security posture are among those who will be benefit from the ECVP certification. As this is a technical program, interested participants should have sound background knowledge of TCP/IP networks as well as experience in designing or implementing VoIP networks & security technologies.
“We are very excited to be appointed as the exclusive Accredited Training Center for Latin America to offer the EC-Council Certified VoIP Professional program. This will allow us to provide our customers with the skills and knowledge they need to configure and implement a VoIP Network, design troubleshooting plans, encrypt data, and implement hacking tools for VoIP networks”, said Carlos Morales de la Cerda, InterSoftware’s Chief Executive Officer.
Jay Bavisi, Co-Founder and President of EC-Council added, “We are very pleased to appoint InterSoftware as our exclusive partner to launch the ECVP program in the Latin American region. There is a growing demand for telecommunication professionals with security knowledge and we have full faith that InterSoftware will continue to provide training that encompasses security professionals with the skills and knowledge to better serve the region’s demand. ”
Intersoftware has scheduled the first ECVP class in November 2009, with more being planned for the following year. For more information on the class schedules, please email to email@example.com
Mumbai, October 26, 2009
A group of over 90 engineers from IBM ISS (India) recently completed the Certified Ethical Hacker (C|EH) program, and successfully joins the global community of EC-Council certified information security members that currently stands at over 25,000 across 60 countries.
In addition to being touted as one of the world’s most comprehensive ethical hacking program – featuring the latest hacking tools and methodologies, the C|EH curriculum is also certified to meet the stringent CNSS 4011-4016 standards, awarded by the US National Security Agency (NSA) and Committee on National Security Systems (CNSS).
The intent of IBM ISS (India) to equip its engineers with knowledge of the latest tools and methodologies employed by hackers, which is critical for them to maintain a competitive edge over other service providers, led to the demand for C|EH training. The security skill levels of the IBM ISS professionals are anticipated to develop further, delivering performances and security products that would exceed all expectations in their market base.
“It’s very important for our personnel to grasp the thought process of cyber criminals and in this respect; the C|EH program is very extensive in terms of tools & techniques being covered. It is the gateway to security related knowledge in the information security domain,” said Sanjeev Navale, Project Manager for IBM India.
“As IBM practices the ‘Kaizen’ value of continual skill development & improvement, we wish to have long term association with EC-Council so that we can keep updated with the latest vulnerability in current technologies”, Navale added.
Sean Lim, Vice President of EC-Council said, “Keeping our curricula and content up to date is EC-Council’s edge. We constantly update our content, making sure it provides the latest knowledge and skills for anyone embarking on our programs. Having trained and certified this large group from IBM ISS (India) further fortifies that our certification programs are of the highest quality.”
Plans for IBM ISS (India) to put its team of engineers through another highly sought after program – the EC-Council Certified Security Analyst (E|CSA), which exposes its learners to various outcome analysis methods of testing tools, are already underway and the next training will be scheduled for the last quarter of 2009.
Sanjay Bavisi is the co-founder and president of the EC-Council; a United States (US) based international certification body on security and e-business. In this interview, he tells Ben Uzor Jr about the latest trends in cyber security and what steps the council is taking in this regard. EC-Council The international Council of Electronic Commerce Consultants (EC-Council) is a member supported professional organisation. The purpose of EC-Council is to support and enhance the role of individuals and organisations that design, create, manage or market security and e-business solution. We support our members by providing Electronic Commerce Consultant Certification as well as educational, technical, placement, member advantage, and discounted services. We enhance our membership by providing a community where discussion and information exchange can operate freely in the context of mutual trust and benefit.
We are in partnership with New Horizons, a Nigerian Information Technology (IT) education and training centre and their job is primarily to provide knowledge. The main issue today and our greatest concern is that there are engineers coming out here in Nigeria that we refer to as ‘vendor certified’ engineers. Take for instance, if I am using a Microsoft product, will Microsoft tell an individual that their products have shortcomings? No they will not say that. This year in April, Steve Ballmer, chief executive officer, Microsoft incorporated came out and openly admitted that Microsoft Vista is an unfinished product. Can you believe it, Microsoft releasing an unfinished product? So when Microsoft gives you an MCSE (Microsoft Certified Systems Engineer) certification they cannot tell you that there are lots of problems in it because they have to sell products. They only teach you how to use these products. The problem is that hackers don’t follow that way; they look for other viable means. Who are the first people to buy anti-virus products? They are the hackers themselves. They buy it so they can reverse engineer and come up with new solutions. So therefore, what we do with New Horizons is very important. New Horizon serves to educate and train people but where do they get the content and expertise from; they get it from people like us. We research the content, we have 300 subject matter experts, and these are the guys that operate underground as well as aboveground. These are the guys that work in Eastern Europe, China, and America. They come up with what we call ‘exploits’ and they sell these ‘zero day codes’ in the open market. There is an auction that says if you want to exploit a hole in SAP system who wants to bid for the software. What we do is, we buy the software, we understand the gaps, we create the solutions and we give it to New Horizons and we say teach it.
The whole purpose of EC-Council is to reduce the gap but the problem is you have to recognise that there is a gap before you can reduce it. A lot of people feel that just because there is no hacking incidence reported in an organisation therefore hacking did not occur. Actually, the worst hacks are those residing in your computers, networks and organisation right now that have not been found out. In this regard, the high level of reported incidences of hacking is not as a result of EC-Council failing or the whole Information security community failing rather it is because of how proactive we are that you are getting to find these crimes out. So just because hacks are not reported in your company, it does not mean you are secure because there is something called a ‘backdoor’. Hackers reside here on your network and steal your information live and your organisation thinks it’s secure. So, the key indicators you see now, the increasing number of certified personnel, articles on cyber crime, the number of conferences. They all point to one thing; the whole world is becoming aware of these threats. The attention is a sign of the success that we are bringing this matter mainstream and we are doing something about it.
Mobile hacking is an issue that is beginning to assume a complex dimension. Look at some companies for instance that have got IT policies they call ‘no in no out policy’. This means that it is a tight and compact policy, you cannot bring in or take out any equipment. You will observe that mobile phones and ipods are allowed in. Mobile phones have Blue tooth while ipods have USB connectivity. This has serious implications because every single mobile phone is actually a small computer hard disk and you can bring in Trojans and hacking tools into an organisation. To live in a world where you think a mobile phone is harmless or an ipod is harmless is tantamount to getting hacked in the long term. Nigerian institutions probably need to understand that just by allowing an individual bring in a mobile phone into your organisation can be a big risk. They could steal your corporate data as well as install malicious software.
To a hacker, vulnerabilities on a network are hidden, high valued assets. When exposed, these vulnerabilities can be targeted for exploitation, which may result in unauthorised entry into a network, can expose confidential information, provide fuel for stolen identities, trigger theft of business secrets, violate privacy provision of laws and regulation, or paralyse business operations. Hackers are constantly scanning IP (Internet Protocol) addresses, looking for vulnerabilities that can be exploited. The Code Red Virus, which was distributed in late 2001, infected over 250, 000 web servers in the first nine hours and caused over $2.6 billion in damages. The patch to protect servers from this worm was released six weeks prior to the start of its spread. Also, firewalls, antiviruses’ software intrusion detection system (IDS) and other security products can give IT administrators a false sense of security, of believing they are shielded from intrusion. Web based attacks that targets web and data base servers can bypass firewalls and virus scanners, using techniques such as SQL injection and buffer overflow opportunities. A tool hacker’s use quite frequently is the virus re-construction kit. It is basically a software to put it in lame mans term and what it does is it has a bank of viruses and worms and it allows the user to basically with a click of a button split regularly known viruses and take their payload and different signature to form a new virus. This virus formed will have characteristics of different viruses; it will have different payloads to do different things.
Enterprise vulnerability management
Every organisation needs to perform timely identification and remediation of network vulnerabilities to prevent hackers and disgruntled insiders from exploiting these network weaknesses.Â
In the past, vulnerability assessment was performed manually for auditing purpose. This process would take from one to several weeks and the report produced were out of date by the time they were delivered, while vulnerability management has evolved from simply running a scanner on an application computer on network, to detect common weaknesses. It is rather defined as the process of identifying vulnerabilities, evaluating risks, remediation and reporting. In more simple terms, it is the deregulated, continuous use of specialised security tools and workflow that actively help to eliminate exploitable risk. The process is continuous and creates a closed feedback loop for ongoing network threat management.
I think electronic Jihad is not just for Nigeria. I think it is a global issue and the challenges that a nation would face if it is attacked is serious economic recession. The electronic Jihad could bring a lot of mayhem. At some point in time there could be some kind of conflict between nations. Take for instance, in 2007, the case of Estonia, one of the most internet savvy states in the European Union (EU). The country faced severe attacks from hackers and this was linked to the Russian riots sparked in late April by the removal of a Soviet war memorial from Tallin city centre. The websites of the tiny Baltic States government, political parties, media and business community had to shut down temporarily after being hit by denial-of-service attacks, which swamp them with external requests. Every nation faces some kind of conflict and when you are faced with such conflicts it is not always the army, navy or air force that will be able to attack or defend you. Cyber warfare can be a very salient and dangerous method of bringing a government and economy down. I think that is one area the Nigerian government needs to be cautious about. Electronic Jihad is just one of the examples; it is not necessarily that you would be susceptible to it. There are groups out there that hack for a purpose; they do this because they want to put forth an agenda. So theses are the issues the country needs to be concerned about. Â
War on cybercime
The global government institutions are really trying their best to combat cyber crime. EC-Council is hosting an Asia-pacific round table in Kuala Lumpur in November. We have confirmed participation from various departments of defence, Ministry of defence in Singapore, we have the Strike force in Malaysia, and we also have participation from Hong-Kong. So, there a lot of regional based institutions coming forward to try to combat the scourge and come up with a global solution and answer. In addition, if you look at various government, the US government for instance, our accreditation by the National Security Agency (NSA) our works with the Department of Defence. These are the kinds of solutions we are trying to bring forward to the Nigerian government. I think the global solution will have to begin in the area of human capital. This is because without human capital, proper methodology and training we are not going to win this war on cybercrime. So regardless of whatever technologies a country acquires, regardless of how many billions of dollars is invested in security equipments, Nigeria should not be subjected to ‘Equipment Based Security Syndrome (EBSS)’.
The whole idea of Equipment Based Security Syndrome (EBSS) is all about equating the level of investments made to the level of security acquired. For example, whenever, you have conversations with chief security officers (CSO) and the conversation goes a long the line of my organisation is secure because we spend $50 million a year on IT security, that’s a vivid sign of EBSS. There a lot of people that come up with security matrix, they try to actually calculate the risk of return on investment; I personally find that difficult to calculate. Infact I am totally against that because how do you calculate a risk factor or put a number to the level to something you are not sure is there. Hacking is not necessarily a ‘blue screen’, hacking can occur when everything is functioning perfectly.
Ethical hackers gathered this week in Miami to talk about the latest cyber terrorism threats. The world of hackers is kind of like the Star Wars universe: There’s a light side and a dark side of cracking computers.
Hundreds of hackers on the side of good — or ethical hackers — gathered at the 14th Hacker Halted global conference this week, held for the first time in Miami, to talk about strategies to thwart cyber terrorists.
Ethical hackers understand how to hack a system in order to better protect against attacks, or to know where the vulnerabilities are in a program.
“A good defense is a good offense,” said Sean Arries, a security engineer at Terremark Worldwide. “If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself.”
Arries gave a cautionary presentation detailing how hackers can take advantage of a vulnerability in Windows Vista and Windows Server 2008 — a gateway for hackers that Microsoft hasn’t yet patched.
Arries did a scan of 43,000 domains and found 110 of those sites were vulnerable to that exploit.
“Now 110 is quite a lot, because that becomes a staging process for an attacker to launch against other sites and internal networks,” he added.
Bloggers have been writing about this flaw for two weeks, so it wasn’t exactly news to the audience. But while going through slides filled with programming code, he warned attendees that hackers will likely launch a worm to take advantage of this flaw any day now.
“We are in a scramble state to secure our clients and customers and secure ourselves interally before this worm shows up — and it will be coming,” Arries said in an interview afterward.
Not everyone who comes to events like this is a good guy, so to speak. Talk to anyone at that conference and they believe at least some “black hat” hackers were among them in anonymity — or more likely, programmers who work in a morally gray area.
“The same techniques that you learn to protect a system are the same things people look at to break into systems,” said Howard A. Schmidt, president of the Information Security Forum. “You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys. ”
In the world of hacker conferences, Hacker Halted, which ended Friday, is pretty tame compared to the DefCon and Black Hat conferences in Las Vegas.
“That’s where you get more of the black hat subculture to learn what’s going on and extract information that maybe you should or shouldn’t be privy to,” said Solutient technical trainer Ernie Campbell, who flew in from Cleveland to attend. Malicious hackers are usually grouped into subsets.
There are the “script kiddies,” a derogatory term given to hackers who use programs to cause trouble because they don’t have the skills to write their own code. There’s also the typical movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc.
“That certainly exists, but it is a small, small subculture,” said Erik Laykin, managing director of Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.
The hackers that Laykin and other investigators focus on are the criminal hackers — many working out of the country — who keep coming up with ways to steal financial information.
And while these criminals work 24/7, it’s a constant job of playing catch up for the certified ethical hacker who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cellphones will be the target down the road.
But it could be worse than that.
“Defibrillators that are implanted in people’s chests today have electronic remote sensors so they can be reprogrammed using wireless technology. That’s an early technology that’s potentially susceptible to hacking,” Laykin said.
Albuquerque September 7, 2009 – EC-Council, a leading international certification body in information security and e-business, today announced the recipients for the Secure Aid Program 2009. The winners were picked from an extensive pool of applicants that have met the stringent criteria set by the EC-Council Scheme Committee.
“The Secure Aid program is primed to aid those affected by the global economic crisis, and aims to support national and global measures on combating cyber crime and cyber terrorism. I congratulate all of the Secure Aid recipients for meeting the rigorous standards set by the Awards Committee. Their continuing education through iClass will equip them with the skills to impact the global arena.” said EC-Council President, Jay Bavisi.
Members of the Scheme Committee who convened as an Awards Committee included Scott Applegate – (US Army); Bill Varholl – (US Department of Defense); Russell Butturini – (Epic Technologies); Robert Lai – (Science Applications International Corporation); Denis O’Callaghan – (Alive Consultants LTD).
“It was a tough decision to make as we had a high number of applications this year. This initiative is part of a Social Responsibility Program of EC-Council to ensure the vital expansion of knowledge and application through critical thinking and research by way of submitting a case study or white paper, and further hands-on training through iClass. It serves to advance a holistic understanding of technology and application to evolve the cyber security space.” said Robert Lai, Science Applications International Corporation.
The list of Secure Aid recipients are as follows:
* Miguel Hernandez IV
* Shad David Malloy
* Edewede Oriwoh
* Don Prince
* Ahmed Salem Shibani
* Kurt Russell Hinson
* YanYan Wang
* Sulaimon Jimoh
* Yosia Suherman
* Craig Jones
* Rahim Kazani
* David Bell
* Maher Yamout
* Kishan Mullegama
* Adam Hooper
* Muhammad Amir Jamil
* Rizwan Omer
Miguel Hernandez, Secure Aid recipient said, “Being in the security and auditing business myself, I find this an excellent opportunity for me to expand my horizon and equip myself in the latest technology and exploits in information security. In a time when organizations are being asked to do more with less, time is scarce. iClass fits my busy schedule perfectly.”
Secure Aid recipients will have the opportunity to earn globally recognized certifications such as the Certified Ethical Hacker (C|EH), Computer Hacking and Forensic Investigator (C|HFI) and Licensed Penetration Tester (L|PT), among others through iClass – online, live, instructor led training http://iclass.eccouncil.org/.
Singapore Infocomm professionals to benefit from National Infocomm Competency Framework (NICF) and Critical Infocomm Technology Resource Program (CITREP) endorsement.
Launch of EC-Council | Press to provide professional, globally recognized certifications and content in information security to US academic institutions.