Archive for the ‘Featured’ category


Gurgaon Teaches To Hack Ethically

A number of institute offering ethical hacking courses have come up in the city to meet the rising demand of ethical hackers among companies which are gearing up to protect their information from threats, says Mamta Sharma. Gurgaon being a corporate hub has not been unaffected by cyber criminals having seen an alarming increase […]

To read more please click HERE


EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv8) Certification

EC-Council’s Certified Ethical Hacker (CEHv8) certification program receives the American National Standards Institute (ANSI) Personnel Certification Accreditation. To become certified, an organization must undergo stringent quality reviews and assessments. EC-Council is one of the few organizations that specialize in information security (IS) to earn the accreditation.

Albuquerque, NM, March 7, 2012 – Today EC-Council announces that it has been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its Certified Ethical Hacker (CEHv8) certification. EC-Council is one of a handful of certification bodies, whose primary specialization is information security, to be awarded this much sought-after quality standard.

“ANSI commends EC-Council for meeting the rigorous requirements of the ISO/IEC 17024 standard and joining the elite group of organizations that have achieved this distinction” said Dr. Vijay Krishna, ANSI senior manager of personnel certification accreditation programs. “This achievement highlights EC-Council’s commitment to offering a high quality certification program. The ANSI accreditation process is designed to increase the integrity, confidence, and mobility of certified professionals and creates value for all the stakeholders including certification holder, employer, public, and regulatory authorities.”

The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. It is the sole representative of both the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in the United States. ANSI is the only personnel certification accreditation body in the United States to meet nationally accepted practices for accreditation bodies. The ANSI/ISO/IEC 17024 standard addresses the general requirements for certification entities.

In order to award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified Ethical Hacker (CEHv8) certification program.

Jay Bavisi, Co-Founder and President of EC-Council commented, “Achieving ANSI 17024 reflects not only our commitment to quality but, equally important, our approach to continuously improve as a learning organization to ensure that EC-Council is much more agile, efficient, and strategically fit for the future.”

A Certified Ethical Hacker (C|EH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). Since its creation in 2003, the Certified Ethical Hacker has certified over thirty thousand individuals and has become the global de facto leader in certifying IS professionals.

EC-Council has been recognized for its highly popular CISO certification and for its certifications in the field of computer forensic, penetration testing and network security globally.

Bavisi added, “We have worked hard for over 2 years to meet the stringent requirements of ANSI 17024 standard. We have scrutinized and challenged every aspect of EC-Council certification activities and operations. This has resulted in significant improvements to both what we do and how we will do it. This benchmark of excellence will give our customers even more confidence in the quality of our certification”.

Contact:
Marissa Easter- Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 100,000 security professionals and certified more than 50,000 infosec professionals. Its certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico, USA. More information about EC-Council is available at www.eccouncil.org.

About ANSI:
The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF).


EC-Council Forewarns Organizations About the Dangers of Phishing Attacks as Cybercriminals Move to More Concentrated Hacking Methods

New research shows that cyber criminals are moving away from mass spam attacks and focusing on more targeted hacking techniques. The most common of these methods is phishing. EC-Council has released a comprehensive guide on steps organizations can take to prevent disastrous security breaches.
February 13, 2012, Albuquerque, NM- Recent research shows that cybercriminals have moved from large mass spam attacks to more targeted techniques. One of the most common of these attacks is phishing, an attempt by cybercriminals and identity thieves to obtain sensitive information by masquerading as a legitimate and trustworthy source.

In order to keep organizations’ information secure, it is crucial for Information Assurance leaders to understand the two types of phishing methods: spear phishing and whaling, and the devastating risks they carry. Spear phishing is the most commonly used phishing method. Experts cite the amount of money generated as the reason for the switch to more concentrated attacks.

According to recent research conducted by Cisco, “Spear phishing attacks have proven to be both highly dangerous to victims and immensely valuable to cyber criminals. A vastly customized phishing attack can net 10 times the profit of a mass attack.” Cisco estimates the annual global cost of targeted attacks to organizations is $1.29 billion.

Sameer Shelke, IT Services and Risk Management Leader, says “Tackling phishing attacks can be immensely challenging as phishing emails are usually very convincing and it is hard to distinguish them from genuine emails. Risk management and control mechanisms against such social engineering attacks need to be dynamic in order to keep up with evolving security risks.” Shelke goes on to say, “While upgrading to advanced security solutions is crucial, educating people about phishing is also equally important.”

 

EC-Council recently released a White Paper written by Shelke that explores differences between spear phishing and whaling and offers solutions to combat phishing attacks. To download Shelke’s White Paper “Shield Your Business – Combat Phishing Attacks”, please visit: https://www.eccouncil.org/ciso/resourcesTo be successful at combating these attacks, an organization needs to have strong leadership in place. An effective Chief Information Security Officer (CISO) will lead a high performing information security (IS) program that protects against cyber crime and security breaches. EC-Council created the Global CISO Executive Summit Series to unite the IS leaders across the world in the fight against cyber crime. The CISO Executive Summits provide a platform for continuous learning where the most recent infosec threats and landscape evolution can be discussed.

 

EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts If this White Paper is of interest, it is encouraged to also look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report from the CISO Executive Summit, please go to this link. If you would like to attend or speak at upcoming CISO Executive Summits and would like to receive more information, please click here.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

 

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Organizations Engage in Certification Training to Protect Against Cyber Attacks

The recent increase in security breaches has caused many organizations to put a greater emphasis on improving the skills of the information security (IS) workforce. Research shows IS certifications lead to improved job performance and higher returns on investment. EC-Council’s Chief Information Security Officer Certification (C|CISO) equips CISOs with the most effective toolset to lead a high performing information security program and defend the company from cyber attacks.

February 14, 2012, Albuquerque, NM- Recent research by Ponemon Institute has shown that the average cost of cybercrime has increase by 56%. The complex and dynamic nature of the current risk landscape is causing organizations to put a greater focus on training of its workforce. A current study by Global Knowledge cites that managers believe certified information security professionals are 80% more effective at their jobs post certification. Further, studies show that investing in certifications can yield higher return on investment (ROI).

According to a study by IBM, “When business partners are grouped by the number of certified individuals on staff, those with higher levels of certifications exhibit measurably higher revenue per certified individual, and the value of each additional certification improves team performance.” IBM estimates that every $1 invested in learning and certifications averages a return in revenue of $345. In addition to an increase in revenue, certifications improve team performance by 11%.

The need for having a highly skilled information security team has never been greater. Jay Bavisi, President and Co-Founder of EC-Council, stated “The information security industry has changed tremendously in the past few years. This year alone, large corporations and governments around the world have suffered devastating and extremely costly cyber attacks. With the need to fulfill the IS industry’s growing needs for strong leadership, the Chief Information Security Officer Certification (C|CISO) was designed to complement the use of high-end technology with empowered and experienced executives who are ready to direct the information security team in today’s complex environment.”

EC-Council’s Chief Information Security Officer Certification prepares Chief Information Security Officers (CISOs) to defend their organizations from security breaches by actively improving the current information technology security solutions, enforcing regulatory requirements and aligning IS with the strategic needs and goals of their organization. This skill set enables the CISO to be the best guardian of their organization’s digital assets. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso.

According to SC Magazine companies that employ a CISO to lead an effective IS program are 10 times less likely to experience costly security breaches. Today’s risk landscape makes it almost impossible to protect against data loss and theft without the skills of a highly trained IS leader, like a CISO. Certifications provide the CISO with the tools needed to effectively protect the organization from cybercrime. To view additional CISO resources, please click this link.

Contact:

Marissa Easter- Marketing Communications Specialist- marissa.easter@eccouncil.org
About EC-Council’s Chief Information Security Officer (C|CISO) Certification:
C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Research Proves Best Performing Companies Employ a CISO with a High-Performing Security Program

Research done by SC Magazine proves that organizations that have a Chief Information Security Officer (CISO) have higher profit margins, generate more revenue, and display increased productivity.

January 31, 2012, Albuquerque, NM- EC-Council has released a new white paper that gives comprehensive strategies to CISOs on leading a high-performing information security (IS) program. According to research done by SC Magazine, companies that have an active CISO role and high-performing security program generate more revenue, spend less money, are more productive, and have reduced risks. However, the complexities and challenges of the organization’s infrastructure create daily traps that distract IS teams from carrying out tactical and strategic functions.

An effective CISO and well-run information security program can save a company almost 10% of total revenue. SC Magazine’s “Want to Reduce IT Risk and Save Money? Hire a CISO” article cites that this saving in gross revenue is accredited to a decreased risk of data loss and theft. Further, the article cites that the most successful companies that employ a CISO to lead an effective IS program are 10 times less likely to experience costly security breaches.

 

Chief Information Security Officer Summit Todd Bell, Executive IT Security Advisor at ConnectTech, LLC., says “Today’s threat landscape requires CISOs to develop and implement a high-performing information security (IS) program. One of the biggest challenges is not letting the torrent of corporate issues interfere with the overall effectiveness of the IT security team.” Bell, a speaker at EC-Council’s CISO Executive Summit in December 2011, was inspired by his panel role in the “Implementing a High-Performing Information Security Program” discussion and developed a how-to-guide for CISOs on leading a high-performing IS program. To view the White Paper, please go to: http://goo.gl/pxmY5 “Simply put, CISOs contribute to better business results by ensuring security measures are fully implemented, standardizing and automating procedures, and by taking a strategic role with the organization to make information security a part of a business process.” Affirms Jim Hurley, managing director of Symantec’s IT Policy Compliance Group.

 

EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. Readers of this White Paper are also encouraged to look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report complete with key takeaways from the CISO Executive Summit or to attend or speak at upcoming CISO Executive Summits, please click here. If you would like to receive more information about EC-Council’s Chief Information Security Officer Certification program, please click here.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


World’s Most Comprehensive Computer Forensics Certification – Computer Hacking Forensics Investigator (C|HFI) Version 8 is Available Now

EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) Certification Program. C|HFI is designed to equip security professionals with the necessary skills to identify an intruder’s footprints and to properly gather the required evidence to prosecute in the court of law.

January 24, 2012, Albuquerque, New Mexico – EC-Council announces the availability of the all-new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) program. The program will be available on February 27th, 2012 exclusively in 20 training centers across 15 countries.

A report by Symantec confirms that “Cybercrime has surpassed illegal trafficking as the leading criminal money maker.” With lucrative returns, low risk and difficulty of providing admissible evidence in courts of law, computer and networks become the fastest growing technology tools favored by criminals. With the cost of security breaches almost tripling every two years, organizations need to designate well-trained security professionals to perform digital discovery, evidence acquisition and analysis in an acceptable manner to ensure that they trace, reduce or eliminate key security risks that face their organizations.

EC-Council C|HFIv8 program prepares designated security professionals to track, investigate and apprehend cyber criminals from the inside and outside of the organization.

CHFIv8 presents a detailed methodological approach towards computer forensics and evidence analysis. It is a comprehensive course covering important forensic investigation scenarios that enables students to acquire hands-on experience on various forensic investigation techniques and standard forensic tools. This skillset is necessary to successfully carryout a thorough computer forensic analysis leading to prosecution of perpetrators.

Among the salient features of the C|HFIv8 are:

Jay Bavisi, President of EC-Council said, “According to PwC’s information security Breaches Survey 2010, nearly half of the large organizations admit that they have experienced insider threats (misuse of web and email access, misuse of confidential information, and unauthorized access to systems or data). Organizations today face a very challenging threat in the form of insider abuse that must be addressed to ensure the safety of their organizations’ digital assets.”

A C|HFI v8 professional will be able to understand:

How to track e-mails and investigate e-mail crimes.

EC-Council has certified professionals from Fortune 500 companies as well as various IT giants, conglomerates and government agencies around the world. The corporations and agencies include: US Department of Defence, FBI, CIA, Microsoft, Symantec, Deloitte, and IBM.
For more information, please contact the nearest authorized training center or http://eccouncil.org/chfi/index.html.

Contact:

Kanesan Visvanathan- Products and Operations Executive- kanesan@eccouncil.org

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Secretary General of the International Telecommunications Union (ITU) to be Patron of Global CyberLympics Competition

PR WEB Summary: Dr. Hamadoun I. Toure, the Secretary General of the International Telecommunication Union (ITU), has officially been appointed as the Patron of the Global CyberLympics which is the World’s first international team ethical hacking championships. With that appointment, Dr. Toure will become Chair of the Global CyberLympics Advisory Council (GCAC).

January 26, 2012, ALBUQUERQUE, NM –The Global CyberLympics organizing committee is pleased to announce the official patronage of the Secretary General of the International Telecommunication Union (ITU). ITU is the United Nations specialized agency for information and communication technologies.

Created by EC-Council, the Global CyberLympics is a series of ethical hacking games comprised of both offensive and defensive security challenges that started from September 2011 across different global regions. The top 8 teams, determined during the respective regional championships held in Budapest, Dubai, Miami and Kuala Lumpur, will be vying for the world championship title during the world finals that will be held in Virginia, USA in March 2012.

“Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “With the leadership and guidance from Dr. Toure in his capacity as Honorary Chairman of the Advisory Council, we are confident of expanding the outreach of this initiative globally, raising awareness to global peace through cyber games.”

Dr. Toure said, “I accept the role of Honorary Chair with pleasure and look forward to contributing positively to the success of this initiative. The achievement of global cyberpeace must be a key objective for governments, the private sector and the international community. As Secretary General of the UN Specialized Agency on ICTs, I am fully committed to facilitating dialogue among all relevant stakeholders, in order to reach the overall goal.”

The games come at a crucial time as global cyber threats appear to be escalating. According to the U.S. Cyber Consequences Unit, the annual loss of intellectual property and investment opportunities is $6 to $20 billion as a result of hacking. In a recent article about cyber espionage attacks against the US, the magazine Vanity Fair even referred to 2011 as “the Year of the Hack.”

The EC-Council’s mission with the Global CyberLympics is to unify global cyber defense through the games, along with the following objectives:

The Global CyberLympics is also endorsed by the International Multilateral Partnership Against Cyber Threats (IMPACT), the cybersecurity executing arm of the United Nations’ specialized agency – the International Telecommunications Union (ITU).

For more information about the Global CyberLympics, please visit: http://www.cyberlympics.org

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Changes in Economic Climate and Business Landscape Call for a New Strategic Business Development Process – Wargaming

Fewer resources and smaller budgets are motivating Chief Information Security Officers (CISOs) to transition from an operational executive into a strategic business partner. To excel in today’s evolving and complex business landscape, CISOs must look for a new strategic business development process, such as Business Wargaming. Wargaming will help provide a holistic view of prospective scenarios, create a proactive development plan and an improved reactive strategy.

January 27, 2012, Albuquerque, NM- Today EC-Council releases a new White Paper that introduces an alternative method to conventional CISO practices. As the business landscape becomes more complex and adjusts to stricter policies, increased competition, budgets cuts and limited resources those in the Chief Information Security Officer (CISO) position must develop a strategy that will accommodate and meet the needs of the organization. Business wargaming will help the CISO develop a plan where they can foresee future challenges, predict the moves of their competitors and stay ahead of prospective obstacles.

Nitin Kumar, global executive and managing consultant, published a White Paper “Wargaming for CISOs” in EC-Council’s CISO Series of White Papers, he stresses, “To excel in this new business landscape, CISOs need to look at a new strategy development process which will help making decisions realistic at a minimal risk and achieve full strategic and operational alignment.” To read the white paper, please visit: http://goo.gl/XQPFa

In this White Paper, Nitin Kumar reviews the shortcomings of the conventional CISO strategy and guides the reader through the development of the wargaming strategy by examining wargame types, levels and execution. He suggests ideal circumstances for wargaming and highlights benefits of using this strategy. The White Paper includes tactics that will help the CISO manage the challenges and high demands that come with the role.

Business wargaming adapts the art of simulating moves and counter-moves in a commercial setting. Business war games are a relatively recent development, but they are growing rapidly, and the time has come for CISO organizations to adopt this technique in order to stay ahead of the game.

The CISO position has been around for less than a decade. In that time it has evolved dramatically. Neira Jones, head of payment security for Barclaycard, said in the article “How the Role of the CISO Must Evolve to Balance Risk and Business”, due to the changing business landscape, “The CISO needs to evolve from an isolated subject matter expert and analyst to a trusted advisor on how technology can improve business; to an integrated business thinker, facilitator, leader, evangelist and educator.”

Business Wargaming will help executives develop plans that meet their strategic goals, create competitive advantage, and elevate the pressure felt by the complex and ever-changing nature of today’s business landscape.
EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. If this White Paper is of interest, it is encouraged to also look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester certification and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Global Increase in Outsourcing Leaves Companies Open to Information Security Breaches

Companies must find ways to manage the benefits and risks of outsourcing as almost two-thirds of Information Technology (IT) infrastructure is predicted to be outsourced within the next 8 years. EC-Council CISO Summit panel discussion suggests that increased information security compliance plans, continuous education, and knowledge sharing may prove to be the best solution.

January 23, 2012, Albuquerque, NM- Global economic troubles have motivated many companies to seek alternative means of conducting business that will cut costs and maximize profits. One of the most popular and effective methods is outsourcing Information Security (IS) infrastructure. According to a recent study commissioned by Savvis, Inc. this number is predicted to increase from 17% to over 64% globally by 2020. Security outsourcing has its benefits; however, it also comes with an array of risks.

Jeff Tutton, President of Global Security and Compliance at Intersec Worldwide, recently lead an interactive panel discussion centered on outsourcing and information security management at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit in Las Vegas held from Dec 5-6th. Jeff Tutton was joined by Todd Bell, Executive IT Security Advisor, ConnectTech, LCC, Inno Eroraha, Founder & CEO, NetSecurity Corporation, Chris Oglesby, Senior VP, Knowledge Consulting Group, and Edward Ray, CISO, MMICMAN, LLC. The panel discussion addressed the challenges of managing risk and monitoring the outsourcing company’s performance, while complying with recent industry changes such as SAS70 and PCI compliance. To view an interactive video of the panel discussion, please visit: http://goo.gl/SwxEj

“The challenges of outsourcing are similar to those you may have with the acquisition (insourcing) process. When acquiring a new company you need to ensure that due diligence has been completed prior to acquisition and integration, as you now will be responsible for the security of that company’s data. This is the same with outsourcing,” said Tutton. “Hire a trusted and qualified third party to complete a thorough evaluation of the outsourcing company. But don’t just stop there, put in place methods and controls to monitor and maintain the security of this data during the entire lifecycle. Trust but verify, and assign responsibility to a qualified person within your organization to manage and maintain oversight of security. Another option is to outsource only the data and systems that you want to end up in the public domain.”

Tutton’s panel discussion presented a detailed overview of the benefits and challenges of outsourcing in respect to Information Security (IS). Globally, over 60% of organizations cite that managing the IT infrastructure domestically does not have any competitive advantages and are planning to move operations offshore. However, many offshore companies do not have the same legal restrictions as the United States. For instance, India, one of the biggest destinations for offshore outsourcing, does not have any data privacy laws. This lax in law enforcement leaves confidential information vulnerable to security breaches.

Last year, Epsilon, a cloud-based email service provider, suffered a security breach that landed up affecting around 75 clients and compromised over 60 million personal names and email addresses. Security breaches such as this can be extremely costly and detrimental to a company’s reputation.

“If an organization is looking to do a large infrastructure outsourcing engagement, the best way to ensure that security is a priority is to build a comprehensive list of security requirements into outsourcing contracts, develop appropriate service level agreements and reporting mechanisms to evaluate security and budget for a review by an independent assessment organization – this will ensure that security always stays top of mind,” said panel speaker Chris Oglesby. “If, however, the decision is to outsource infrastructure and security separately then the security operations should drive the direction and outcomes and create independence between the organizations to meet the client needs.”

In the future, companies need to employ executive IS leaders who will develop methods to adequately protect their IT infrastructure when outsourcing in-house responsibilities. Platforms, such as EC-Council’s CISO Summit Series, provide a means for top-level IS executives to gather and discuss the latest industry challenges. Continuous education and knowledge sharing will provide solutions to the quandaries top-executives face on a daily basis. For more information on upcoming EC-Council CISO Executive Summits, please visit: http://www.eccouncil.org/cisosummit.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council CISO Executive Summit Series:

EC-Council CISO Executive Summit Series strives to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent Information Security threats and landscape evolution can be discussed and debated.‬ Designed by EC-Council, the 1st in the CISO Executive Summit Series made its debut in Las Vegas, NV in December 2011. Due to the nature of the discussions, all CISO Summits are closed-door events open only to senior information security executives (C-levels, VPs, Senior Directors, etc.). http://www.eccouncil.org/cisosummit

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.

http://www.eccouncil.org/ciso/


EC-Council to Host Advanced Technical Security Summits in Alexandria and San Jose

Following the success of its inaugural advanced training summit last year, the EC-Council is expanding the EC-Council Summit to two new cities this year. The EC-Council Summit, formerly known as the CAST Summit, is a highly technical and advanced training workshop that offers IT professionals the chance to acquire critical cybersecurity skills in intensive three-days highly technical training workshops. This upcoming series will feature the world renowned Certified Ethical Hacker (CEH) v7, advanced penetration testing, advanced mobile hacking and forensics, advanced application security and advanced network defense. EC-Council Summit will take place March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California.

ALBUQUERQUE, NM – The Center of Advanced Security Training (CAST) – the advanced training division of EC-Council – announces the next installment of its successful advanced training series ‘EC-Council Summit’ (formerly known as CAST Summit) March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California. This series of summits feature five highly technical workshops in ethical hacking, penetration testing, mobile hacking/forensics, application security and network defense.

The highly technical training series first debuted in August 2011 in Washington, D.C. and is now being expanded to new cities this year following the strong reception it received among IT professionals.

EC-Council Summit is a unique training opportunity that gives attendees the chance to undergo an intense three-day ‘deep dive’ in five critical IT security fields with top industry experts. Unlike other training events where students are rushed through short presentations, the EC-Council Summit provides a unique opportunity to be immersed in key subject areas, with comprehensive training modules and a heavy focus on hands-on technical training and hacking labs, taught by the very best in their fields.

“EC-Council Summit is expanding its offerings this year following the remarkable turnout and success we had at the inaugural event last summer,” said Leonard Chin, Director of CAST and EC-Council Conferences & Events. “With an exponential increase of cyber threats facing businesses and government agencies, from the lone hacker armed with easily accessible hacking tools, hacktivists with malicious intents, to Advanced Persistent Threats (APTs), offensive security training has never been more important than it is today. 2011 was called the ‘year of the hack’, but 2012 could be even worse due to the proliferation of hacking tools and the increasing popularity of the hacktivism movement. IT professionals must adapt themselves to this changing threat environment in order to safeguard the information assets of their companies and organizations.”

The goal of EC-Council Summit is to prepare security professionals, such as penetration testers and network security administrators, to use advanced hacking techniques in order to better identify and prevent threats before they impact a company or organization. Participants will walk way with a firm grasp of offensive security strategies and techniques, industry best practices, how to develop a secure baseline, how to harden enterprise architectures from the most advanced attacks, and how to reduce the capabilities of APTs.

Five three-day workshops, followed by a highly technical one-day seminar on key security subjects, will be hosted in each city on the following IT security topics:

For more information about the EC-Council Summit series, please visit http://www.eccouncil.org/summit.

ABOUT CAST:

The Center of Advanced Security Training (CAST) was developed by EC-Council (http://www.eccouncil.org), in conjunction with cybersecurity experts, to address the need for highly technical and advanced security training for information security professionals. Instructed by EC-Council’s select group of master trainers, CAST offers hands-on, lab intensive courses that cover the security industry’s top domains, including advanced penetration testing training, digital mobile forensics training, advanced application security training, advanced network defense training, crimeware attribution, web application security training, and more. CAST is hosted at various international events, including EC-Council’s flagship Hacker Halted and TakeDownCon conference series.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.

EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.