Archive for the ‘Featured’ category


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.

 

These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

 

The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.

The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.

According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”

Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/resources.

2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.

EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/ciso/resources.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…


China behind recent hack attacks, says Indian government

The Times of India has accused Chinese hackers, allegedly backed by the Chinese government, of systematically attacking Indian online assets over the past 18 months. The goal of these assaults, at least according to the paper, is to map and discover weak points within India’s IT infrastructure. Such information could give China an advantage in any potential conflict, and the article implies that India has been slow to develop a retalitory system in the event of a Chinese attack.

The degree to which the Chinese government is actually involved in these attacks is still an open question, The Times’ rhetoric notwithstanding. A continuing series of sophisticated and methodical assaults is no longer proof of another nation’s malevolent intent, even if such attacks appear to be originating in the country in question. Read more…


Appin Security multiple sites hacked and databases uploaded online

Appin Knowledge Solutions is a part of Appin Group of Companies and the premier provider of hi- technology certification, courseware as well as online, computer based and instructor led training across the world. Appin is primarily an IIT Alumni company. Appin has come up with the way of innovative learning concept using Computer Based Training Software (CBTS) in a highly interactive environment.


We need a community of ethical hackers, says IT minister Kapil Sibal

NEW DELHI: IT minister Kapil Sibal will table a bill in the Winter Session of Parliament that will mandate all states to automate all services delivered by government. Speaking at the curtain raiser of Third Global Cyber Security Summit in the capital, Sibal said that framing the rules for cyber security in the world will be imperative, as India looks to automate all public services.

India is hosting the third global cyber security summit in October next year. Companies such as ZTE, which are facing problems selling their telecom equipments in various markets, say aligning of cyber security rules will help them. “We need a legal framework as we are dealing with one of the best minds. We also need a community of ethical hackers, as the resource pool of them is very limited in the world,” said Sibal. Read more…


EC-Council’s CISO Executive Summit 2011 Features a Unique Format that Encourages Knowledge Sharing Among the Diverse Range of Participants

The CISO Executive Summit included over 40 prominent speakers from across industries in the government, private and public sectors who were surprised and pleased by the interactive format of the event.

December 14, 2011 Albuquerque, NM- EC-Council hosted the 1st in its Global CISO (Chief Information Security Officer) Executive Summit Series in Las Vegas, NV December 5-6th at the M Resort.

The CISO Executive Summit 2011 was the first of its kind to be fully comprised of panel-based discussions. Panel chairs and speakers consisted of the world’s most successful thought leaders in the Information Security (IS) industry, including executive representation from top corporations and agencies such as IBM, Motorola, Transunion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, SecureNet Payment Systems, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

The mission of the CISO Executive Summit was to unite the top information security leaders across the world in the fight against cyber crime and information security threats. Today’s rapidly evolving threat landscape is posing new risks to security professionals and the organizations they protect. The panel discussions were centered on the topics most relevant to high-level Information Security leaders including managing insider threats, cloud compliancy, and structuring and managing an infosec workforce. Some of the questions addressed were:

The CISO Executive Summit 2011 successfully accomplished its mission by providing a unique platform of 13 interactive panel discussions. This setup provoked in depth and intimate discussions about issues that are of global concern to high-level Information Security leaders. Panel speakers from the private, public, and government sectors brought an element of diversity and variety to the discussions. To view the full list of speakers, panel discussion topics and abstracts, please visit: http://www.eccouncil.org/cisosummit.

Jay Bavisi, President and Co-Founder of EC-Council, stated “The success of the CISO Summit is evident from the fact that so many senior executives from a vast array of organizations travelled to the EC-Council CISO Summit in the first week of December in Las Vegas. The intense industry representation and their engagement in active dialogue over today’s most pressing issues was beneficial to the industry. It was wonderful to witness the commitment shown by these individuals in seeking continuous learning and sharing.”

Tony Meholic, Chief Information Security Officer at Republic Bank, added, “The extensive knowledge and experience the speakers and audience displayed in the Information Security space was superb. I found the format to be informative and very lively. The opportunity to network with peers from various industries, government and academia was also very welcomed. These connections will provide valuable resources for discussions, questions and recommendations on current and future topics.”

 

 

“It was great to be a part of the 1st series of Global CISO Summit. I enjoyed the great panel discussions, fellowship and networking. I look forward to attending and speaking at future summits.” Said Jeffrey Vinson, CISO at SecureNet LLC., of the networking and knowledge sharing opportunities presented at the CISO Executive Summit.

EC-Council will host the 2nd in the Global CISO Executive Summit Series in May 2012, the location is to be determined. A Global CISO Summit is to proceed on October 25, 2012 in Miami, FL. For upcoming EC-Council CISO Executives Summits, please go to: http://www.eccouncil.org/cisosummit.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Good Versus Evil: How to Further Protect Your Privacy on Mobile Devices and Wireless Networks”

Your bank account has just been drained and the bank says that you willingly did it and there is no chance for a reversal. Well, for all purposes, you did. Your username, password and security questions were all answered correctly just prior to the transaction, but the problem is, it wasn’t you, it was the work of a hacker who gained your information through a public forum in which you had both joined the same wireless network. Can it happen? Yes it can, and it does. One party figures out how to gain information for the benefit of the consumer and the other party figures out the information for the detriment of the consumer. It’s the ongoing battle between certified ethical hackers and malicious hackers. Read more…


XSS Vulnerabilities Can Affect Embedded Browsers in Mobile Apps

A security researcher has noted that the use of embedded browsers in mobile applications can make those applications vulnerable to cross site scripting attacks. Developers of mobile software have found it can be effective to embed a smartphone operating system’s web browser and then create their user interface using HTML, CSS and JavaScript. The user interface is then more portable to other devices and is easier to customise using CSS. But this convenience comes at a cost. Researcher Kyle Osborn, who is presenting his findings at TakedownCon, found that some developers don’t clean the data being sent to their HTML-based user interface.  Read more…


Mobile Security at TakeDownCon: Hackers Handing Out a Healthy Dose of Paranoia”

Smartphones are mini-computers packed with financial and personal info, but even though folks can use their mobile devices for everything from paying bills to GPS, it’s a bit confusing when wondering why folks don’t consider mobile security. To ignore the need for mobile security is a bit like choosing to run a computer without any regard to security precautions. Not wise at all. Even without any malicious intent by app developers, many are not concerned about security; their apps may ask for overreaching access permissions.

Mobile and wireless security news is pouring out of TakeDownCon in Las Vegas. During the keynote presentation, Moxie Marlinspike said “mobile malware detection should be done by the app stores” and “Google has done the absolute bare minimum to secure the Android platform.” Marlinspike tweeted, “Half way through my talk at TakeDownCon this morning, I realized it included some minor Android 0day we hadn’t reported.”  Read more…


New System Secures Cellphones for Web Transactions

An experimental method for two-factor authentication to websites employs mobile phones in a new way to ensure that users’ online accounts don’t get hijacked.

Called password less authentication (PLA), the scheme gathers authentication data over the Internet as well as carrier cellular networks and ties them together to positively identify the person trying to log in to an account, according to the author of PAL, Srikar Sagi, a security researcher.

PLA gets around some shortcomings of other scenarios in which cellphones are used in two-factor authentication. Some of these other methods have secure websites send SMS messages containing one-time passwords to cellphones for users to copy into the authentication page for the site they are logging into.  Read more…