Archive for the ‘In the News’ category


EC-Council Launches Information Security Awareness Program

With an aim to educate budding security professionals, EC Council partners with education institutions across India, starting with Hyderabad

Hyderabad– 28th January, 2013 – EC-Council, one of the leading certification and training organizations in the world has launched its Information Security Awareness Program in India starting with Hyderabad.

This initiative by EC Council is well timed as Frost & Sullivan reported that nearly 80 percent of Indian business enterprises have reported data theft through online hacking. According to a recent Norton by Symantec report, of the total 137 million Internet users in India, 42 million have fallen prey to the cyber fraud in one way or the other. The financial loss per cyber-crime victim is around Rs 10,000 for 2012.

Keeping all of the above in mind, with an aim to educate young students and budding professionals about the hazards in cyber security and the menace of cyber threats, EC Council has launched this ongoing initiative, partnering with numerous colleges, universities and institutions across cities in the country.

Kick starting this program in Hyderabad, EC Council has partnered with Mahatma Gandhi Institute of Technology to talk about the perils of cyber threats with students of the CSE and IT Department and the faculty of the College.

Talking about this program, Mr. Jay Bavisi, Global President, EC Council says, “India is in urgent need of cyber security education. With the number of attacks and vulnerabilities on a rise, organizations and all security professionals need to know how to safe guard themselves from malpractices that can put their company at risk. With our globally adopted courses and trainings, we hope to educate these budding professionals so they are equipped to support organizations in their mission critical business needs that continue to grow. With this program we wish to make the Indian market more secure in the global cyber space.

Speaking at the event, Dr. G. Chandra Mohan Reddy, Principal, Mahatma Gandhi Institute of Technology said, “We see the benefit in this Awareness Program and the multiple ways in which our students will benefit from this. As an institution our goal is to provide world class education and empower the students with skills that will benefit them in the long run personally as well as professionally. We are glad EC Council has initiated this Program and would like to thank them for the knowledge imparted to our students and faculty.”

The EC Council Information Security Awareness Program is a platform for students preparing to be a part of the cyber world to meet, learn and plan together to secure the information security landscape of the future. The program is a combination of a series of seminars, talks, workshops, and events in which students and professionals are educated on topics such as cyber security, secure programming, hacking, cyber warfare, etc.

About EC Council

EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information about EC Council, visit www.eccouncil.org.

Media Contact:
Mail To: marketing.india@eccouncil.org


Global CISO Forum Announced in Wake of LinkedIn Breach

EC-Council is launching the Global CISO Forum to address the increasing demands faced by top-level information security executives. The IS landscape has never been so fraught with attacks as evidenced by the recent LinkedIn password fiasco or by Google sending warnings of state-sponsored attacks to gmail account holders. The Forum, which will take place in conjunction with EC-Council’s premier IS conference, Hacker Halted, will focus on bringing together CISOs from around the world to discuss how the constantly changing security challenges affect the day-to-day lives of CISOs from the largest and most prestigious organizations. A few of the topics to be discussed will include integrating wargames into security strategies, recruiting, training, and managing superior security teams; data loss prevention; as well as internally branding and integrating a security program while aligning it with business objectives.

The diversity of topics that will be covered hint at the breadth of issues with which an average CISO must contend in order to succeed at keeping their organizations’ data safe. “The cybersecurity war is becoming more complicated by the day.” says Jay Bavisi, President of EC-Council. Mr. Bavisi went on to say, “EC-Council’s Global CISO Forum is an event that aims to bring together the world’s best and brightest CISOs to unite against the hackers and share information.”

One reason for continued breaches, according to the recent Wisegate report, could be the changing role CISOs are playing within their organizations. The report documents how CISOs are now more than ever being charged with an ever-expanding suite of responsibilities ranging from managing the conflicts that arise from the differing goals of IS and business development, to developing privacy policies and disaster recovery plans. The Global CISO Forum aims to address these challenges, partly through formal panel-based discussions, but also by bringing together the top minds in the CISO world and encouraging an atmosphere of best practice sharing.

One aspect of the fight for information security that’s long been observed in the industry is the tendency for “the bad guys” to do a better job of information sharing than the guardians of the world’s information. According to Dave Cullinane, CISO at eBay, “Continuous process improvement is happening on the dark side. Our adversary is sharing information quite effectively. We are not. We must begin immediately to do so – and do it far more effectively than ever before. We need to shift the balance of power back to the Good Guys.”

For more information and inclusion in the Forum, interested CISOs can apply to attend here: http://www.eccouncil.org/resources/ciso-executive-summit.aspx.

Read the full story at http://www.prweb.com/releases/2012/7/prweb9675634.htm

To read more please click HERE


CISOs To Huddle In Wake Of LinkedIn Breach, Gmail Warnings

The EC-Council invites security chiefs to get together before Halloween and decide how to bedevil their adversaries.

The EC-Council, the body behind the Certified Ethical Hacker certification, will convene a Global CISO Forum in Miami on Oct. 29 and 30, open only to a limited number of senior information security executives, to discuss a security landscape that is increasing in complexity and alarming Internet users. Apparently, when attackers start ripping off and decrypting large caches of LinkedIn’s hash-encrypted passwords and state-sponsored attacks are a big enough threat to Gmail users that Google has to issue warnings, it’s time for the world’s CISOs to huddle.

The summit, scheduled in conjunction with the EC-Council’s IS conference, Hacker Halted, will gather CISOs from the world’s “largest and most prestigious” enterprises to talk about how these types of extreme events affect their companies and what to do about it.

But what can a forum like this do to prevent data breaches? For one thing, it provides a venue for the exchange of ideas and information. For a long time, attackers have been well-organized and shared information freely. “But due to proprietary, governmental and other borders, we guardians of information do not share information as well as they do,” says Amber Williams, manager of strategic initiatives at the EC-Council. “This forum is designed to promote exchange of ideas and discussion, with six to seven experts per panel topic who will elicit a lot of responses from the audience as they go along.”

That’s all well and good, but, according to Danny Lieberman, CTO of Software Associates, most CISOs and infosec professionals already know what needs to be done for appropriate security countermeasures. For example, encryption is a cornerstone of securing data at rest, and our latest InformationWeek Strategic Security Survey recommendation list includes better vetting of service providers.

The problem is getting the CEO to agree.

While the EC-Council’s Hacker Halted events see increasing attendance year on year, says Williams, the council is capping attendance for the Global CISO Forum at 200. The goal is to make high-level executives feel free to talk about not just best practices but the struggles they have had without fear of hurting their brands, she says.

You know the EC-Council is getting serious when it talks about “integrating war games into security strategies.” Other topics of discussion planned for the summit include recruiting, training, and managing superior security teams; data loss prevention; and internally branding and integrating a security program while aligning it with business objectives. In fact, the EC-Council says one reason for continued breaches is the conflicts that arise from the differing goals of security and business development teams. The forum intends to address this issue and others not only through panels but also by encouraging an atmosphere of best-practice sharing.

It’s great that the EC-Council and CISOs are on fire about this. But it’s also clear that without approval from the CEO, anything with a price tag that doesn’t have demonstrated business value will go nowhere. That is why CISOs should pay special attention to the part about aligning with business objectives.

What CISOs should really be asking at this forum, says Lieberman, is how their peers develop a real business case to present to the CEO. How do I put together a threat model and evaluate the risk? How do I get the CFO on board before I go to the CEO?

Lieberman illustrates a sample exchange, where the CISO is prepared to say to the CEO, “There is X percent chance someone will steal our company’s intellectual property. I have put together a team to evaluate the risk, and that is its finding. It will cost $20 million if this IP theft occurs. I need a couple more employees and $1 million to buy hardware and software to protect that $20 million worth of IP.”

Better yet, have the CFO on the team that helped put together this analysis, something the EC-Council plans to address. “Because we are inviting mostly C-levels, they will report to a board or another C-level executive,” says Williams. “Part of what we want to share is how to brand a security program internally and sell it to the board, C-level executives, and the whole company. And in the case of governments, sell it to the many layers of government workers.”

Another concern for many security chiefs, says Alan Shimel, managing partner at The CISO Group, is the changing nature of the threat. Many CISOs at work today came into that role during a time when financial fraud and cybercrime were the motives for attacks, says Shimel. “Now we have hacktivists and people who are financially motivated, but instead of looking for personally identifiable information, they’re looking for intellectual property,” he says. “Due to these different motives, hackers use different attack vectors.”

Announced speakers for the event include Eddie Schwartz, CISO for RSA; Joe Albaugh, CISO at the Federal Aviation Administration; Ron Baklarz, CISO at Amtrak; and Richard T. Rushing, CISO for Motorola Mobility.

To read more please click HERE


Hack the Hackers 2012

Hack the Hackers 2012
Sofia, Bulgaria

On June 7th, 2012 New Horizons Bulgaria hold Hack the Hackers 2012 – a free seminar with live hacking demos, organized exclusively to promote EC-Council and CEH in Bulgaria.

The event was led by EC-Council top trainer Sean Hanna, who was in Bulgaria to deliver the third CEH training for New Horizons’ clients.

We managed to get Sofia University – the largest and most prestigious university in Bulgaria – to partner and sponsor the event. They provided us with a 300 seat auditorium, situated in the center of Sofia.

Official media partner of the event was Kaldata.com – the leading Bulgarian site for software, hardware and IT news, with over 1,500,000 unique monthly visitors.

Hack the Hackers was once again greatly supported by EC-Council, which was announced as the exclusive certification partner of the event. Hanan Wagie, Senior Director – EMEA, provided us with free 3 CEHv7 digital courseware and 3 iLabs, and arranged an exclusive interview with EC-Council President Jay Bavisi.

The campaign started on May 4th with the launch of Hack the Hackers website and two days later we got 300 registrations! Not a single euro was spent on advertising – an email invitation to our newsletter subscribers and a press release were just enough to spread the word.

Hack the Hackers event was attended by more than 250 onsite and 60 online participants. Many of them work for high-profile companies from the following sectors: Finance, Telecommunications, Information Technologies, Public Administration, Energy, and Manufacturing.

Sean presented the topic Client Side Hacking – Targeting the User, and demonstrated Cracking wireless WPS with Reaver, Remote Code Execution Buffer Overflow, Social engineering with SET and DNS Spoofing). At the end of the seminar two CEH vouchers were awarded to: Lazar Sestrimski, developer at Haemimont LTD, and Vlado Treneski, CISO at Interakcija.

The event got media coverage by Bulgaria’s most popular TV channel (bTV), and a number of online media (Kaldata, Saga Technology, itForum, Info Week, etc.).

Difficulties: Despite the venue was glorious and in a perfect location, we experienced difficulties with the university administration, such as organizational problems, voice echo and lack of technical support.

Next steps:

1. Promotion of EC-Council Secure Computer User Specialist program, in response to growing interest in security issues among non-IT people.

2. Promotion of EC-Council Certified Hacking Forensic Investigator program to raise awareness about collecting digital evidences.

 

To read more please click HERE


Gurgaon Teaches To Hack Ethically

A number of institute offering ethical hacking courses have come up in the city to meet the rising demand of ethical hackers among companies which are gearing up to protect their information from threats, says Mamta Sharma. Gurgaon being a corporate hub has not been unaffected by cyber criminals having seen an alarming increase […]

To read more please click HERE


EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv8) Certification

EC-Council’s Certified Ethical Hacker (CEHv8) certification program receives the American National Standards Institute (ANSI) Personnel Certification Accreditation. To become certified, an organization must undergo stringent quality reviews and assessments. EC-Council is one of the few organizations that specialize in information security (IS) to earn the accreditation.

Albuquerque, NM, March 7, 2012 – Today EC-Council announces that it has been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its Certified Ethical Hacker (CEHv8) certification. EC-Council is one of a handful of certification bodies, whose primary specialization is information security, to be awarded this much sought-after quality standard.

“ANSI commends EC-Council for meeting the rigorous requirements of the ISO/IEC 17024 standard and joining the elite group of organizations that have achieved this distinction” said Dr. Vijay Krishna, ANSI senior manager of personnel certification accreditation programs. “This achievement highlights EC-Council’s commitment to offering a high quality certification program. The ANSI accreditation process is designed to increase the integrity, confidence, and mobility of certified professionals and creates value for all the stakeholders including certification holder, employer, public, and regulatory authorities.”

The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. It is the sole representative of both the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in the United States. ANSI is the only personnel certification accreditation body in the United States to meet nationally accepted practices for accreditation bodies. The ANSI/ISO/IEC 17024 standard addresses the general requirements for certification entities.

In order to award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified Ethical Hacker (CEHv8) certification program.

Jay Bavisi, Co-Founder and President of EC-Council commented, “Achieving ANSI 17024 reflects not only our commitment to quality but, equally important, our approach to continuously improve as a learning organization to ensure that EC-Council is much more agile, efficient, and strategically fit for the future.”

A Certified Ethical Hacker (C|EH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). Since its creation in 2003, the Certified Ethical Hacker has certified over thirty thousand individuals and has become the global de facto leader in certifying IS professionals.

EC-Council has been recognized for its highly popular CISO certification and for its certifications in the field of computer forensic, penetration testing and network security globally.

Bavisi added, “We have worked hard for over 2 years to meet the stringent requirements of ANSI 17024 standard. We have scrutinized and challenged every aspect of EC-Council certification activities and operations. This has resulted in significant improvements to both what we do and how we will do it. This benchmark of excellence will give our customers even more confidence in the quality of our certification”.

Contact:
Marissa Easter- Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 100,000 security professionals and certified more than 50,000 infosec professionals. Its certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico, USA. More information about EC-Council is available at www.eccouncil.org.

About ANSI:
The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF).


Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…


China behind recent hack attacks, says Indian government

The Times of India has accused Chinese hackers, allegedly backed by the Chinese government, of systematically attacking Indian online assets over the past 18 months. The goal of these assaults, at least according to the paper, is to map and discover weak points within India’s IT infrastructure. Such information could give China an advantage in any potential conflict, and the article implies that India has been slow to develop a retalitory system in the event of a Chinese attack.

The degree to which the Chinese government is actually involved in these attacks is still an open question, The Times’ rhetoric notwithstanding. A continuing series of sophisticated and methodical assaults is no longer proof of another nation’s malevolent intent, even if such attacks appear to be originating in the country in question. Read more…


Appin Security multiple sites hacked and databases uploaded online

Appin Knowledge Solutions is a part of Appin Group of Companies and the premier provider of hi- technology certification, courseware as well as online, computer based and instructor led training across the world. Appin is primarily an IIT Alumni company. Appin has come up with the way of innovative learning concept using Computer Based Training Software (CBTS) in a highly interactive environment.


We need a community of ethical hackers, says IT minister Kapil Sibal

NEW DELHI: IT minister Kapil Sibal will table a bill in the Winter Session of Parliament that will mandate all states to automate all services delivered by government. Speaking at the curtain raiser of Third Global Cyber Security Summit in the capital, Sibal said that framing the rules for cyber security in the world will be imperative, as India looks to automate all public services.

India is hosting the third global cyber security summit in October next year. Companies such as ZTE, which are facing problems selling their telecom equipments in various markets, say aligning of cyber security rules will help them. “We need a legal framework as we are dealing with one of the best minds. We also need a community of ethical hackers, as the resource pool of them is very limited in the world,” said Sibal. Read more…