Posts Tagged With ‘cybercrime’


Why are cybercrimes NOT always white-collar crimes?

– Dhananjay Rokde – Global Head – Information Security, Cox & Kings Group

A generic definition of a crime would be an act that is in violation of the applicable laws. A crime / criminal offense may essentially hurt an individual or the community (city or a nation) at large. This concept has now been taken to the next level with rising popularity of cybercrimes. In recent years, there are several analyst reports on the increasing trends of cybercrimes. Of late; several interchangeable terms for cyber crimes such as, computer crime, cyber fraud, internet crime, cyber exploitation, electronic rackets and many others, have emerged. Interestingly; there is no such term as a “cybercrime”, as per any Indian law.

In ‘The State of Information Security Survey -India, 2013′, a report by PWC it reported that the size of the information security market in India in 2012 was Rs 1,200 crore and their estimate for 2013 is Rs 1,415 crore, a growth of 18 per cent. According to the survey, medium businesses with revenues ranging from Rs 500 crore to Rs 5,000 crore, saw an estimated 17 per cent increase in security spending in 2011-12 followed by small businesses with revenues less than Rs 500 crore where the spending increased by 14 per cent. This proves that organizations are not only aware of the menace of cyber threats and attacks but are also focusing on addressing these issues.

There are local laws in almost all countries pertinent to cybercrimes and their admission in the legal system for trials. However, until an actual “terrorist intent” is detected; these perpetrators are never addressed as criminals – instead as white collar criminals or simply as ‘Hackers’. White collar crimes are generally victimless crimes and do not get the attention in society, as much as crimes of theft, hate, violence narcotics and terrorism. However in terms of actual state or national revenue lost, white collar crimes amount to just as much. A hack or a cyberattack can lead to organizations losing data worth millions and can have their revenues compromised. It is also because these criminals are often educated and have jobs in reputed organizations, that gives them leeway. They don’t get the same amount negative embellishment or social interest compared to other criminals. The damage that these crime do is often worse and has far-reaching effects.

To illustrate this let us look at an average cybercrime caused by a DoS (Denial of Service) or a DDoS (Distributed Denial of Service, which is often an organized cybercrime). Web applications belonging to financial institutions like banks, stock exchanges, government bodies & universities remain hot-targets for such attacks. A simple DDoS on a banking site affects all the banks customers and parties associated to the bank. Very simply put it is a two-way damage affecting the payee and the recipient of funds. In many cases this can mean the difference between life and death. Clearly this is NOT a victimless crime. Because the victims are not around to lodge a complaint, or do not even know in most cases that they have been exploited.
The sheer penetration of internet, dependence on it and consumer-convenience of internet banking, e-commerce, trading and online management systems is what often provokes cyber criminals to commit crime. Services like internet baking, airlines bookings / check-ins are no longer a luxury; but life essential amenities. The outage of such services often causes a lot of media hype and gets the attackers exactly the attention they are looking for. Hacktivist groups and cyber vandals are constantly on lookout for such easy consumer based targets.

Just imagine; you are stuck in a blizzard cannot check into a hotel because your credit card limit has abruptly maxed-out, or you are unable to transfer funds back home for an emergency, or not being able to charge your health insurance policy because the networks are down. These are scenarios that are often not taken into account while defining a punishment for the act of a cybercrime. It has also been my personal experience that during such attacks the target banks and application / internet / telecom service providers often do not disclose the occurrence of such attacks; to avoid public embarrassment. It is because there is substantial lack of transparency in the reporting of such incidents by the affected parties that makes it increasingly difficult to catch the culprits. It takes the average victims more than a week to determine if they have actually been exploited. The combination of the two factors mentioned above along with the time-delay assists the criminals to get away.

Law enforcement agencies and legal bodies need to realize a simple truth – “Cyber crimes are actually capable of taking lives”. While the statement may sound a little exaggerated, the actual ripple effects of cyber crimes are felt very late. The impact of a cyber crime is far more than what can be seen at the outset. It is not simply about a unavailability of services or some sites being defaced. This is somewhat like the “Butterfly Effect” theory.

Cyber crimes are becoming costlier by the day. They are costing the global industrial landscape billions of dollars. Such crimes also have severe fall out effects such as permanent loss of reputation, loss of jobs and an overall negative hit on the economy. Not too long ago, Microsoft had officially put up a bounty of USD 250,000 for apprehending the creators of the MSBlast malware.

The Indian IT Act has come a long way from where it began. However it needs to become stringent in two ways – by enforcing onus on the authorities like the police and empowering them with the right tools and knowledge to apprehend such criminals, and also by increasing the severity of the applicable punishments. While harsher sentences are not the complete solution, they are a very strong deterrent. Frost & Sullivan reveals that nearly 80 percent of Indian business enterprises have reported data theft through online hacking and that the cost of computer crimes has reached a whopping USD 10 billion – India is ranked fifth in terms of ecommerce security breaches. These criminals should be tried & prosecuted under the extent of the law. There also needs to be inter-agency synergy between the local cybercrime authorities and the bodies such as the Interpol, NSA, and the CERT.


EC Council Successfully Continues its Information Security Awareness Program

Launched a week back with an aim to educate budding security professionals, EC Council continues to partner with education institutions in Hyderabad and Chennai

India– 30th January, 2013 – EC Council, one of the leading certification and training organizations in the world continues its Information Security Awareness Program in India.

This initiative by EC Council was launched keeping in mind the need of the market and is well timed as Frost & Sullivan reported that nearly 80 percent of Indian business enterprises have reported data theft through online hacking. According to a recent Norton by Symantec report, of the total 137 million Internet users in India, 42 million have fallen prey to the cyber fraud in one way or the other. The financial loss per cyber-crime victim is around Rs 10,000 for 2012.

Keeping all of the above in mind, with an aim to educate young students and budding professionals about the hazards in cyber security and the menace of cyber threats, EC Council has launched this ongoing initiative, partnering with numerous colleges, universities and institutions across cities in the country.

Continuing to partner with educational institutions that started with Mahatma Gandhi Institute of Technology, this week, EC Council has partnered with Padmasri Dr. B.V.Raju Institute of Technology, Geethanjali College of Engineering and Technology and Rajalakshmi College, to talk about the perils of cyber threats with students of the CSE and IT Department and the faculty of the College.

Talking about this program, Mr. Jay Bavisi, Global President, EC Council says, “India is in urgent need of cyber security education. With the number of attacks and vulnerabilities on a rise, organizations and all security professionals need to know how to safe guard themselves from malpractices that can put their company at risk. With our globally adopted courses and trainings, we hope to educate these budding professionals so they are equipped to support organizations in their mission critical business needs that continue to grow. With this program we wish to make the Indian market more secure in the global cyber space. “

The EC Council Information Security Awareness Program is a platform for students preparing to be a part of the cyber world to meet, learn and plan together to secure the information security landscape of the future. The program is a combination of a series of seminars, talks, workshops, and events in which students and professionals are educated on topics such as cyber security, secure programming, hacking, cyber warfare, etc.


About EC Council
EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information about EC Council, visit www.eccouncil.org.

Media Contact:
Mail To: marketing.india@eccouncil.org


EC-COUNCIL AUTHORIZED PARTNER, ITERA LAUNCHES THE FIRST SECURE PROGRAMMING COURSE IN SPAIN

January 1st 2013, Madrid:   EC-Council authorized training partner, ITERA Processing Consulting creates history in Spain by becoming paramount pioneers to launch EC-Council Certified Secure Programmer (ECSP) training in the region.

ITERA delivered the training to the focal mainstay of Spain’s vanguard of online banking communication security and the leading online bank namely “Selfbank.”
Owing to the exponential growing threat to financial and economic industries globally, Selfbank has taken the initiative to inculcate upgraded and more sophisticated security skills within their system to protect themselves against cybercrime and ensure that their client’s operations are highly secured.

This ECSP training has placed Selfbank at the forefront, in terms of qualification of their team, to fight against cybercrime since the very beginning of the development of their products and services.

http://www.eccouncil.org/news/wp-content/uploads/2013/01/ITERA-LAUNCHES-IN-SPAIN.png


CISOs To Huddle In Wake Of LinkedIn Breach, Gmail Warnings

The EC-Council invites security chiefs to get together before Halloween and decide how to bedevil their adversaries.

The EC-Council, the body behind the Certified Ethical Hacker certification, will convene a Global CISO Forum in Miami on Oct. 29 and 30, open only to a limited number of senior information security executives, to discuss a security landscape that is increasing in complexity and alarming Internet users. Apparently, when attackers start ripping off and decrypting large caches of LinkedIn’s hash-encrypted passwords and state-sponsored attacks are a big enough threat to Gmail users that Google has to issue warnings, it’s time for the world’s CISOs to huddle.

The summit, scheduled in conjunction with the EC-Council’s IS conference, Hacker Halted, will gather CISOs from the world’s “largest and most prestigious” enterprises to talk about how these types of extreme events affect their companies and what to do about it.

But what can a forum like this do to prevent data breaches? For one thing, it provides a venue for the exchange of ideas and information. For a long time, attackers have been well-organized and shared information freely. “But due to proprietary, governmental and other borders, we guardians of information do not share information as well as they do,” says Amber Williams, manager of strategic initiatives at the EC-Council. “This forum is designed to promote exchange of ideas and discussion, with six to seven experts per panel topic who will elicit a lot of responses from the audience as they go along.”

That’s all well and good, but, according to Danny Lieberman, CTO of Software Associates, most CISOs and infosec professionals already know what needs to be done for appropriate security countermeasures. For example, encryption is a cornerstone of securing data at rest, and our latest InformationWeek Strategic Security Survey recommendation list includes better vetting of service providers.

The problem is getting the CEO to agree.

While the EC-Council’s Hacker Halted events see increasing attendance year on year, says Williams, the council is capping attendance for the Global CISO Forum at 200. The goal is to make high-level executives feel free to talk about not just best practices but the struggles they have had without fear of hurting their brands, she says.

You know the EC-Council is getting serious when it talks about “integrating war games into security strategies.” Other topics of discussion planned for the summit include recruiting, training, and managing superior security teams; data loss prevention; and internally branding and integrating a security program while aligning it with business objectives. In fact, the EC-Council says one reason for continued breaches is the conflicts that arise from the differing goals of security and business development teams. The forum intends to address this issue and others not only through panels but also by encouraging an atmosphere of best-practice sharing.

It’s great that the EC-Council and CISOs are on fire about this. But it’s also clear that without approval from the CEO, anything with a price tag that doesn’t have demonstrated business value will go nowhere. That is why CISOs should pay special attention to the part about aligning with business objectives.

What CISOs should really be asking at this forum, says Lieberman, is how their peers develop a real business case to present to the CEO. How do I put together a threat model and evaluate the risk? How do I get the CFO on board before I go to the CEO?

Lieberman illustrates a sample exchange, where the CISO is prepared to say to the CEO, “There is X percent chance someone will steal our company’s intellectual property. I have put together a team to evaluate the risk, and that is its finding. It will cost $20 million if this IP theft occurs. I need a couple more employees and $1 million to buy hardware and software to protect that $20 million worth of IP.”

Better yet, have the CFO on the team that helped put together this analysis, something the EC-Council plans to address. “Because we are inviting mostly C-levels, they will report to a board or another C-level executive,” says Williams. “Part of what we want to share is how to brand a security program internally and sell it to the board, C-level executives, and the whole company. And in the case of governments, sell it to the many layers of government workers.”

Another concern for many security chiefs, says Alan Shimel, managing partner at The CISO Group, is the changing nature of the threat. Many CISOs at work today came into that role during a time when financial fraud and cybercrime were the motives for attacks, says Shimel. “Now we have hacktivists and people who are financially motivated, but instead of looking for personally identifiable information, they’re looking for intellectual property,” he says. “Due to these different motives, hackers use different attack vectors.”

Announced speakers for the event include Eddie Schwartz, CISO for RSA; Joe Albaugh, CISO at the Federal Aviation Administration; Ron Baklarz, CISO at Amtrak; and Richard T. Rushing, CISO for Motorola Mobility.

To read more please click HERE


Organizations Engage in Certification Training to Protect Against Cyber Attacks

The recent increase in security breaches has caused many organizations to put a greater emphasis on improving the skills of the information security (IS) workforce. Research shows IS certifications lead to improved job performance and higher returns on investment. EC-Council’s Chief Information Security Officer Certification (C|CISO) equips CISOs with the most effective toolset to lead a high performing information security program and defend the company from cyber attacks.

February 14, 2012, Albuquerque, NM- Recent research by Ponemon Institute has shown that the average cost of cybercrime has increase by 56%. The complex and dynamic nature of the current risk landscape is causing organizations to put a greater focus on training of its workforce. A current study by Global Knowledge cites that managers believe certified information security professionals are 80% more effective at their jobs post certification. Further, studies show that investing in certifications can yield higher return on investment (ROI).

According to a study by IBM, “When business partners are grouped by the number of certified individuals on staff, those with higher levels of certifications exhibit measurably higher revenue per certified individual, and the value of each additional certification improves team performance.” IBM estimates that every $1 invested in learning and certifications averages a return in revenue of $345. In addition to an increase in revenue, certifications improve team performance by 11%.

The need for having a highly skilled information security team has never been greater. Jay Bavisi, President and Co-Founder of EC-Council, stated “The information security industry has changed tremendously in the past few years. This year alone, large corporations and governments around the world have suffered devastating and extremely costly cyber attacks. With the need to fulfill the IS industry’s growing needs for strong leadership, the Chief Information Security Officer Certification (C|CISO) was designed to complement the use of high-end technology with empowered and experienced executives who are ready to direct the information security team in today’s complex environment.”

EC-Council’s Chief Information Security Officer Certification prepares Chief Information Security Officers (CISOs) to defend their organizations from security breaches by actively improving the current information technology security solutions, enforcing regulatory requirements and aligning IS with the strategic needs and goals of their organization. This skill set enables the CISO to be the best guardian of their organization’s digital assets. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso.

According to SC Magazine companies that employ a CISO to lead an effective IS program are 10 times less likely to experience costly security breaches. Today’s risk landscape makes it almost impossible to protect against data loss and theft without the skills of a highly trained IS leader, like a CISO. Certifications provide the CISO with the tools needed to effectively protect the organization from cybercrime. To view additional CISO resources, please click this link.

Contact:

Marissa Easter- Marketing Communications Specialist- marissa.easter@eccouncil.org
About EC-Council’s Chief Information Security Officer (C|CISO) Certification:
C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


World’s Most Comprehensive Computer Forensics Certification – Computer Hacking Forensics Investigator (C|HFI) Version 8 is Available Now

EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) Certification Program. C|HFI is designed to equip security professionals with the necessary skills to identify an intruder’s footprints and to properly gather the required evidence to prosecute in the court of law.

January 24, 2012, Albuquerque, New Mexico – EC-Council announces the availability of the all-new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) program. The program will be available on February 27th, 2012 exclusively in 20 training centers across 15 countries.

A report by Symantec confirms that “Cybercrime has surpassed illegal trafficking as the leading criminal money maker.” With lucrative returns, low risk and difficulty of providing admissible evidence in courts of law, computer and networks become the fastest growing technology tools favored by criminals. With the cost of security breaches almost tripling every two years, organizations need to designate well-trained security professionals to perform digital discovery, evidence acquisition and analysis in an acceptable manner to ensure that they trace, reduce or eliminate key security risks that face their organizations.

EC-Council C|HFIv8 program prepares designated security professionals to track, investigate and apprehend cyber criminals from the inside and outside of the organization.

CHFIv8 presents a detailed methodological approach towards computer forensics and evidence analysis. It is a comprehensive course covering important forensic investigation scenarios that enables students to acquire hands-on experience on various forensic investigation techniques and standard forensic tools. This skillset is necessary to successfully carryout a thorough computer forensic analysis leading to prosecution of perpetrators.

Among the salient features of the C|HFIv8 are:

Jay Bavisi, President of EC-Council said, “According to PwC’s information security Breaches Survey 2010, nearly half of the large organizations admit that they have experienced insider threats (misuse of web and email access, misuse of confidential information, and unauthorized access to systems or data). Organizations today face a very challenging threat in the form of insider abuse that must be addressed to ensure the safety of their organizations’ digital assets.”

A C|HFI v8 professional will be able to understand:

How to track e-mails and investigate e-mail crimes.

EC-Council has certified professionals from Fortune 500 companies as well as various IT giants, conglomerates and government agencies around the world. The corporations and agencies include: US Department of Defence, FBI, CIA, Microsoft, Symantec, Deloitte, and IBM.
For more information, please contact the nearest authorized training center or http://eccouncil.org/chfi/index.html.

Contact:

Kanesan Visvanathan- Products and Operations Executive- kanesan@eccouncil.org

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Global Increase in Outsourcing Leaves Companies Open to Information Security Breaches

Companies must find ways to manage the benefits and risks of outsourcing as almost two-thirds of Information Technology (IT) infrastructure is predicted to be outsourced within the next 8 years. EC-Council CISO Summit panel discussion suggests that increased information security compliance plans, continuous education, and knowledge sharing may prove to be the best solution.

January 23, 2012, Albuquerque, NM- Global economic troubles have motivated many companies to seek alternative means of conducting business that will cut costs and maximize profits. One of the most popular and effective methods is outsourcing Information Security (IS) infrastructure. According to a recent study commissioned by Savvis, Inc. this number is predicted to increase from 17% to over 64% globally by 2020. Security outsourcing has its benefits; however, it also comes with an array of risks.

Jeff Tutton, President of Global Security and Compliance at Intersec Worldwide, recently lead an interactive panel discussion centered on outsourcing and information security management at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit in Las Vegas held from Dec 5-6th. Jeff Tutton was joined by Todd Bell, Executive IT Security Advisor, ConnectTech, LCC, Inno Eroraha, Founder & CEO, NetSecurity Corporation, Chris Oglesby, Senior VP, Knowledge Consulting Group, and Edward Ray, CISO, MMICMAN, LLC. The panel discussion addressed the challenges of managing risk and monitoring the outsourcing company’s performance, while complying with recent industry changes such as SAS70 and PCI compliance. To view an interactive video of the panel discussion, please visit: http://goo.gl/SwxEj

“The challenges of outsourcing are similar to those you may have with the acquisition (insourcing) process. When acquiring a new company you need to ensure that due diligence has been completed prior to acquisition and integration, as you now will be responsible for the security of that company’s data. This is the same with outsourcing,” said Tutton. “Hire a trusted and qualified third party to complete a thorough evaluation of the outsourcing company. But don’t just stop there, put in place methods and controls to monitor and maintain the security of this data during the entire lifecycle. Trust but verify, and assign responsibility to a qualified person within your organization to manage and maintain oversight of security. Another option is to outsource only the data and systems that you want to end up in the public domain.”

Tutton’s panel discussion presented a detailed overview of the benefits and challenges of outsourcing in respect to Information Security (IS). Globally, over 60% of organizations cite that managing the IT infrastructure domestically does not have any competitive advantages and are planning to move operations offshore. However, many offshore companies do not have the same legal restrictions as the United States. For instance, India, one of the biggest destinations for offshore outsourcing, does not have any data privacy laws. This lax in law enforcement leaves confidential information vulnerable to security breaches.

Last year, Epsilon, a cloud-based email service provider, suffered a security breach that landed up affecting around 75 clients and compromised over 60 million personal names and email addresses. Security breaches such as this can be extremely costly and detrimental to a company’s reputation.

“If an organization is looking to do a large infrastructure outsourcing engagement, the best way to ensure that security is a priority is to build a comprehensive list of security requirements into outsourcing contracts, develop appropriate service level agreements and reporting mechanisms to evaluate security and budget for a review by an independent assessment organization – this will ensure that security always stays top of mind,” said panel speaker Chris Oglesby. “If, however, the decision is to outsource infrastructure and security separately then the security operations should drive the direction and outcomes and create independence between the organizations to meet the client needs.”

In the future, companies need to employ executive IS leaders who will develop methods to adequately protect their IT infrastructure when outsourcing in-house responsibilities. Platforms, such as EC-Council’s CISO Summit Series, provide a means for top-level IS executives to gather and discuss the latest industry challenges. Continuous education and knowledge sharing will provide solutions to the quandaries top-executives face on a daily basis. For more information on upcoming EC-Council CISO Executive Summits, please visit: http://www.eccouncil.org/cisosummit.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council CISO Executive Summit Series:

EC-Council CISO Executive Summit Series strives to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent Information Security threats and landscape evolution can be discussed and debated.‬ Designed by EC-Council, the 1st in the CISO Executive Summit Series made its debut in Las Vegas, NV in December 2011. Due to the nature of the discussions, all CISO Summits are closed-door events open only to senior information security executives (C-levels, VPs, Senior Directors, etc.). http://www.eccouncil.org/cisosummit

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.

http://www.eccouncil.org/ciso/


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.

 

These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

 

The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.

The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.

According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”

Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/resources.

2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.

EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/ciso/resources.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


EC-Council’s CISO Executive Summit 2011 Features a Unique Format that Encourages Knowledge Sharing Among the Diverse Range of Participants

The CISO Executive Summit included over 40 prominent speakers from across industries in the government, private and public sectors who were surprised and pleased by the interactive format of the event.

December 14, 2011 Albuquerque, NM- EC-Council hosted the 1st in its Global CISO (Chief Information Security Officer) Executive Summit Series in Las Vegas, NV December 5-6th at the M Resort.

The CISO Executive Summit 2011 was the first of its kind to be fully comprised of panel-based discussions. Panel chairs and speakers consisted of the world’s most successful thought leaders in the Information Security (IS) industry, including executive representation from top corporations and agencies such as IBM, Motorola, Transunion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, SecureNet Payment Systems, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

The mission of the CISO Executive Summit was to unite the top information security leaders across the world in the fight against cyber crime and information security threats. Today’s rapidly evolving threat landscape is posing new risks to security professionals and the organizations they protect. The panel discussions were centered on the topics most relevant to high-level Information Security leaders including managing insider threats, cloud compliancy, and structuring and managing an infosec workforce. Some of the questions addressed were:

The CISO Executive Summit 2011 successfully accomplished its mission by providing a unique platform of 13 interactive panel discussions. This setup provoked in depth and intimate discussions about issues that are of global concern to high-level Information Security leaders. Panel speakers from the private, public, and government sectors brought an element of diversity and variety to the discussions. To view the full list of speakers, panel discussion topics and abstracts, please visit: http://www.eccouncil.org/cisosummit.

Jay Bavisi, President and Co-Founder of EC-Council, stated “The success of the CISO Summit is evident from the fact that so many senior executives from a vast array of organizations travelled to the EC-Council CISO Summit in the first week of December in Las Vegas. The intense industry representation and their engagement in active dialogue over today’s most pressing issues was beneficial to the industry. It was wonderful to witness the commitment shown by these individuals in seeking continuous learning and sharing.”

Tony Meholic, Chief Information Security Officer at Republic Bank, added, “The extensive knowledge and experience the speakers and audience displayed in the Information Security space was superb. I found the format to be informative and very lively. The opportunity to network with peers from various industries, government and academia was also very welcomed. These connections will provide valuable resources for discussions, questions and recommendations on current and future topics.”

 

 

“It was great to be a part of the 1st series of Global CISO Summit. I enjoyed the great panel discussions, fellowship and networking. I look forward to attending and speaking at future summits.” Said Jeffrey Vinson, CISO at SecureNet LLC., of the networking and knowledge sharing opportunities presented at the CISO Executive Summit.

EC-Council will host the 2nd in the Global CISO Executive Summit Series in May 2012, the location is to be determined. A Global CISO Summit is to proceed on October 25, 2012 in Miami, FL. For upcoming EC-Council CISO Executives Summits, please go to: http://www.eccouncil.org/cisosummit.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.