Posts Tagged With ‘Information Assurance’


EC-Council Forewarns Organizations About the Dangers of Phishing Attacks as Cybercriminals Move to More Concentrated Hacking Methods

New research shows that cyber criminals are moving away from mass spam attacks and focusing on more targeted hacking techniques. The most common of these methods is phishing. EC-Council has released a comprehensive guide on steps organizations can take to prevent disastrous security breaches.
February 13, 2012, Albuquerque, NM- Recent research shows that cybercriminals have moved from large mass spam attacks to more targeted techniques. One of the most common of these attacks is phishing, an attempt by cybercriminals and identity thieves to obtain sensitive information by masquerading as a legitimate and trustworthy source.

In order to keep organizations’ information secure, it is crucial for Information Assurance leaders to understand the two types of phishing methods: spear phishing and whaling, and the devastating risks they carry. Spear phishing is the most commonly used phishing method. Experts cite the amount of money generated as the reason for the switch to more concentrated attacks.

According to recent research conducted by Cisco, “Spear phishing attacks have proven to be both highly dangerous to victims and immensely valuable to cyber criminals. A vastly customized phishing attack can net 10 times the profit of a mass attack.” Cisco estimates the annual global cost of targeted attacks to organizations is $1.29 billion.

Sameer Shelke, IT Services and Risk Management Leader, says “Tackling phishing attacks can be immensely challenging as phishing emails are usually very convincing and it is hard to distinguish them from genuine emails. Risk management and control mechanisms against such social engineering attacks need to be dynamic in order to keep up with evolving security risks.” Shelke goes on to say, “While upgrading to advanced security solutions is crucial, educating people about phishing is also equally important.”

 

EC-Council recently released a White Paper written by Shelke that explores differences between spear phishing and whaling and offers solutions to combat phishing attacks. To download Shelke’s White Paper “Shield Your Business – Combat Phishing Attacks”, please visit: https://www.eccouncil.org/ciso/resourcesTo be successful at combating these attacks, an organization needs to have strong leadership in place. An effective Chief Information Security Officer (CISO) will lead a high performing information security (IS) program that protects against cyber crime and security breaches. EC-Council created the Global CISO Executive Summit Series to unite the IS leaders across the world in the fight against cyber crime. The CISO Executive Summits provide a platform for continuous learning where the most recent infosec threats and landscape evolution can be discussed.

 

EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts If this White Paper is of interest, it is encouraged to also look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report from the CISO Executive Summit, please go to this link. If you would like to attend or speak at upcoming CISO Executive Summits and would like to receive more information, please click here.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

 

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Research Proves Best Performing Companies Employ a CISO with a High-Performing Security Program

Research done by SC Magazine proves that organizations that have a Chief Information Security Officer (CISO) have higher profit margins, generate more revenue, and display increased productivity.

January 31, 2012, Albuquerque, NM- EC-Council has released a new white paper that gives comprehensive strategies to CISOs on leading a high-performing information security (IS) program. According to research done by SC Magazine, companies that have an active CISO role and high-performing security program generate more revenue, spend less money, are more productive, and have reduced risks. However, the complexities and challenges of the organization’s infrastructure create daily traps that distract IS teams from carrying out tactical and strategic functions.

An effective CISO and well-run information security program can save a company almost 10% of total revenue. SC Magazine’s “Want to Reduce IT Risk and Save Money? Hire a CISO” article cites that this saving in gross revenue is accredited to a decreased risk of data loss and theft. Further, the article cites that the most successful companies that employ a CISO to lead an effective IS program are 10 times less likely to experience costly security breaches.

 

Chief Information Security Officer Summit Todd Bell, Executive IT Security Advisor at ConnectTech, LLC., says “Today’s threat landscape requires CISOs to develop and implement a high-performing information security (IS) program. One of the biggest challenges is not letting the torrent of corporate issues interfere with the overall effectiveness of the IT security team.” Bell, a speaker at EC-Council’s CISO Executive Summit in December 2011, was inspired by his panel role in the “Implementing a High-Performing Information Security Program” discussion and developed a how-to-guide for CISOs on leading a high-performing IS program. To view the White Paper, please go to: http://goo.gl/pxmY5 “Simply put, CISOs contribute to better business results by ensuring security measures are fully implemented, standardizing and automating procedures, and by taking a strategic role with the organization to make information security a part of a business process.” Affirms Jim Hurley, managing director of Symantec’s IT Policy Compliance Group.

 

EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. Readers of this White Paper are also encouraged to look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series. To view the full report complete with key takeaways from the CISO Executive Summit or to attend or speak at upcoming CISO Executive Summits, please click here. If you would like to receive more information about EC-Council’s Chief Information Security Officer Certification program, please click here.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Changes in Economic Climate and Business Landscape Call for a New Strategic Business Development Process – Wargaming

Fewer resources and smaller budgets are motivating Chief Information Security Officers (CISOs) to transition from an operational executive into a strategic business partner. To excel in today’s evolving and complex business landscape, CISOs must look for a new strategic business development process, such as Business Wargaming. Wargaming will help provide a holistic view of prospective scenarios, create a proactive development plan and an improved reactive strategy.

January 27, 2012, Albuquerque, NM- Today EC-Council releases a new White Paper that introduces an alternative method to conventional CISO practices. As the business landscape becomes more complex and adjusts to stricter policies, increased competition, budgets cuts and limited resources those in the Chief Information Security Officer (CISO) position must develop a strategy that will accommodate and meet the needs of the organization. Business wargaming will help the CISO develop a plan where they can foresee future challenges, predict the moves of their competitors and stay ahead of prospective obstacles.

Nitin Kumar, global executive and managing consultant, published a White Paper “Wargaming for CISOs” in EC-Council’s CISO Series of White Papers, he stresses, “To excel in this new business landscape, CISOs need to look at a new strategy development process which will help making decisions realistic at a minimal risk and achieve full strategic and operational alignment.” To read the white paper, please visit: http://goo.gl/XQPFa

In this White Paper, Nitin Kumar reviews the shortcomings of the conventional CISO strategy and guides the reader through the development of the wargaming strategy by examining wargame types, levels and execution. He suggests ideal circumstances for wargaming and highlights benefits of using this strategy. The White Paper includes tactics that will help the CISO manage the challenges and high demands that come with the role.

Business wargaming adapts the art of simulating moves and counter-moves in a commercial setting. Business war games are a relatively recent development, but they are growing rapidly, and the time has come for CISO organizations to adopt this technique in order to stay ahead of the game.

The CISO position has been around for less than a decade. In that time it has evolved dramatically. Neira Jones, head of payment security for Barclaycard, said in the article “How the Role of the CISO Must Evolve to Balance Risk and Business”, due to the changing business landscape, “The CISO needs to evolve from an isolated subject matter expert and analyst to a trusted advisor on how technology can improve business; to an integrated business thinker, facilitator, leader, evangelist and educator.”

Business Wargaming will help executives develop plans that meet their strategic goals, create competitive advantage, and elevate the pressure felt by the complex and ever-changing nature of today’s business landscape.
EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. If this White Paper is of interest, it is encouraged to also look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester certification and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.

 

These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

 

The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.

The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.

According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”

Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/resources.

2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.

EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/ciso/resources.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Ethical Hacking Scholarship Recipient Announced to Equip Tomorrow’s IA Leaders with Skills to Lead Organizations’ Security Posture

The need for IT skilled professionals has never been greater as cyber threats and breaches increase at rapid speeds. In meeting the strong demand for highly educated information security professionals, EC-Council announces the recipient of a full Ethical Hacking Scholarship that will provide superior Information Assurance (IA) education. In addition, EC-Council University will award fifty applicants a Cyber Security Fellowship that will cut tuition costs in half.

October 24, 2011 Albuquerque, NM – Today, EC-Council University (ECU) awards the full-ride, $17,000 Ethical Hacking Scholarship to Mr. Kris Gairola. Gairola, an experienced IT Security Specialist, holds a bachelors degree in Information Systems and Operations Management from George Mason University along with several industry certifications, including EC-Council’s Certified Ethical Hacker (C|EH).

“We are extremely excited to award this scholarship to such an impressive applicant, and are looking forward to working with him as he develops his executive level IT and management competencies through the Master of Security Science (MSS) program,” says Dr. Kim Freeland, Dean of ECU, but adds that “It was a difficult decision to make due to the extensive pool of well-qualified applicants who submitted applications to be considered for the scholarship. Congratulations, Kris!”

Completion of the Masters of Security Science will provide Kris with the tools necessary to lead an organization regardless of its size in combating the ever-growing cyber threat. The MSS program will lay the foundation for lifelong learning and teach students, like Kris, how to grow, research, and adapt with the agility required to lead an organization’s complete security posture. MSS faculty are professionals who possess years of experience in the field of IT security and are considered experts by their peers. Faculty instruction, combined with their professional experience in IA, supports students as they work to apply various cyber security and management theories to real-world situations.

In addition to awarding the Ethical Hacking Scholarship, ECU is presenting fifty (50) Cyber Security Fellowships to well-qualified applicants who are looking to advance their careers in the ever-growing industry of information assurance. The Cyber Security Fellowship reduces tuition fees by fifty percent.

With cyber-security attacks on the rise, it is evident that the need for highly-trained IT security professionals will increase. A report released by the Government Accountability Office states that there have been 24 key agencies reporting Federal Cyber Security incidents, which is a 650 percent increase over the last five years. The Help Net Security magazine also reports that the number of critical vulnerabilities has tripled in 2011 and this led to the declaration of 2011 as the “Year of the Security Breach.” The Government Accountability Office suggests that the increase in the number of security incidents reported is due to a number of weaknesses with regard to how security is being implemented. Additional research and follow up shows lack of improvement furthering the issue. The lack of adequate training given to authorized personnel assisting in the monitoring of cyber security leaves businesses susceptible to attacks.

EC-Council University operates with the goal of meeting these industry needs by producing skilled IT and management innovators who will be the information assurance leaders of tomorrow. As organizations look for ways to safeguard their networks from cybercriminals, graduates will be there to provide solutions.

The Master’s of Security Science program solidifies a symbiotic blend of executive leadership and tactical information security and infosec leadership skills by educating individuals in industry leading technologies and skills, executive leadership, psychology, management and ethics. Focusing on topics like “inside the hackers mind,” “ethical hacking”, and even “global leadership” provides a very unique skill set arming the graduate with the tools, knowledge, and ability to lead effectively against advanced persistent threats such as individually motivated hacktivists, state sponsored organizations, even organized crime exploiting digital technologies.

ABOUT EC-COUNCIL UNIVERSITY:

EC-Council University is a leading provider of information security education and training to professionals in the security and military fields, and post-graduate students. It is the developer of the ‘Master of Security Science,’ a 100 percent online degree program designed to provide students with a solid foundation in information security. The MS information security course is suitable for students with a wide range of previous security experience. The MSS program is offered online, enabling students to access classes from any location in the world and at any time. The University also offers several certifications, including Information Security Professional, IT Analyst, Digital Forensics and Executive Information Assurance, IT Disaster Recovery Certifications. Digital Forensics and Executive Information Assurance. Website: http://www.eccuni.us