Posts Tagged With ‘Network Security Information’


Bank online with confidence

Authored by  – Anand Naik, Managing Director-Sales, India & SAARC, Symantec

Gone are the days of standing in a queue at the bank, with a token in hand waiting to make a transaction! Today, the internet allows us to perform so many banking transactions online – from checking account balances and transferring funds, to reviewing our credit reports and making bill payments. We no longer have to get in the car, drive to the bank, or communicate with a bank teller in person. For most of us, online banking offers tremendous time savings and the option to bank at our convenience. With the rapid advancement of technology, we’re now able to use our mobile devices to help take care of our banking needs, regardless of whether we are at home, at work or even on holiday!

However, there’s always a flip side to such major changes. Banking has evolved to be literally at our fingertips, but this convenience comes at a risk as the cybercriminals are continuously on the lookout to steal our money, our information and identities. The Norton Cybercrime Report 2012 found that globally, 18 adults become a victim of cybercrime every second, resulting in more than one and a half million cybercrime victims each day. The direct cost of cybercrime was an average of US$197 per victim across the world and in India, that amount was only slightly lower at US$192 or INR 10,585. Symantec’s Internet Security Threat Report XVIII reports that in 2012 mobile malware increased by 58 percent. With a 30 percent increase in the number of mobile OS vulnerabilities, consumers using banking services via their mobile devices are at a higher risk of data theft.

The Norton Cybercrime Report 2012 also revealed that 42 million Indians have been victims of cybercrime in the past 12 months, which is a 75 percent increase from the number of cybercrime victims the previous year. Some of the more common techniques cybercriminals use to steal our information are phishing and pharming. Phishing is a method by which fake emails – for example, messages that look like they are coming from our banks – are sent to users asking for their account numbers and passwords. Pharming techniques are used by cybercriminals who create legitimate-looking web pages to trick visitors into divulging these details. Both of these methods are examples of social engineering – where the users themselves are tricked, duped or lured into parting with private information.

Just last year, Symantec observed attacks where phishers spoofed the Reserve Bank of India’s Web site as a ploy for a tax refund scam. The phishing site attempted to lure users by stating that the bank would take full responsibility for depositing the tax refund to the user’s personal bank account. The user was prompted to select the name of the bank from a list of eight banks and enter their customer ID and password. Through this, phishers intended to steal the confidential information of customers of several banks from a single phishing site. The following page asked for credit/debit card number and PIN number. After these details were entered, the phishing site displayed a message acknowledging that the request for the tax refund has been submitted successfully. The user was then redirected to the legitimate Reserve Bank of India site, little knowing that they had just become a cybercrime victim.

While these clever ploys by cybercriminals may lead many of us to hesitate from banking online, there are precautions we can take to ensure that our information and hard-earned money are safe regardless of the channel we use for transactions.

If we are aware, vigilant and follow some basic guidelines, we can enjoy the convenience of banking online with confidence.

Quote from Anand Naik, “Today, cybercrime is much more prevalent than people realize. Cybercriminals have moved from more traditional forms of attack such as mass distributed malware, to more targeted attacks that include social engineering to gain access to sensitive and personal information. With an increasing number of Indians banking online, the need to remain alert has never been greater. With some common rules and a comprehensive security solution in place, we can all safely enjoy the benefits of online banking.”


In an effort to improve the course and training material available to Moroccan information security professionals, IT-Gnosis has teamed up with EC-Council to reduce copyright violations.

Finding reliable training materials and courses is an important component for information security professionals looking to develop their careers. The training market in Morocco has often left professionals looking to expand their knowledge of the latest information security techniques and trends with no other option but to turn to providers whose course offerings and methods are not authorized by those who created them. In the case of EC-Council’s broad range of courses and materials, one company is joining the fight against the widespread plagiarism in Morocco. IT-Gnosis, EC-Council’s exclusive representative and course provider in not just Morocco but France, Spain, Italy, Portugal, and Malta believes in being very selective when it comes to partners. Says IT-Gnosis founder Claire Kemp, the prevalence rampant copyright violations “… is why it is important to carefully handpick partners who are committed to offering first-class, authorized EC-Council certified training to Moroccan IT professionals.”

In that spirit, EC-Council announced that with the help of IT-Gnosis, Dataprotect has been named an authorized training center in Morocco. Dataprotect, a leading IT training company in Casablanca has been accredited by many other prestigious organizations before earning this nod from EC-Council, including PCI SSC and CGEM. Claire Kemp went on to say “I have no doubt that the quality of EC-Council certified trainings offered by Dataprotect will attract the ambitious IT professionals in the Moroccan market.”

EC-Council lauded their trusted partner IT-Gnosis for their help in identifying the most qualified and trustworthy partner in a region they know very well. The unauthorized training material that has so far been widely available in Morocco comes from training centers violating copyright laws to offer training and course material they have not been authorized to deliver. Students who enroll in these courses have no guarantee that their training or the certification conferred onto them by the training centers will be recognized by EC-Council. This has led to many frustrated students who were lead to believe that they were advancing their careers through this training but only found out later that the materials they encountered at these centers are not up-to-date or accurate.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacker (C|EH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (ECSA) and Licensed Penetration Tester (LPT) program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals and most recently EC-Council has received accreditation from the American National Standards Institute (ANSI).
For more information about EC-Council, please visit www.eccouncil.org.

DataProtect is a company specialized in information security. Founded by security experts who conducted several consulting projects and integration of security solutions in Morocco and abroad, DataProtect support its bid for a unified view of information security.

About IT-Gnosis
Since 2007, IT-Gnosis has been active in many parts of Europe, including France, Morocco, Switzerland, Italy, Spain, … Its activity is dedicated exclusively to IT security related trainings. Through partnerships with training centers and schools/universities, IT-Gnosis offers vendor neutral training and certifications, supports its partners in their development, and provides course materials, licenses for online Labs and eventually provides the certified trainers to deliver these courses. IT-Gnosis is the exclusive representative of EC-Council (worldwide known creator of the CEH-Certified Ethical Hacker training, among others …) in many European countries , particularly in France, Spain, Portugal, Italy, Malta and North Africa and point of contact for IP3 (CISSP training, CCSK, and S2R events, …) for these countries and for Switzerland. There are nowadays more than 30 training companies & schools/universities partnering with IT-Gnosis in these countries.


Spanish Information Security Professionals have expanded opportunities for advanced security training, keeping Spain’s organizations safer from hackers

Due to a partnership between industry leader EC-Council, creator of the Certified Ethical Hacker (CEH), and their top Spanish partner, IT-Institute, professionals seeking advanced training can now take training and earn the certification for EC-Council Certified Security Analyst (ECSA).

In a move designed to expand the training opportunities available to Spanish infosec professionals, IT-Institute of Spain has added EC-Council’s advanced hacking and penetration testing (pentest) training and certification, the EC-Council Certified Security Analyst (ECSA). The ECSA certification and training program represents a major step forward in the fight against malicious hackers, because it teaches students not only to understand the mindset and tools of a malicious hacker, but prepares students for real world pentesting – the practice of ethically hacking in order to find the weaknesses of a system.  The pentesting techniques taught in ECSA are those used by leading experts in the area.  The purpose of this certification is to add value to IT security professionals by providing training that will help them to design, secure, and test networks with a single purpose: Protecting their organizations from the threats posed by malicious hackers.

IT-Institute and EC-Council have already sent the first qualified professionals through the training, garnering rave reviews from students and instructors alike.  With this course added to their roster, IT-Institute and EC Council consolidate their leadership in security training and certifications in the Spanish market, but more importantly, make great steps forward in securing the information infrastructure of Spanish organizations, government agencies, and companies of all sizes.

About IT-Institute: IT-Institute, Advanced Information Technology Center, is the center of advanced training in Information technology with a huge portfolio of courses and certifications.  IT-Institute specializes in bringing the official courses from the most recognized brands of information technology to students around the world.  With a presence in Mexico, Spain, Argentina, Colombia, Peru, Costa Rica, and Ecuador, their reach is growing all the time. In addition to ECSA, IT-Institute also offers a full suite of EC-Council certifications, including CEH, CHFI, and ECSP.

About EC-Council: The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacking (CEH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (CHFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (LPT) program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals and most recently EC-Council has received accreditation from the American National  standards Institute (ANSI).

 

For more information about EC-Council, please visit www.eccouncil.org

 


The Battle Against Cyber Attacks

The proliferation of ICT and virtualisation has brought about a revolution of a different sort – a cyber revolution – which has created a myriad of benefits and opportunities to countries, organisations and individuals, while introducing the new and unstoppable threat of cyber attacks. Bringing down entire organisations and throwing countries into cyber warfare, it is a growing inevitability, one that needs to be battled.

Understanding the importance of cyber security for governments and organisations in Sri Lanka, the Daily FT in collaboration with CICRA Consultancies, under the aegis of the US-based EC-Council, hosted the Cyber Security Summit 2013, a series of events that drew attention to this growing menace and through a line-up of international and local experts on the topic, shared insights into how it can be combated at all levels.

The flagship event was a full day summit, the ‘EC-Council Cyber Security Summit’, prior to which a leadership forum with some of the country’s top CEOs and chairmen was held. The series of events ended with the ‘Night Hack’ in the evening, an informative session with live demonstrations on cyber-related vulnerabilities.  Click Here to Read More…


President, EC-Council and Founder of Code Uncode India Honored at the United States National Security Agency Colloquium 2013 awards with the 2013 Industry Leadership Award

Top officials and thought leaders in Academia, Government and Industry Honor Jay Bavisi, Global President, EC-Council for outstanding leadership in the Cyber Security Industry and Information Assurance Education.

India- June 13th: William Maconachy, PhD former deputy senior computer science authority at the National Security Agency (NSA) on behalf of National Security Agency’s Colloquium for Information Systems Security Education Honored Mr.  Bavisi with the 2013 Industry Leadership Award.

Every year, the Colloquium Awards honor one outstanding individual from Academia, Industry and Government respectively. This year, Mr. Jay Bavisi was the recipient of the 2013 Colloquium Industry Award that recognizes outstanding leadership in industry relations with information assurance education. Jay humbly accepted the award at the Committee on National Security Systems (CNSS) Award Ceremony during the 17th Colloquium for Information Systems Security Education (CISSE) Conference, held June 10th – 12th, 2007, on the campus of University of South Alabama, Mobile Bay, Alabama.

Founded in 1996, the Colloquium has become the leading proponent for implementing courses of instruction in information security education and provides a forum for academia, government and industry experts to discuss and form needed direction in information security undergraduate and graduate curricula, common requirements, specific knowledge, skills and abilities, certification requirements and establishment of professional certification boards.

“It is truly an honor to be selected as the opening Keynote at the Colloquium 2013 as well as to receive this prestigious award. I am grateful to the entire Board and the National Security Agencies CAE Community as a whole for this award and recognition” stated Jay. Jay delivered his keynote address at the event and lent an interesting perspective, entitled “The Cyber Security Quagmire: Finding the Panacea” which aimed to elucidate the information security industry’s successes, failures, and future out of the box solutions that the cyber security industry can implement, as they learn from the pharmaceutical industry in their fight against diseases.

Dr. Maconachy indicated it was the Board of Directors nomination and election to award Jay Bavisi based on outstanding leadership in promoting Information Assurance Training programs, long time advocacy in teaching ethics Information Assurance Education programs as well as generous philanthropic efforts to colleges and universities around the nation, and his leadership in developing cyber competitions in information assurance.

Jay, is the Co-Founder and President of one of the largest IT Security certification bodies in the world, EC-Council, and the co-creator of the groundbreaking Certified Ethical Hacker (CEH) certification that launched ethical hacking as a mainstream career.

Jay has been widely credited for being the brain child of the Global Cyberlympics competition that is supported by the Secretary General of the International Telecommunications Union a United Nations Agency, whose patron is Dr. Hamadoun Toure. Bavisi’s other work at the EC-Council Foundation includes the announcement of a grant of $350,000 toward the wounded warrior program that aims to retrain wounded warriors to become cyber warriors. The Foundation will also provide over 100 schools in North America with the support to launch Cyber Security Awareness programs for children in K-12 programs titled Live.Learn.Secure. He is possibly the first non US citizen to be the recipient of this award.

The Colloquium is active throughout the year and holds an annual conference in June. Conference information is available on the Colloquium website at www.cisse.info. The Colloquium board consists of members such as Brenda Oldfield, formerly the Director of the National Cyber Security Division of the U.S. Department of Homeland Security, William Maconachy, PhD former deputy senior computer science authority at the National Security Agency (NSA) as well as Daniel P Shoemaker, PhD, Principal Investigator and Senior Research Scientist at UD Mercy’s Center for Cyber Security and Intelligence Studies.

About EC-Council
EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information visit: www.eccouncil.org


EC-Council, the creators of the world famous Certified Ethical Hacker course announces the release of Certified Secure Programmer – .NET

With its new certification, the EC-Council Certified Secure Programmer – .NET, (ECSP), EC-Council is making moves to usher in a new era of security.

INDIA- EC Council, the world’s leading provider of certifications and training in the information security domain, has launched its latest offering EC-Council Certified Secure Programmer- ECSP.

In today’s news, there is a continuous stream of reports about large, prestigious organizations falling victim to cyber-attacks. “Zero-day” threat vulnerabilities can mean big business on the black market as hackers buy and sell the right to exploit programming errors in some of today’s biggest software programs. EC-Council is responding to this growing threat by getting to the root of the problem – the lack of programmers skilled in secure coding.

The ECSP course focuses on .NET application security and emphasizes building software from the ground up with security as a core focus. It is not a typical training course which focuses on lecture, but rather, 60% of the student’s time is spent learning via dynamic lab exercises.

“We know the demand for software engineers has been climbing over the last decade and many people have embarked on careers in this field. We don’t see the growth in the demand for programmers to decline one bit – but what we do see happening is a huge emphasis on secure coding and the need for those skilled in secure coding.” Says EC-Council President, Jay Bavisi,

Software glitches, bugs, and vulnerabilities cost the world’s economies billions each year. In fact, the Nasdaq is still dealing with the fallout from its Facebook (FB) IPO, blamed on a software glitch, and estimated to eventually cost $62 million. Even car companies have to worry about securing their onboard software as evidenced by Toyota’s recall of thousands of its hybrid cars due to bad coding.

Mr. Bavisi went on to say that, “EC-Council has developed real world labs to ensure the next generation of security professionals have applied the skills they learn before they even get to a job.”

For more information regarding the EC-Council Certified Secure Programmer – .NET, (ECSP), please visit https://www.eccouncil.org/courses/ec-council-certified-secure-programmer-dotnet.

About EC Council

EC-Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for Information Security professionals. EC-Council is a member-based organization that certifies individuals in various information security and e-business skills. It has been certified by American National Standards Institute to meet its ANSI 17024 standard. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs. These programs are offered in over 92 countries and over have trained over 120,000 & certified more than 60,000 security professionals through a training network of over 500 training partners globally.

Individuals who have achieved EC-Council certifications include those from some of the finest organizations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

For more information about EC-Council, please visit http://www.eccouncil.org


EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv8) Certification

EC-Council’s Certified Ethical Hacker (CEHv8) certification program receives the American National Standards Institute (ANSI) Personnel Certification Accreditation. To become certified, an organization must undergo stringent quality reviews and assessments. EC-Council is one of the few organizations that specialize in information security (IS) to earn the accreditation.

Albuquerque, NM, March 7, 2012 – Today EC-Council announces that it has been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its Certified Ethical Hacker (CEHv8) certification. EC-Council is one of a handful of certification bodies, whose primary specialization is information security, to be awarded this much sought-after quality standard.

“ANSI commends EC-Council for meeting the rigorous requirements of the ISO/IEC 17024 standard and joining the elite group of organizations that have achieved this distinction” said Dr. Vijay Krishna, ANSI senior manager of personnel certification accreditation programs. “This achievement highlights EC-Council’s commitment to offering a high quality certification program. The ANSI accreditation process is designed to increase the integrity, confidence, and mobility of certified professionals and creates value for all the stakeholders including certification holder, employer, public, and regulatory authorities.”

The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. It is the sole representative of both the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in the United States. ANSI is the only personnel certification accreditation body in the United States to meet nationally accepted practices for accreditation bodies. The ANSI/ISO/IEC 17024 standard addresses the general requirements for certification entities.

In order to award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified Ethical Hacker (CEHv8) certification program.

Jay Bavisi, Co-Founder and President of EC-Council commented, “Achieving ANSI 17024 reflects not only our commitment to quality but, equally important, our approach to continuously improve as a learning organization to ensure that EC-Council is much more agile, efficient, and strategically fit for the future.”

A Certified Ethical Hacker (C|EH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). Since its creation in 2003, the Certified Ethical Hacker has certified over thirty thousand individuals and has become the global de facto leader in certifying IS professionals.

EC-Council has been recognized for its highly popular CISO certification and for its certifications in the field of computer forensic, penetration testing and network security globally.

Bavisi added, “We have worked hard for over 2 years to meet the stringent requirements of ANSI 17024 standard. We have scrutinized and challenged every aspect of EC-Council certification activities and operations. This has resulted in significant improvements to both what we do and how we will do it. This benchmark of excellence will give our customers even more confidence in the quality of our certification”.

Contact:
Marissa Easter- Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 100,000 security professionals and certified more than 50,000 infosec professionals. Its certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico, USA. More information about EC-Council is available at www.eccouncil.org.

About ANSI:
The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF).


EC-Council to Host Advanced Technical Security Summits in Alexandria and San Jose

Following the success of its inaugural advanced training summit last year, the EC-Council is expanding the EC-Council Summit to two new cities this year. The EC-Council Summit, formerly known as the CAST Summit, is a highly technical and advanced training workshop that offers IT professionals the chance to acquire critical cybersecurity skills in intensive three-days highly technical training workshops. This upcoming series will feature the world renowned Certified Ethical Hacker (CEH) v7, advanced penetration testing, advanced mobile hacking and forensics, advanced application security and advanced network defense. EC-Council Summit will take place March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California.

ALBUQUERQUE, NM – The Center of Advanced Security Training (CAST) – the advanced training division of EC-Council – announces the next installment of its successful advanced training series ‘EC-Council Summit’ (formerly known as CAST Summit) March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California. This series of summits feature five highly technical workshops in ethical hacking, penetration testing, mobile hacking/forensics, application security and network defense.

The highly technical training series first debuted in August 2011 in Washington, D.C. and is now being expanded to new cities this year following the strong reception it received among IT professionals.

EC-Council Summit is a unique training opportunity that gives attendees the chance to undergo an intense three-day ‘deep dive’ in five critical IT security fields with top industry experts. Unlike other training events where students are rushed through short presentations, the EC-Council Summit provides a unique opportunity to be immersed in key subject areas, with comprehensive training modules and a heavy focus on hands-on technical training and hacking labs, taught by the very best in their fields.

“EC-Council Summit is expanding its offerings this year following the remarkable turnout and success we had at the inaugural event last summer,” said Leonard Chin, Director of CAST and EC-Council Conferences & Events. “With an exponential increase of cyber threats facing businesses and government agencies, from the lone hacker armed with easily accessible hacking tools, hacktivists with malicious intents, to Advanced Persistent Threats (APTs), offensive security training has never been more important than it is today. 2011 was called the ‘year of the hack’, but 2012 could be even worse due to the proliferation of hacking tools and the increasing popularity of the hacktivism movement. IT professionals must adapt themselves to this changing threat environment in order to safeguard the information assets of their companies and organizations.”

The goal of EC-Council Summit is to prepare security professionals, such as penetration testers and network security administrators, to use advanced hacking techniques in order to better identify and prevent threats before they impact a company or organization. Participants will walk way with a firm grasp of offensive security strategies and techniques, industry best practices, how to develop a secure baseline, how to harden enterprise architectures from the most advanced attacks, and how to reduce the capabilities of APTs.

Five three-day workshops, followed by a highly technical one-day seminar on key security subjects, will be hosted in each city on the following IT security topics:

For more information about the EC-Council Summit series, please visit http://www.eccouncil.org/summit.

ABOUT CAST:

The Center of Advanced Security Training (CAST) was developed by EC-Council (http://www.eccouncil.org), in conjunction with cybersecurity experts, to address the need for highly technical and advanced security training for information security professionals. Instructed by EC-Council’s select group of master trainers, CAST offers hands-on, lab intensive courses that cover the security industry’s top domains, including advanced penetration testing training, digital mobile forensics training, advanced application security training, advanced network defense training, crimeware attribution, web application security training, and more. CAST is hosted at various international events, including EC-Council’s flagship Hacker Halted and TakeDownCon conference series.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.

EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.

 

These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

 

The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.

The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.

According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”

Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/resources.

2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.

EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/ciso/resources.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…