October is National Cyber Security Awareness Month in the United States and European Union 

These annual campaigns are a collaborative effort between government and industry to ensure consumers, small and medium sized business, corporations, and educational institutions have the resources needed to be safer and ​more secure online. 

ASIS is pleased to support this important security awareness initiative and to help strengthen personal and organizational cyber resiliency. The following ASIS-curated resources align to the weekly Department of Homeland Security cyber security themes (pdf).

Please note: while all the content is free, you must login or create a free ASIS account to access the information.

Oct. 3-7 | Steps Towards Online Safety

How to Protect your Personally Identifiable Information
Security Management, article
If you are an employee, a student, a patient, or a client, your personally identifiable information is out there—and prime for hacking. In October, the U.S. Government Accountability Office (GAO) added protecting the privacy of Personally Identifiable Information to its list of high-risk issues affecting organizations across the country.

Teach a Man to Phish0915-asis-security-management-cybersecurity-phishing_web.jpg
Security Management, article 
Think you can spot a phishing e-mail when it pops into your inbox? The odds are not in your favor: a quiz from Intel Security found that 97% of more than 19,000 people surveyed worldwide were unable to correctly identify destructive phishing e-mails.

Spoofing the CEO
Security Management, article
​It’s a normal Monday and you’re at your desk in the accounting department, checking your email as you drink your morning coffee, when you see a message from your chief financial officer (CFO) in your inbox.

Are Millennials, Technology, and Impatience Catalysts for Fraud?
ASIS 2015, education recording
Fraud opportunities can develop through the impatience of millennial-aged employees. This generation grew up with computer and cell phone technologies and have developed a level of trust in the information-sharing process. Understanding their impatience and trust in technology, criminal elements can target a business through phishing, smishing, vishing, spoofing and cramming. By capturing business emails and social media used by younger employees, criminals can gain unauthorized access to an organization's computer systems and engage in business identity theft, account takeovers, and data breaches. 

Oct. 10-14 | Cyber from the Break Room to the Board Room

Cyber Trends0916-asis-security-management-Cybersecurity-IT-trends_web.jpg
Security Management, article
The security industry changes daily. And it’s fair to say that cybersecurity is changing even more rapidly as new threats, new attack methods, and new technologies continuously emerge.

Internet Security Essentials for Business 2.0
Provided by the U.S. Chamber of Commerce
PDF download

The U.S. Chamber urges businesses to adopt essential Internet security practices to reduce network weaknesses. This guide aims to:

  • educate businesses about the common threats that they could become victim to online, particularly cybercrime. Just like the general public, most business owners, managers, and employees are not IT experts. This guide is ultimately about business preparedness.
  • provide simple recommendations to help businesses manage cyber risks.
  • give businesses of all sizes simple steps necessary to help protect their data and how and to whom to report cyber incidents.
  • s​tress that cybersecurity is a team sport.

For more tips, check out the U.S. Chamber blog Ab​​ove​ the Fold: National and CyberSecurity

Lost Laptops = Lost Data: Measuring Costs, Managing Threats
ASIS Foundation CRISP Report
Data protection seems irrelevant… until it is compromised. Because replacing stolen laptops is just the start: lost productivity, damaged credibility, frayed customer relations, and heavy legal consequences can cripple both public and private sector organizations. This Connecting Research in Security to Practice (CRISP) Report reveals seven steps to protect laptops—and data—at the office, on the road, or at home. You get practical checklists and classification schemes to determine adequate levels of data protection, as well as physical, electronic, and security measures to implement immediately.

The Case for a Comprehensive Privacy Program
ASIS 2013/(ISC)2 Congress, education recording
Topics covered include the public's perception and expectations of corporate privacy protections, the future of privacy regulations and legislation, and how forward-thinking businesses are responding. The number of regulations affecting how companies worldwide must deal with private information is exploding, with no evidence that that trend will slow down. At the same time, corporate compliance, privacy, and information security officers can be seen as road blocks to productivity. 

Information Asset Protection Guideline
ASIS Standards and Guidelines
This guideline can aid employers in developing and implementing a comprehensive risk-based strategy for information assets protection. Such a strategy may include the fundamental concepts of (1) classifying and labeling information, (2) handling protocols to specify use, distribution, storage, security expectations, declassification, return, and destruction/disposal methodology, (3) training, (4) incident reporting and investigation, and (5) audit/compliance processes and special needs (disaster recovery).

Security Management Podcast
October 2016
Host Holly Gilbert sits down with cybersecurity editor Megan Gates for a discussion focused on business email compromise scams and how to avoid them.

Oct. 17-21 | Recognizing and Combating Cybercrime

The Cyber Incident Survival Guide

Security Management, article
The worst has happened. Someone hacked your company's network, stealing thousands of documents and compromising customer and employee data in the process.

Illuminating Going Dark: A Conversation with the FBI
Security Management, article
The Going Dark debate. It's been ongoing and reached its boiling point earlier this year when the FBI filed suit against Apple in an attempt to force the company to create a tool to break its default encryption on an iPhone 5c used by one of the San Bernardino shooters. 

The OPM Aftermath0616-asis-security-management-cybersecurity-data-security_web.jpg
Security Management, article
It was by all accounts the hack of the century. In June, one year ago, the U.S. Office of Personnel Management (OPM) revealed to the world that the background investigation records of current, former, and prospective federal employees and contractors had been stolen.

Preventing Data Breaches
ASIS 2015, education recording
Using a case study approach, Robert Eggebrecht, BEW Global, walks through the process his company employed to zero in on an insider who was responsible for the theft of $30,000 of intellectual property from his high-profile employer. He emphasizes the need for security to approach corporate executives using language they understand—how the loss of the asset affects the business's bottom line. He also draws a distinction between compliance-based security versus commitment-based security.

Security Management Podcast
July 2016
Host Holly Gilbert and cybersecurity editor Megan Gates share the basics of surviving a cyberattack from a corporate perspective.

Oct. 17-21 | Our Continuously Connected Lives: What’s Your ‘App’-titude?

The Internet of Things (IoT): Security's New Frontier
ASIS 2015, education session
Each speaker provided an opening statement of the view of now IoT is and will be affecting the security industry. They followed up t​hose comments with a view on how IoT changes security. On the plus side, they included the availability of more devices, more data, better analytics, and early warnings. Conversely, they believed IoT would lead to more things to be hacked, more privacy threats, data overload, and compatibility risks.

​The IoT Revolution1015-asis-security-management-cybersecurity-internetOfThings_web.jpg
Security Management, article
Brace yourselves: the explosion of the Internet of Things (IoT) is coming. Six years ago the number of devices connected to the Internet surpassed the number of people on the planet.

Driving Toward Disaster
Security Management, article
When purchasing a vehicle, numerous references are available for consumers on the physical safety of models on the market. Prospective buyers can speak to sales staff about specific safety features.

Is Your Refrigerator Spying on You?
Webinar, ASIS Information Technology Council
Physical security and other Building Control Systems are core elements of Intelligent Buildings. They are used to control power, monitor fire and safety, operate elevators, secure workspaces, and control operations, but whereas they used to be stand-alone and proprietary, now they are interconnected, use open protocols, and are finding their way onto networks that can be accessed by individuals anywhere in the world. These systems are increasingly coming under cyber-attack, and so unique measures are needed to address this risk.

Building Cyber Awareness 
Security Management, article
Early in 2009, while working the night shift as a contract security guard, Jesse William McGraw infiltrated more than 14 computers at the North Central Medical Plaza in Dallas, Texas.

Oct. 31 | Building Resilience in Critical Infrastructure

Cyber Pulls the Plug 
Security Management, article
Two days before Christmas in 2015, hackers took control of Ukraine’s power control system and remotely shut down part of its power grid.

Info Sharing Déjà vu0416-asis-security-management-cybersecurity-Information-Sharing_web.jpg
Security Management, article
What do you do to pass controversial cybersecurity legislation that’s unlikely to make it through Congress as a standalone bill?.

Intelligent Infrastructure 
Security Management, article
A smart building turns the data collected from its sensors and equipment into actionable intelligence, giving operators one platform that controls everything from lighting to life safety systems. As a result, smart buildings are energy information systems that have diagnostic and performance monitoring feedback tools. Because corporate buildings account for 65 percent of electricity consumption in the United States, according to the EPA, smart building technology can save industries millions of dollars in energy costs. But smart buildings, and their web of wireless devices comprising the IoT, also introduce numerous cybersecurity concerns.

Stop. Think. Connect. Toolkit

U.S. Department of Homeland Security
Download helpful tips sheets and best practices on a range of cyber topics.

 ‭(Hidden)‬ Ad Renderer ‭[1]‬

 ‭(Hidden)‬ Ad Renderer ‭[2]‬