ASIS joins the U.S. Department of Homeland Security and the E.U. Agency for Network and Information Security (ENISA) in recognizing October as Cybersecurity Awareness Month. The following ASIS information security and privacy resources can help you, your organization, and your communities stay safe online.
Have a specific cyber security question? Reach out to an ASIS Information Technology Security Community member on ASIS Connects.
ASIS Cybersecurity Awareness Month Webinars
- 1 October - Cybersecurity: High-end Resources on a Low Budget [Sponsored by HID]
- 14 October - Cyber/Physical Risks to Businesses with Remote/Home Workers in the Era of COVID-19 [Sponsored by G4S]
- 21 October - Is Your Cyber Readiness Prepared for The Coming Regulatory Nightmares?
- 22 October - Convergence of Physical and Cyber Security in Drones or Autonomous Vehicles
- 27 October - Social Engineering and Technical Exploitation
ASIS Community Resources
ITSC Top 6 Control Systems Security Recommendations
ASIS Information Technology Security Community
These recommendations advocate using vendor best practices on system deployment, treating data within physical security infrastructure as sensitive enterprise data, and instituting system documentation, planned maintenance, and oversight of vendor supply chains.
Security Management Articles
“Flight Risks”– July 2020
“Drones are already generating climate data, monitoring the borders, and more—and they’re just scratching the surface of their commercial potential,” Goldman Sachs said in an industry insights report. However, despite drones’ many uses, industry experts warn that the devices’ cybersecurity vulnerabilities could pose serious physical and digital threats.
When people are scared, they often want to learn more about the threat they are facing to gain a feeling of control. This is a normal human response. But there are ramifications for cybersecurity when bad actors exploit that response, as they have done during the coronavirus pandemic.
“Partnering with Privacy”– June 2020
Evolving regulations and public expectations are changing how security practitioners incorporate privacy protections into technology solutions. Recent regulatory fines, particularly for violations of the General Data Protection Regulation (GDPR), show how critical it has become for security and privacy practitioners to partner together to provide solutions for their organizations.
“Conducting a GDPR Compliant Investigation”– February 2020
In the first year of GDPR enforcement (May 2018 to May 2019), EUROPOL logged that more than 144,000 individual complaints were filed with regulators, more than 89,000 data breach notifications were issued, and more than €56 million in fines were assessed. While the regulation equips Europeans with tools to address privacy challenges, it has also created concerns among investigators.
“Threat Actors Increasingly Target the C-Suite”– August 2019
When considering a new business venture, companies look to where they can get the highest return on their investment. Malicious cyber actors engage in the same process. And in the past year, that process led them to target C-level executives with access to sensitive corporate information.
In today’s era of tabloid frenzy, it’s rare for a celebrity event to be shocking. But that was the case when news outlets reported in October 2016 that a group of thieves broke into Kim Kardashian West’s hotel room in Paris, bound and gagged her, and stole millions of dollars’ worth of jewelry from her. Months later in January 2017, police arrested 10 individuals allegedly involved in the robbery—including mastermind Aomar Ait Khedache. In an interview with Le Monde, Khedache explained that the group of thieves targeted Kardashian West after she posted photos on social media of her jewelry collection and updates about her trip to Paris for fashion week.
It was the moment the global data privacy world had been waiting for. A regulator fined Google €50 million ($56.7 million USD) on 21 January for violating the European Union’s General Data Protection Regulation (GDPR)—the first major fine against a company following the regulation’s compliance deadline. The fine amount was justified, France’s National Data Protection Commission (CNIL) said, because of the “severity of the infringements” it observed of the principles of the GDPR—transparency, information, and consent.
“How to Bridge the Gap”– April 2019
Cyber and physical security are converging because of the changing way that organizations operate and implement technology. Physical protections—like cameras and access control systems—are running over corporate networks that need to be protected from intrusions looking to gain a foothold in the system.
“The Cost of a Connection”– February 2019
Kevin Patrick Mallory served in the U.S. military, worked as a special agent for the U.S. State Department Diplomatic Security Service, and later as a CIA case officer--often stationed around the world to work with defense contractors and on U.S. Army active duty deployments. He had a Top Secret security clearance and was fluent in Mandarin. He was also convicted of espionage for passing information to an agent of the People's Republic of China (PRC). How did Mallory and the agent initially connect? Via LinkedIn, when the operative—called Michael Yang—reached out to Mallory, posing as representative of a PRC think tank—the Shanghai Academy of Social Sciences—and requested to meet with him.
ECSM is the EU’s annual awareness campaign that takes place each October across Europe. The aim is to raise awareness of cyber security threats, promote cyber security among citizens and organizations; and provide resources to protect themselves online, through education and sharing of good practices.
This initiative is observed every October under the leadership of the U.S. Department of Homeland Security and the National Cyber Security Alliance. Now in its 15th year, NCSAM focuses on a different cybersecurity issue for each week: STOP. THINK. CONNECT. Make Your Home a Haven for Online Safety; Millions of Rewarding Jobs: Educating for a Career in Cybersecurity; It’s Everyone’s Job to Ensure Online Safety at Work; Safeguarding the Nation’s Critical Infrastructure
Americans, along with people around the world, depend on the Internet and digital tools for all aspects of our lives—from mobile devices to online commerce and social networking. This fundamental reliance is why our digital infrastructure is a strategic national asset, and why its security is our shared responsibility. This month, we recognize the role we all play in ensuring our information and communications infrastructure is interoperable, secure, reliable, and open to all.