ASIS joins the U.S. Department of Homeland Security and the E.U. Agency for Network and Information Security (ENISA) in recognizing October as Cyber Security Awareness Month. The following ASIS information security and privacy resources can help you, your organization, and your communities stay safe online.
Have a specific cyber security question? Reach out to an ASIS Information Technology Security Council member on ASIS Connects.
ASIS International Education Recordings
Threats Are Hiding in Encrypted Traffic on Your Network - ASIS 2017
- Manoj Sharma, World Wide Solutions Architect, Symantec
Mark Sanders, Lead Security Architect, Americas, Venafi
Today, most attacks use SSL/TLS to hide malicious activity getting malware in and sensitive data out. Receive new 2017 research on threats and preparedness, to provide a vendor-neutral evaluation of how architectures need to continue to evolve to defend against today’s cyberattacks. Hear lessons learned on how to maintain SSL/TLS inspection for fast IT services, such as DevOps, in which fast delivery is essential. Cybercriminals use SSL/TLS to hijack the blind trust that most security controls grant to SSL/TLS encrypted traffic. Many of these attacks go undetected for years, and, for those that are detected, details about the attack and how it was remediated are seldom shared.
The Growth of Ransomware and What Businesses Can Do to Protect Themselves - ASIS 2017
- Ara Aslanian, Founder & CEO, Inverselogic Inc. & Reevert Software
The talk begins with an intro and leads in to a explanation of what ransomware is. Following that, personal client experiences with ransomware attacks are discussed. Ara discusses the set backs that clients have experienced before jumping in to important details about what ransomware is, who it affects and how to guard against it.
Hardening Network Cameras Against Cybersecurity Attacks - ASIS 2017
- Tom Galvin, CEO, Razberi Technologies
- Security professionals are fairly good at anticipating and reacting to new physical security threats. Then why have they been so slow in addressing the dangers of cybersecurity attacks? Network security cameras, even those on private networks, are at risk, and they need to be installed and administered with cybersecurity in mind. Organizations can take immediate actions to reduce cyber attack exposure. Look into the security vulnerabilities of network cameras and review the best practices for how they should be used effectively.
Data Breaches and Digitization – ASIS 2016
CSO Center for Leadership and Development
- Axel Petri, Senior Vice President Group Security Governance, Deutsche TeleKom AG
The speaker believes security professionals should counter cyber threats through education, funding, standardization, and encryption. He advocates public/private cooperation to develop cyber SWAT teams that can act immediately when an attack affects a government or company. Ultimately, he feels hopeful about the future of the Internet because the stakeholders have a common goal: “maintaining the Internet as the indispensible and trusted backbone of our digital future.”
After the Data Breach – ASIS 2016
- Richard Wright, CPP, Director of Global Security Operations, VDI, Inc.
- Bruce Blythe, Chairman, R3 Continuum
- Hart Brown, Vice President, Organizational Resilience, HUB International
- Rachelle Loyear, Director of Business Continuity Management, Charter Communications
After examining the business and personal costs of a data breach, the speakers conclude that non-traditional responses must be a part of the solution, focusing on human factors, communications, and a coordinated crisis response team that identifies responsibilities and final authorities. The goal is to prevent day-to-day incidents from becoming a full-blown crisis. Awareness is key: an informed user behaves responsibly and takes fewer risks.
Cyber Risks to IoT and Building Controls – ASIS 2016
- Coleman Wolf, CPP, Security Lead, ESD Global, Inc.
- Rodney Thayer, Convergence Engineer, Smithee, Spelvin, Agnew & Plinge, Inc.
The speakers also show how attack systems can steal social security numbers and email addresses from https pages and browser cookies. Lessons learned include the need to use encryption and manage personal credentials through strong passwords.
ASIS Council Resources
ITSC Top 6 Control Systems Security Recommendations
ASIS Information Technology Security Council
These recommendations advocate using vendor best practices on system deployment, treating data within physical security infrastructure as sensitive enterprise data, and instituting system documentation, planned maintenance, and oversight of vendor supply chains.
Security Management Articles
“Artful Manipulation”– September 2018
Chief financial officer Malcolm Fisher never thought he would be victimized by cybercrime—until a social engineer successfully impersonated him and bilked his company out of more than $125,000. It was relatively easy for the criminal to identify Fisher as a high-value target given his key position within the company—his bio was readily available on the company website. And Fisher's social media profiles on Facebook, Twitter, and LinkedIn revealed several bits of information that marked him as a dream target for a diligent social engineer.
“How to Hack a Human”– January 2018
It all started innocuously with a Facebook friend request from an attractive woman named Mia Ash. Once her request was accepted, she struck up a conversation about various topics and showed interest in her new friend's work as a cybersecurity expert at one of the world's largest accounting firms. Mia was not a real person, but a carefully crafted online persona created by a prolific group of Iranian hackers—known as Oilrig—to help this elaborate spear phishing operation succeed.
“"Data Breach Trends”– August 2017
In May 2017, the United Kingdom’s National Health Services confirmed that it had been hit by a massive ransomware attack that was spreading around the globe. Subsequent actions effectively stopped WannaCry, ransomware that affected 20,000 computers globally and demanded that users pay about $300 in Bitcoin to decrypt their data. Changing tactics explored in the article will likely make future versions of ransomware even more powerful.
“The Cyber Incident Survival Guide” – July 2017
To help security leaders plan for the worst and know what to expect in the aftermath, the article includes thoughts from experts about their best practices for cyber incident response.
“Insuring Data Loss”– May 2017
The cyber insurance market is expected to at least double in value by 2020. But only 25 percent of U.S. companies have a policy today. The article explores how the industry—and its perspective customers—will evolve.
ECSM is the EU’s annual awareness campaign that takes place each October across Europe. The aim is to raise awareness of cyber security threats, promote cyber security among citizens and organizations; and provide resources to protect themselves online, through education and sharing of good practices.
This initiative is observed every October under the leadership of the U.S. Department of Homeland Security and the National Cyber Security Alliance. Now in its 15th year, NCSAM focuses on a different cybersecurity issue for each week: STOP. THINK. CONNECT. Make Your Home a Haven for Online Safety; Millions of Rewarding Jobs: Educating for a Career in Cybersecurity; It’s Everyone’s Job to Ensure Online Safety at Work; Safeguarding the Nation’s Critical Infrastructure
Americans, along with people around the world, depend on the Internet and digital tools for all aspects of our lives—from mobile devices to online commerce and social networking. This fundamental reliance is why our digital infrastructure is a strategic national asset, and why its security is our shared responsibility. This month, we recognize the role we all play in ensuring our information and communications infrastructure is interoperable, secure, reliable, and open to all.