Cyber Security

Need of Cyber Security Intelligence feeds in your enterprise

Need of Cyber Security Intelligence feeds in your enterprise

We have heard and read a lot about National Intelligence agencies, Research and Analysis wing (R&AW or RAW), Intelligence bureau etc. The main function is to garner intelligence from within the country or from other countries and also execute counter-intelligence and counter-terrorism tasks.They gathers threat intelligence so it can understand which threats are most credible or imminent and allocate resources accordingly to guard against those attacks.We read in news papers that, as per intelligence reports there are chances of so and so terrorist attacks etc.

Few years back when I was working in SOC, I got a call from one of my colleague updating about a Microsoft windows vulnerability that will be made public in 2 days. Before vulnerability gets public, is there any way, where we could get these information? I was confused...!! How he came to know about it? Do we have Intelligence bureau here in our domain also?

Chevening - TCS Cyber Security Fellowship

Chevening - TCS Cyber Security Fellowship

Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Government and created the Chevening-TCS Scholarship on Cyber Policy for professionals in diverse fields from India. This is the world’s first cyber security and public policy fellowship programme.
This programme builds on considerable bilateral interaction at various levels between India and the UK on the subject of cyber security and is intended to develop expertise and skills in the areas of cyber security, information assurance and online governance challenges. The Chevening TCS Cyber Security Fellowship is a 12 week fully funded residential programme delivered at Cranfield University at the Defence Academy of the United Kingdom, Shrivenham.

The need of Hacktober in our enterprise

Hacktober - As many of you know October is the national cyber security awareness month (NCSAM). Most of the companies plan activities and provide information awareness training via traditional methods such as compliance videos, dry awareness posters and messages, lectures and emails to help their employees detect and prevent cyber attacks. Facebook honors NCSAM initiative by an initiative called “Hacktober” by creating a series of simulated security incidents/threats that are tested on Facebook employees throughout the month of October.  This includes attacks to employee computers to see if they fall victim to the attack and to see who identifies and reports the issue. If any of the employee spots a hacktober attack and reports, they will get rewards.

U.S. Cybersecurity Strategy Published April 2015

After several years of ambiguity and debate, the U.S. Department of Defense recently published a "Cyber Strategy" and an implementing/operating organization.  The U.S. Code differentiates and defines Title 10 (War) and Title 50 (Intelligence) activities.  NSA operates under Title 50.  The U.S. Military operates under Title 10.  Organizationally, then, the NSA is empowered and will continue to engage in cyber-intelligence activities.  Cyber-warfare, though, will be managed by the U.S. military Strategic Command (USSTRATCOM).  U.S. Cyber Command (USCYBERCOM) has been established and encompasses a complex organization reporting to the U.S. Secretary of Defense.  The Commander of USCYBERCOM will also command the NSA as Chief of Central Security Services (CHCSS).  Title 10 Cyber-warfare entities include the U.S.

Cloud Security is still scary... you know why?

Traditionally you would know whom to fire when your system is hacked or data is stolen, but can you do the same in the era of cloud technology? Cloud technology is ubiquitous, and with the various controls being put in place to ensure security, the destination of secure cloud is still far from reached. The business of yours is being controlled by technology, process and people whom you have no clue of. One of the biggest and simplest fear of cloud is not being able to see through it or inside it. Some may argue if the cloud is not see through, and it being Opaque ensures security, but it's not true. In the current security world understanding the nuances of this PPT triad (people, process and technology) who manage the information is more necessary, to ensure the confidence through the transparency they provide and still being unbreakable.

Reporting Cyber Risk to the Board

Today, it has been accepted that Cyber Security is not just an IT risk but something which impacts the enterprise as a whole. This is now getting reflected in the importance accorded to issues related to cyber security within the enterprise.
The board members are also aware that Cyber Risk Oversight is now an important addition to the long list of their duties. However in NACD's latest survey of more than 1000 public-company directors, only 13% of respondents said they were very satisfied with the quality of information they receive from management on cyber-risk and related IT risks and less than 2% reported high satisfaction with the amount of information provided by management on those topics.
This leaves a staggering 85% of the board members not satisfied with the level of reporting. Clearly an area of improvement which needs to be addressed on priority.

SECURING CYBERSPACE - A New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts

On 13th Jan 2015 President Barack Obama announced the SECURING CYBERSPACE - A New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts. It proposes 3 measures to help strength the cyber security as brought out in the succeeding paragraphs.
Enabling Cybersecurity Information Sharing: The first measure Obama is proposing would encourage companies to share cyber threat information with the Department of Homeland Security cybersecurity center, which would swiftly pass it on to other government agencies and industry groups voluntarily formed to share such material. Companies would get targeted liability protection for doing so, the White House said, as long as they took steps to protect consumers personal information.

Pages

Subscribe to RSS - Cyber Security