Cybersecurity 101: Five “Back to School” Tips to Stay Safe Online

University of Maryland University College grad Keirsten Brager, a security technology lead at a Fortune 500 power utility company, shares her 60-minute digital security checkup designed to empower any returning student with tips and resources to improve their personal digital security.

Although there is no single solution that will prevent security compromises 100 percent of the time, there are things you should be doing to protect yourself against cyber threats. Recently published in Homeland Security Today, the following tips represent the top five ways users can protect themselves online:

  1. Choose a password manager.
  2. Reset all passwords with stronger credentials.
  3. Add two-factor authentication to eligible accounts.
  4. Adjust security and privacy settings.
  5. Communicate securely.

Get the Full 60-Minute Checkup

About the Author

Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.

Cyber Connections News Roundup: July 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 24, 2018

What Is the Biggest Risk Cybersecurity Today?

According to a new survey from DataSolutions, it’s human error. A recent article on http://www.siliconrepublic.com dives deeper into the survey results, explaining that companies must invest more money in educating employees against carelessness with respect to phishing attacks and other threats that could be avoided through increased awareness and training. Read more.

[Lack of] Cybersecurity Awareness in the C Suite

A recent http://www.securityboulevard.com report examines the disconnect between c-suite executives and cybersecurity. Specifically, the article cites a variety of surveys that establish a failure among business executives to understand that cybersecurity strategy starts at the top. For example, a recent CSO Online report found that “six out of 10 boards still see cyber risk as primarily an IT issue.” Read more.

These sentiments were echoed in a recent article on http://www.freightwaves.com where cybersecurity in the trucking industry has emerged as a major issue for carriers. However, it is largely overlooked at the executive level and, when addressed, is only dealt with from a defensive posture. Read more.

Who Is Responsible for Cybersecurity? The CTO or the CISO?

In a recent http://www.informationage.com article, Nick Ismael agrees that today’s boards have historically overlooked cybersecurity, instead leaving the issue to the experts in within the organization. Now, however, many boards are finally taking on the issue, but struggling to decide who has ultimate responsibility – the Chief Technology Officer (CTO) or the Chief Information Security Officer (CISO). Read more.

US Army Commissions First Civilian Cyber Officers

James Gusman and Timothy Hennessy have become the first civilians commissioned as officers in US Army Cyber. As reported on http://www.wjbf.com, their commission is the result of the US Army’s Cyber Direct Commissioning Program’s initiative to begin commissioning civilians as cyber operations officers, something that only happened in the medical and legal fields as well as seminary. The pilot program kicked off in October 2017. Read more.

AT&T Acquires Start-up AlienVault to Boost Cybersecurity Offerings for Businesses

AT&T announced that it would acquire AlienVault, a cybersecurity start-up based in San Mateo, California. AlienVault offers tools that detect and respond to threats through its Unified Security Management platform as well as its online platform called Open Threat Exchange. As reported on http://www.fortune.com, the acquisition will serve to strengthen AT&T’s security portfolio for small- and medium-sized businesses. Read more.

 

Cyber Connections News Roundup: July 10

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

Japan and EU to Strengthen Cybersecurity Efforts Ahead of 2020 Olympics

Tokyo is expected to face an onslaught of cyber attacks if past Olympics are any indication. Organizers of the 2016 Rio Games counted an estimated 500 million attacks. To combat these anticipated threats, Japan and the European Union are strengthening their cooperation on cybersecurity ahead of the Tokyo 2020 Olympic and Paralympic Games, according to a report on http://www.kyodonews.net. This past January, for example, Japan Prime Minister Shinzo Abe visited Estonia, an EU member (and early victim of cyber attack) and a global leader in cybersecurity to agree on bilateral cooperation. Read more.

Global Internet of Things market to be worth over $1,352 billion in 2018

Market research firm Visiongain has published its Internet of Things (IoT) Market Report 2018-2028: Analysis of Machine to Machine (M2M), Big Data & Cloud Technologies, which predicts that the Internet of Things market is set to be worth $1,352bn in 2018, driven by the increasing number of IoT applications. The 167 page report provides a range of forecasts for the period 2018-2028, as well as for five submarket sectors: Industrial IoT, Automotive & Transportation IoT, Healthcare IoT, Consumer Electronics IoT and Others IoT. The report also provides forecasts are also for each of the 10 leading national markets as well as the ROW. Read more.

Equifax to Put in Place Security Measures in Eight States

As reported on www.scmagzine.com, Equifax has agreed to a number of security measures put in place by financial regulators in eight states in response to the breach that compromised the personal information of more than 147 million people. Regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas set in place steps the credit bureau must follow including annual security audits, the development of written protection policies and guides, better monitoring of its third-party vendors, and improving its patch management system, according to The New York Times. Read more.

Incidents of Cryptojacking on the Rise

A new report from WatchGuard Technologies anticipates that crypto-mining malware attacks could be among the top 10 types of cyber attacks by the end of 2018. According to an article on http://www.cisomag.com, a rise in cryptocurrency values during this past year has triggered a rise in cryptojacking, whereby cyber criminals are cashing in on a volatile market. Read more.

For IT Departments Proliferation of IoT and AI Signals Greater Investment in Cybersecurity

A survey conducted by EY Global found that 42 percent of respondents would be willing to invest more than 10 percent of their annual IT budget on cybersecurity. As reported recently on http://www.business-standard.com, the EY study highlighted that the proliferation of “Industry 4.0” technologies such artificial intelligence (AI), Internet of Things (IoT) and machine learning (ML) has increased the attack vectors for companies, therefore they must invest more in cybersecurity. Read more.

 

The NIST Framework and its Implications on Cybersecurity and the Internet of Things

Felix Uribe, University of Maryland University College (UMUC) adjunct associate professor of Cybersecurity Management and Policy, provides an overview of NIST and its implications on cybersecurity and IoT at recent Dominican Republic Cyber Event.

At the II Digital Forensic and Cybersecurity Conference, held at the Ocean Blue and Sand Resort in Punta Cana, Dominican Republic from May 17-20, 2018, Uribe joined an international roster of speakers from Spain, Colombia, Chile, Mexico and the United States to discuss a host of topics related to digital forensics, cybersecurity and cybercrime, as well as the Dominican Republic’s “digital government” initiative and its cybersecurity and privacy challenges and solutions.

For his part, Uribe presented an overview of the NIST Risk Management Framework (RMF) and the NIST Cybersecurity Framework and its implications on the Internet of Things (IoT). He kicked off his talk with a brief history of NIST and an explanation of what it is.

Established in 1901 as the National Bureau of Standards, the National Institute of Standards and Technology (NIST), as the agency has been known since 1988, is a measurement standards laboratory that is a non-regulatory agency of the US Department of Commerce. The institute’s official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations, from nanoscale devices to earthquake-resistant skyscrapers and global communication networks.

The Computer Security Resource Center (CSRC) provides access to NIST’s cybersecurity and information security related projects, one of which is the Risk Management Framework (RMF), six steps (Categorize, Select, Implement, Assess, Authorize and Monitor) to ensure that organizations integrate security, privacy and risk management activities into the system development life cycle.

NIST developed the RMF to provide a more flexible, dynamic, approach for effective management of information system-related security and privacy risk in highly diverse environments and throughout the system development life cycle.

In short, the RMF addresses risk management by:

  • Building security and privacy capabilities into information systems throughout the System Development Life Cycle.
  • Maintaining awareness of the security and privacy posture of information systems on an ongoing basis through continuous monitoring processes.
  • Providing information to senior leaders and executives to facilitate decisions regarding the acceptance of risk to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of systems.

The voluntary NIST Cybersecurity Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework’s goal is promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

Cybersecurity and Privacy Challenges in the Internet of Things (IoT)

Uribe also discussed IoT cybersecurity and privacy challenges. He defines IoT as the network of devices (things) capable of interacting with other devices and/or living things via the Internet or through a private local or global network not connected to the Internet. He explained that the components of an IoT device can be microcontrollers, sensors, actuators, memory, storage, and other components that is embedded or connected to the device and that forms part of its operation.

IoT projections suggest that by the year 2020 the number of connected devices worldwide will reach approximately 20 billion (The Gartner Group 2017, retrieved from https://www.gartner.com/newsroom/id/3598917). As such, the number of IoT devices compromised by cybercriminal is also expected to intensify. Both the NIST RMF and the Cybersecurity Framework strive to provide organizations security and privacy safeguards to protect information and information systems and the future of complex interconnected IoT environments.

NIST Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations was developed to addresses the selection of security controls (“Select” step in the RMF). It provides guidelines for selecting the security controls for organization and information systems.

The latest version of SP 800-37 (Revision 5) provides a comprehensive set of safeguarding regarding Internet of Things (IoT) devices. As stated by NIST, “privacy is now fully integrated throughout the new draft. For example, one privacy control addresses the data captured by sensors such as those used in traffic-monitoring cameras in smart cities. The control advises configuring such sensors in a way that minimizes their capturing data about individuals that’s not necessary for the traffic-monitoring system to carry out its function.” In addition, “…an IT system may employ cameras. Security experts determine security controls for the camera sensor, while privacy professionals decide on privacy controls such as a control to preserve a passerby’s privacy.”

The exponential growth of IoT devices and their everyday applications calls for the use of the NIST RMF and the Cybersecurity framework in order to address today’s security and privacy concerns affecting the trustworthiness of the world’s current IoT domain. IoT device manufacturers should take into account the security and privacy controls provided by the RMF when designing and manufacturing IoT devices and its components to ensure that security and privacy is implemented by design and does not come up as an afterthought during the IoT device development life cycle.

About the Author

UribeFelix Uribe is an information technology (IT) security professional with extensive experience in the field of information security, cybersecurity, privacy, software development and teaching in the private and public sectors. He currently serves as an IT security analyst at the US Department of the Interior serving as associate privacy officer for the National Park Service. Prior to this, he served as an IT security auditor (Infosec) at the US Department of Justice Office of the Inspector General. As an academic, Uribe serves as adjunct associate professor at UMUC in the Cybersecurity Management and Policy program.

Uribe holds a Bachelor’s and Master’s degree in Computer Science from the Herbert H. Lehman College of the City University of New York.

Cyber Connections News Roundup: June 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 26, 2018

The Intersection of Cybersecurity and Domestic Abuse

Sadly, the latest pattern of behavior in domestic abuse cases, according to a recent New York Times report, involves smart home technology, whereby abusers are using apps on their smartphones to manipulate the Internet-connected locks, speakers, thermostats, lights and cameras that their victims use in their homes to harass, monitor and control. Read more.

SEC Outlines Changes After EDGAR Hack

The US Securities and Exchange Commission (SEC) is proposing reforms to its cybersecurity practices in light of the review of the 2016 breach of its EDGAR filing system. As reported on financial-planning.com, SEC Chairman Jay Clayton, in a testimony submitted to the House Financial Services Committee, outlined changes the commission is putting in place in response to the incident. Among other initiatives, Clayton has tasked a number of units within the commission to analyze the security gaps that had facilitated the breach. Read more.

Senate Wants Tougher Action on Russian Hacking

As reported by Derek Hawkins on washingtonpost.com, the massive defense policy bill the Senate approved on June 18 calls on Trump to curb Russian aggression in cyberspace, giving him the green light to direct the US Cyber Command to “disrupt, defeat and deter” cyber attacks by the Russian government, conduct surveillance on Kremlin-backed hackers and partner with social media organizations to crack down on disinformation campaigns such as the ones that disrupted the 2016 election. Read more.

China Cyber Group May Be Targeting US Satellites

According to a recent report on newsweek.com, a cyber-espionage group operating from computers inside China is currently targeting US satellite communications and defense sectors. As party of a wide-ranging operation, they may soon seek to disrupt critical systems, according to cybersecurity firm Symantec’s Security Response Attack Investigation Team. The hacking collective, codenamed “Thrip,” has been using powerful malware against targets in the U.S. and Southeast Asia. Read more.

Human Error Main Cause of Data Breaches According to New Report

According to a new report by information security company Shred-it, employee negligence is the main cause of data breaches. As reported recently on cnbc.com, the study found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization. More than 1,000 small business owners and C-suite executives in the US were surveyed online in April for the report. Read more.

Tips for Success in a Male-Dominated Field: Hear from UMUC Cybersecurity Alum Keirsten Brager

Keirsten Brager: Tips for Success In a Male-Dominated Cyber FieldIn a recent interview with Pamela Scott, host of the podcast People Secure Cyber, University of Maryland University College (UMUC) Cybersecurity alumnae and author Keirsten Brager (right), MS, CISSP, discusses her latest book, “Secure the Infosec Bag: Six Figure Career Guide For Women In Security” and shares her advice on some of challenges she faced during her career in a male-dominated profession.

In an in-depth interview, Brager shares her passion for introducing women to cybersecurity and discusses the challenges she faced as a minority woman in cybersecurity. As she notes during the conversation, a lack of role models and mentors to help her navigate the complexities with the discipline resulted in a lack of confidence early on.

What is her strongest piece of advice? “Make sure you get some strong mentors on your side who can relate to your unique challenge,” said Brager. “And you can have more than one mentor. I have what I my ‘circle of excellence,’ people I’ve grown to trust over time,” she added.

Listen to the Full Interview

About Keirsten Brager

Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.

 

 

Cyber Connections News Roundup: June 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 12, 2018

Has Brexit Put European Cybersecurity at Risk?

Sylvia Thompson of the Irish Times writes about the cybersecurity implications of Britain’s exit from the European Union. Britain, after all, historically has been the link between the intelligence network of the US, Canada, Australia and New Zealand and the European Union. So, the question remains: If Britain goes, does the link break? Read more.

New Study Outlines Recommendations for Preventing Identify Theft

The National Cybersecurity Society (NCSS), a national non-profit created to address small business cybersecurity, recently released a study focuses on business identity theft, how it is perpetrated and how we can prevent it. Titled “Business Identify Theft in the US,” the study was funded through a grant provided by the Identity Theft Resource Center and the Department of Justice, Office for Victims of Crime. Read more.

New Ridge Institute to Focus on Global Resiliency Against Cyber Threats

The Washington Business Journal reports that Tom Ridge, the first secretary of the Department of Homeland Security, has launched the Ridge Global Cybersecurity Institute. The organization’s mission is to advise and educate business leaders on navigating cybersecurity threats. Read more.

States and Counties Ramp Up Security Prior to Key Elections

As we get closer to key election dates, state and county governments across the country are intensifying their efforts to mitigate cyber threats in light of Russian attempts to meddle with the 2016 presidential election.

As reported on wnyt.com, for example, officials in New York are conducting cybersecurity drills in an effort to determine how vulnerable their state’s election system is to hacking. The exercises will simulate scenarios in which a hostile group seeks to tamper with voting systems, change election tallies or otherwise undermine voter confidence. Read more.

Meanwhile, in Collier County, Florida, Trish Robertson of the elections staff reports on www.hellowfl.com that the county has been ramping up preparations to prevent threats for the past few weeks, notably by installing a security networking monitoring system called “Albert.” Read more.

[Cyber] Securing the 2018 World Cup

On www.securityintelligence.com, Camille Singleton writes that security at the 2018 World Cup must move beyond the physical, which normally includes increased local police, physical barriers and identification checks. The widespread use of digital devices and social media warrant enhanced awareness and preventative measures to protect fans, foreign dignitaries and celebrities from malicious actors. Read more.