The Education Issue Seal Of Sc Magazine-Books Pdf

THE EDUCATION ISSUE SEAL OF SC Magazine
17 Jan 2020 | 25 views | 0 downloads | 34 Pages | 5.23 MB

Share Pdf : The Education Issue Seal Of Sc Magazine

Download and Preview : The Education Issue Seal Of Sc Magazine


Report CopyRight/DMCA Form For : The Education Issue Seal Of Sc Magazine



Transcription

VOLUME 23 NO 5 MAY 2012 WEBSITE WWW SCMAGAZINE COM EMAIL SCFEEDBACKUS HAYMARKETMEDIA COM. REGULARS PRODUCT REVIEWS, 4 Editorial ID thieves nd gold in 49 Product section. medical data Students at Norwich University,a Center of Academic Excellence. 8 Threat report Online polls in produced this month s Group Test for. Canada were slowed by a distributed digital forensic tools. denial of service attack,50 Group Test, 10 Threat stats The biggest increases Digital forensic tools. in month over month zombie activity Today s offerings are characterized. occurred in India by their wide variety of functions. Hord Tipton of ISC 2 P20,so determining what you need. 12 Update The Canadian government,FEATURES accomplished is key to making the right.
axed a watchdog responsible for keeping,choice Too the integrity and accuracy. tabs on its spy agency The education issue of recovered media are reliant on the. extracting software, 13 Debate Identifying the culprits C1 Money on a chip. behind Koobface will diminish the The Royal Canadian Mint is hoping to. gang s activity make electronic payments just as easy. as handing over cash,14 Two minutes on New election Paraben P57. same risks 20 Seal of approval,Certi cations have long validated. 15 Skills in demand Software security skills says W Hord Tipton of. developers are needed to migrate ISC 2 But do they remain relevant. systems to mobile and cloud,platforms 26 In session.
A selection of some of the schools, 16 From the CSO s desk Bridging offering information assurance programs. corporate and personal by Michael recognized by the NSA and DHS. Scovetta director at a media company,31 Assurance on the shore. 17 Opinion Can t we just ignore PCI A New Jersey school system found a wayy. DSS by Mark Kedgley New Net to serve increasing broadband needs. Technologies RSA Netwitness P58,36 A matter of degree. 62 Last word Mitigating the next The IT eld is moving so fast that. WikiLeaks by Dan Geer Verdasys graduates might be at a disadvantage. SC Magazine ISSN No 1096 7974 is published 12 times a year. 38 A smarter migration on a monthly basis by Haymarket Media Inc 114 West 26th Street. 4th Floor New York NY 10001 U S A phone 646 638 6000 fax. CISOs must determine how much cloud 646 638 6110 Periodicals postage paid at New York NY 10001 and. additional mailing of ces POSTMASTER Send address changes. security they re willing to contract out to SC Magazine P O Box 316 Congers NY 10920 0316 2012. by Haymarket Media Inc All rights reserved Annual subscription. rates United States 98 Canada and Mexico 110 other foreign. 40 SC Roundtable Health hazard distribution 208 air service Two year subscription United. States 175 Canada and Mexico 195 other foreign distribution. IT security pros discuss how risk 375 air service Single copy price United States 20 Canada. Mexico other foreign 30 Website www scmagazine com. management can protect patients,46 Exotic new connections. Devices never meant to be computers, Ross Ellicott P31 Nancy Jin P46 are fast becoming network enabled www facebook com SCMag.
www twitter com scmagazine,Cover photo by Jay Carlson. ID thieves find gold in medical data, s health care a last frontier for today s cyber EMRs among business partners ers is now the. criminals arger,norm the target only grows larger, According to Paul Contino corporate We re starting to go outsidede our four. chief technology officer at New York City me a big. walls and it s starting to become, Health and Hospitals Corporation HHC it cloud said Contino We re trying to. could be but not for long put security around somethingg that at. He and other security professionals at a times is a little amorphous. recent SC Magazine Health Care Security Try they must though And d critical to. Roundtable see page 40 agreed that because this is regular risk assessments. C level executives in the space continue to We tend to think we re ok k and. sometimes give security needs scant atten oftentimes we re not he said d Risk. tion exposures abound Incidents like the assessments need to be there for us to. Utah Department of Health breach which justify to our executives that there is an. saw about 780 000 individuals medical acker,issue The sophistication of hacker.
records recently stolen from a server illus nt,attempts is getting to the point. trate what s to come where it s incredibly scary,This prediction relies not only on the rious. Scary indeed and those various, insecurities rife in health care institutions tech ases. information and privacy releases, nological infrastructures Electronic medical we as patients all sign won t. records EMRs will soon be the norm given protect health care entities. the financial support provided by the federal from fines and civil lawsuits. government for taking this route via the Health any of us might opt to file in. Information Technology for Economic and the event of our data being. Clinical Health HITECH Act breached As federal auditors At WGU we respect your time and intelligence because. And what a target EMRs are becoming continue hitting the pavementt what you know is more important than time in a classroom. According to Contino medical identity theft in earnest this year to enforce. is a burgeoning threat likely to grow to huge data privacy regulations and WGU s ONLINE competency based approach puts you in. proportions In fact it s becoming one of the es, the protection of our identities control of your academic destiny and your own security.
fastest growing crimes in the country with security and privacy problemss. sophisticated and organized hacking groups in the health care space must be. stealing patient identities to illegally obtain given the attention they deserve ve Master of Science. medical services prescription drugs as well,as the bank accounts or credit card dollars ial. Illena Armstrong is VP editorial Information Security and Assurance. associated with them Further because sharing director of SC Magazine O Incorporates and includes in the tuition 6 security and networking. certifications Your time to completion will be shorter if you already. hold any of these certifications, Privacy problems in health O Certified by the National Security Agency s. TOLL FREE AT IACE program, care must be given the 1 866 225 5948 O Meets CNSS National Training Standards. attention they deserve OR VISIT OUR WEBSITE AT,O Scholarships Available. www wgu edu scm, O N L I N E A C C E L E R AT E D A F F O R D A B L E A C C R E D I T E D.
4 SC May 2012 www scmagazine com,SC MAGAZINE EDITORIAL ADVISORY BOARD 2012. WHAT IS SCWC 24 7, SC Magazine has created a free virtual Rich Baich principal security privacy Paul Kurtz partner and chief operating of cer. Deloitte and Touche Good Harbor Consulting,environment that is open year round. Greg Bell global information protection and Kris Lovejoy vice president of IT risk. Each month we host an event focused,security lead partner KPMG of ce of the CIO IBM. on a subject that you as an IT security, Christopher Burgess chief security of cer and Tim Mather director information protection KPMG.
professional face on a regular basis president public sector Atigeo Stephen Northcutt president. THIS MONTH Jaime Chanaga managing director SANS Technology Institute. CSO Board Consulting Randy Sanovic former general director. Rufus Connell research director information security General Motors. information technology Frost Sullivan Howard Schmidt cybersecurity coordinator. Dave Cullinane chief information security of cer White House former president and chief executive. eBay of cer Information Security Forum, Mary Ann Davidson chief security of cer Ariel Silverstone former chief information security. April 24 Oracle of cer Expedia, eSymposium Cyber espionage Dennis Devlin assistant vice president of Justin Somaini chief information security of cer. information security and compliance services Yahoo. Those engaging in digital spying to steal, George Washington University Craig Spiezle chairman Online Trust Alliance. various classi ed and or proprietary, Gerhard Eschelbeck chief technology of cer and former director online safety technologies Microsoft. documents from U S agencies and other senior vice president Sophos W Hord Tipton executive director ISC 2. organizations are riding high Gene Fredriksen senior director corporate former CIO U S Department of the Interior. Foreign adversaries are increas information security of cer Tyco International Amit Yoran chief executive of cer NetWitness. ingly launching assaults to steal Maurice Hampton technical account manager former director U S Department of Homeland. sensitive economic secrets The theft of Qualys Security s National Cyber Security Division. this critical information shows that attack emeritus. ers are enlisting whatever weaknesses in,systems they can to steal data often going.
unnoticed for months or longer Experts,will share background on the types of. attacks to watch out for and what to do to WHO S WHO AT SC MAGAZINE. thwart them EDITORIAL U S SALES, VP EDITORIAL DIRECTOR Illena Armstrong VP SALES DIRECTOR David Steifman. ON DEMAND illena armstrong haymarketmedia com 646 638 6008 david steifman haymarketmedia com. Data security EXECUTIVE EDITOR Dan Kaplan EASTERN REGION SALES MANAGER Mike Shemesh. Many leading CSOs at various conferences dan kaplan haymarketmedia com 646 638 6016 mike shemesh haymarketmedia com. this year touted the need for organizations MANAGING EDITOR Greg Masters WEST COAST BUSINESS MANAGER. to have their security controls follow and greg masters haymarketmedia com Matthew Allington 415 346 6460. protect their most important data assets DIGITAL CONTENT COORDINATOR Marcos Colon matthew allington haymarketmedia com. marcos colon haymarketmedia com NATIONAL ACCOUNT MANAGER EVENT SALES. rather than focusing on the network So, TECHNOLOGY EDITOR Peter Stephenson Mike Alessie 646 638 6002. just how is this best achieved and what, peter stephenson haymarketmedia com mike alessie haymarketmedia com. policies plans and technologies can help, SC LAB MANAGER Mike Stephenson ACCOUNT EXECUTIVE Dennis Koster.
mike stephenson haymarketmedia com 646 638 6019 dennis koster haymarketmedia com. Mobile security DIRECTOR OF SC LAB OPERATIONS John Aitken SALES CAMPAIGN MANAGER Samantha Amoroso. To safeguard handheld devices used by john aitken haymarketmedia com samantha amoroso haymarketmedia com. business executives is a constant trial SC LAB EDITORIAL ASSISTANT Judy Traub SALES EDITORIAL ASSISTANT Roo Howar. one that rarely is satisfactorily remedied judy traub haymarketmedia com 646 638 6104 roo howar haymarketmedia com. But companies must nd a way to PROGRAM DIRECTOR SC CONGRESS LICENSE REPRINTS ACCOUNT EXECUTIVE. manage and protect these endpoints Eric Green eric green haymarketmedia com Malika Toure 646 638 6101 Relevant. CONTRIBUTORS malika toure haymarketmedia com, FOR MORE INFO Stephen Lawton Deb Radcliff Jim Romeo EMAIL LIST RENTAL Respected. DESIGN AND PRODUCTION EMAIL SENIOR ACCOUNT MANAGER. For information on SCWC 24 7 events Online, ART DIRECTOR Brian Jackson Frank Cipolla Edith Roman Associates. please contact Natasha Mulla at 845 731 3832 frank cipolla epostdirect com. natasha mulla haymarketmedia com,brian jackson haymarketmedia com Accelerated. VP OF PRODUCTION MANUFACTURING CIRCULATION, For sponsorship opportunities John Crewe AUDIENCE DEVELOPMENT DIRECTOR Affordable. john crewe haymarketmedia com Sherry Oommen 646 638 6003. contact Mike Alessie at mike alessie PRODUCTION MANAGER sherry oommen haymarketmedia com. haymarketmedia com Or visit Krassi Varbanov CUSTOMER DATA MANAGER. BACHELOR S DEGREES ONLINE s MASTER S DEGREES ONLINE first bellevue edu 800 756 7920. www scmagazineus com scwc247 krassi varbanov haymarketmedia com Joshua Blair 646 638 6048 4 s 3 s 3 s YBERSECURITY. SC EVENTS joshua blair haymarketmedia com 7EB 4ECHNOLOGIES s 3OFTWARE EVELOPMENT. EVENTS DIRECTOR Natasha Mulla SUBSCRIPTION INQUIRIES. natasha mulla haymarketmedia com CUSTOMER SERVICE 800 558 1703. SENIOR EVENTS COORDINATOR Anthony Curry,anthony curry haymarketmedia com.
EMAIL Haymarket cambeywest com, WEB www scmagazine com subscribe Real Learning for Real Life. EVENTS COORDINATOR Maggie Keller MANAGEMENT, maggie keller haymarketmedia com CEO OF HAYMARKET MEDIA Lee Maniscalco. EXECUTIVE VICE PRESIDENT Tony Keefe,w i i i i 1 i VV i i L i i i. i i V U V V U n U i i i 1 i i V i i L v i Vi V i i i. 6 SC May 2012 www scmagazine com L i i V V i i i,ThreatReport. Cyber criminal activity across the globe plus a roundup of security related news. Colored dots on the map show levels of spam delivered via compromised computers. spam zombies Activity is based on the frequency with which spam messaging. corresponding with IP addresses are received by Symantec s network of two million. probes with a statistical reach of more than 300 million mailboxes worldwide. HIGH LEVEL ACTIVITIES,MEDIUM LEVEL ACTIVITIES,LOW LEVEL ACTIVITIES.
U K Edward Pearson 23 of Lendale York was,sentenced to 26 months in prison for using the. OTTAWA Online polls meant to tabulate bank password stealing Zeus trojan to procure. votes in the New Democratic Party leadership millions of banking and PayPal identities during an. EVERETT WASH Thirteen employees election were slowed by a distributed denial 18 month period that ended last August. of the Everett Clinic a health care facility with of service attack involving more than 10 000. nine locations were red for the unauthor nodes The attack believed to be politically mo. ized viewing of patient records The snoopers tivated did not compromise the voting process. were caught by a monitoring system but forced the balloting period to be extended NETHERLANDS Police charged a 17 year old with hacking into. servers belonging to telecommunications service provider KPN The. attack prompted the company to request that two million custom. ers change their login details The teen is believed responsible for a. OAKLAND CALIF Edward Arakelyan 21 number of other compromised websites. and Arman Vardanyan 22 pleaded guilty in U S, District Court to installing fake debit and credit. card pads in crafts chain Michaels Stores The pair. was part of a band of crooks that ripped off some BELGIUM The Civil Liberties. 94 000 card numbers from 84 outlets nationwide Committee of the European. Parliament introduced a law IRAN The nation developed a program meant to sniff out. that would make hacking into IT and defend against the Stuxnet worm and other malware. KEY LARGO FLA The former CFO of the city s Wastewater systems an offense punishable Traditionally Iranian organizations have relied on anti. Treatment District was charged with 21 felony counts of hacking by up to two years in prison The malware defenses created in other countries Stuxnet was. after his contract was not renewed in December Police accused draft which would cover all Euro designed to sabotage Iran s nuclear program The malware. Sal Zappula of using the login credentials of current employees to pean Union nations also would is believed to have originated in the United States or Israel. access the network and send himself emails and les make distributing hacking tools. a crime and would require that,companies be liable for attacks. conducted on their behalf,DOMINICAN REPUBLIC Police detained six. members of Anonymous alleging their role in a series. of attacks against government and public organizations. including the Directorate General of Internal Taxes A de. fense attorney representing the six who range in age from. 17 to 23 said authorities have no evidence of wrongdoing SINGAPORE A draft of the nation s rst data. protection law was released It includes provisions. that organizations must apply security controls to. personal records and destroy them once they are no. longer needed for business or legal reasons,Pakistan top producer of zombie IP addresses.
During the past month the EMEA region Europe the, Middle East and Africa was the leading source of all. zombie IP addresses Of the countries making up the. EMEA Pakistan was the top producing country For the. other regions the top producers were Brazil in South. America the United States in North America and India. in the Asia Paci c region Source Symantec, 8 SC May 2012 www scmagazine com www scmagazine com May 2012 SC 9. ThreatStats Zombie IPs Global distribution,Fk i Jflk 8d i ZX. Top 5 attacks used by U S hackers,1 Downloader trojan. 2 Butter y bot,3 ZeroAccess trojan, The largest increases in month over month zombie activity occurred in India.
4 Gbot trojan,5 Chinese Infostealer trojan, Spam The world s worst spam support ISPs Malware Vertical encounter rate Top 5 attacks used by foreign hackers. 9iXq c 1 Chinese Infostealer trojan, Number of current ff Y m iX Fk i 8j X 2 ZeuS trojan. Position ISP known spam issues,1 hostnoc net 74 3 ZeroAccess trojan. chinanet zj 65 DfifZZf 4 TDSS downloader trojan,3 telefonica com ar 52 K k c Zfd 5 Alureon trojan. The biggest increases in month over month zombie activity occurred in India. 4 ovh net 52 Russia Vietnam and Morocco while the largest decreases occurred in Brazil There were 1 994 533 attacks in the United States last month primarily. I kX c n fc jXc and other Asian nations Source Commtouch Software Online Labs originating from New York Rockville Md Minneapolis Kingston R I and. 5 chinanet fj 47 Garden City N Y There were 2 490 208 foreign attacks last month primarily. 6 iliad fr 47 Xck ZXi originating from Madrid Buenos Aires Argentina Bucharest Romania. Sanitago Chile and Caracas Venezuela Source Dell SecureWorks. 7 dacom co kr 46,eXeZ Spam rate Compared to global email.
8 unicom cn 45,Received spam Top ve regions,9 chinanet gd 45 0 fm ied ek. 10 gvt net br 45,k Zk XZk m kp, The chart above re ects the encounter rate of web malware across a Le k JkXk j. k Zk XZk m kp, The networks listed knowingly provide service to spam gangs and ignore selection of industry verticals Rates above 100 percent re ect a higher than. reports from anti spam systems and internet users median rate of encounter and rates below 100 percent re ect a lower than. Source The Spamhaus Project median rate Source Cisco ScanSafe. Phishing A nine percent decrease in March Top breaches in March Data loss KX nXe. Spam rate indicates the accumulated emails tagged as unsolicited. Name Type of breach records, 30 000 Source Fortinet Threatscape Report Source Fortinet Threatscape Report. 28 365 Department The agency was noti ed that contrac 800 000. of Child tors IBM and Iron Mountain could not, Support locate several storage devices that Internet dangers Top 10 threats.
Services had been shipped from Colorado to Name Movement Date rst observed Type Last week Weeks on list. 25 000 Boulder Colo California,t Sality AT 12 05 10 Virus 2 5. 24 019 Military Hackers af liated with LulzSec claimed 171 000. Singles com responsibility for revealing a database 2 Winwebsec 09 22 10 Scareware 1 1. New York of names usernames email addresses Fynloski A 11 21 10 Backdoor 12 1. IP addresses and passwords, 19 141 4 VBInject UG same 01 29 12 MalwarePackage 4 7. Digital Play A group of hackers accessed details on 72 794. ground Van customers and administrators of this 5 VBInject gen DG 09 24 10 MalwarePackage 7 1. Nuys Calif pornographic website,15 000 6 Rebhip A 09 21 10 Worm 8 20. Oct Nov Dec Jan Feb March Total number of records containing sensitive personal information. involved in security breaches in the U S since January 2005 7 Bifrose AE 09 21 10 Backdoor 14 2. February marked a 30 percent fall in worldwide phishing volume and March Sirefef B 09 23 10 Downloader 20 2. followed with another drop of nine percent Comparing March with last. year the total number of attacks was also relatively low in the early spring. and only started picking up again in May March 2012 marks a nine percent. 545 645 703 as of April 10, Source Privacy Rights Clearinghouse from data provided by DataLossDB org hosted by the Open. 9 Sality AU 12 06 10 Worm 0 0,Source Kindsight, increase from March 2011 s total Source RSA Anti Fraud Command Center Security Foundation 10 Usteal D 03 21 12 Spyware 0 0 Security Labs.
www scmagazine com May 2012 SC 11,10 SC May 2012 www scmagazine com. Update 2 minutes on,Vulnerabilities in,Me and my job. Examine evidence,touch screen devices from electronic. used in voting P14 appliances P15,Skills in demand. Software developers,with knowledge of,cloud needed P15.
Debate Identifying the culprits behind,Koobface will diminish the gang s activity. Chrome exploit, FOR Russia has been known to be a AGAINST Almost daily I come across What is it. NEWS BRIEFS haven for hackers for the past data that leads to the prob Various vulnerabilities. SC in Canada decade or more However able identity of a cyber crimi and weaknesses in Google. In a budget move last month the The conference rooms things have changed With Pres nal Sadly the majority of them Chrome which were suc. Canadian government axed a were packed with informa ident Dmitri Medvedev in office will never see the inside of a cessfully combined into. watchdog responsible for keep tion security pros intent the Russia s law enforcement court house let alone a prison two separate exploits and. ing tabs on its spy agency on learning the most response toward cyber crimes It s nearly impossible to avoid demonstrated to execute. Eva Plunkett the inspector up to date strategies to Daniel Wood and the criminals behind them Roel being extremely frustrated code outside the sandbox. general of the Canadian Secu mitigate threats the expo lead associate. have been bolstered On top of Schouwenberg about this However publish. senior cyber security senior researcher, rity Intelligence Service oor buzzed with attend engineer Phase One. Consulting Group, this Russia and The Common Kaspersky Lab ing said data is the last thing How does it work. CSIS had been responsible for ees checking out the latest wealth of Independent States on my mind The rst exploit by a. monitoring the agency s activities vendor solutions and SC an association of nation states with a vested First of all I may be ruining an ongoing skilled Chrome researcher. since 2003 Her post has been Awards Canada acknowl interest in Russia and the region have banded law enforcement investigation Traditional Sergey Glazunov. removed edged some of the people together and are working toward a strategic drug trafficking investigations can take combined a universal. Photos by Hugh Li Pinpoint National, The decision which the Cana and companies working to partnership in combating cyber crime Russia is years Why would cyber criminal investiga cross site scripting vul.
dian government said would save advance the eld of infor spearheading this movement with coordination tions be that much different It s never the nerability with a weakness. taxpayer 1 million each year will mation protection and by Rashid Nurgaliyev the minister of the Rus place of someone outside of law enforcement in history navigation to. leave the agency monitored by the safe computing practices sian Ministry of the Interior and Cyber Crime to decide an investigation is taking too long execute code The second. Security Intelligence Review Click on sccongresscana Prevention Department and spill the beans by a researcher using. Committee Because of its The third SC Congress Canada in Toronto drew more than 600 attendees da for more information Due to these circumstances I believe that Ultimately outing cyber criminals only the handle PinkiePie. relatively small size this body s the five people from St Petersburg identi helps them It gives them time to wipe evi combined three separate. oversight of CSIS will be more fied as members of Ali Baba 4 will be dence go into hiding and or rethink their vulnerabilities related to. broad in nature than when Plunkett then misdirected computers to jan The strain spread quickly pursued by the Russia With authorities inves strategies I m not even touching on how the plug in loading and cor. was in charge malicious websites after Oracle patched Java in tigating matters I believe these criminals will evidence may not hold up in court or may be ruption of GPU process. In 2010 she highlighted dozens The Estonian criminals behind February but Apple waited seven find it difficult if not impossible to continue plain wrong Outing criminals hasn t worked memory. of failures by CSIS to adhere to DNSChanger were arrested in weeks to x its own version Most exploiting innocent victims and remain free in the real world It won t work in the virtual. policy and noted 43 errors in oper THE QUOTE September and the DNS servers users were hit by visiting a mali for very long world either Should I be worried. ational reporting She called for were replaced with legitimate ones cious website The trojan has the As these exploits success. greater diligence and pointed to, Just when we so that those still infected would ability to steal data and hijack fully combined multiple. yearly increases in policy breaches be safe However these benign search traf c THE SC MAGAZINE POLL THE STATS vulnerabilities to execute. thought it servers will be disabled on July 9 code users should de. Two months before the internet was safe to go meaning that the 350 000 comput Verizon s annual Data Breach Is Windows Remote Desktop Protocol nitely be careful. could be shut off to hundreds,of thousands of machines the. Canadian government made,back shopping,ers still infected with the malware. will be unable to reach the internet,In February the Canadian gov. Investigations Report found that,hacktivists whose goal is to.
name and shame organizations,RDP exposed at your organization. security bulletin from,How can I prevent it,Any system running a ver. a website available to help the Avivah Litan ernment asked CIRA a member with which they morally disagree. Microsoft said we know sion of Chrome older than, public check for their susceptibil vice president and driven organization that manages caused just two percent of the inci. of no active exploitation version 17 0 963 79 should. distinguished analyst in the wild of RDP,ity The Canadian Internet. at Gartner commenting the CA registry to develop the site dents studied but were responsible be updated to protect. Registry Authority publicly on a breach in March The date that the DNS would be for 58 percent of the stolen infor. against the vulnerabilities, launched a site http www dns of payment card suspended was pushed back from mation in 2011 That sits as a nota Efk jli As Chrome automati.
ok ca in mid Apri to check for processor Global spring to summer after too many ble contrast to previous years when cally updates to the latest. DNSChanger infections Payments which put infected computers were identi ed nancially motivated criminals hours after RDP version by default most. at risk personal data vulnerability revealed,The DNSChanger trojan com. of at least 1 5 million were responsible for the bulk of the systems should already. promises computers and redirects Visa and MasterCard In one of the largest malware hijacked data The study now in its proof of concept code was be patched. Domain Name System DNS customers outbreaks to ever affect Macs fth year analyzed 855 breaches discovered on a Chinese. requests to a series of criminally nearly 700 000 machines were The report does not cover incidents website Source Carsten Eiram chief. security specialist Secunia, operated servers These servers infected by the Flashback tro such as lost or stolen laptops To take our latest weekly poll visit www scmagazine com Source Microsoft The Hacker News. 12 SC May 2012 www scmagazine com www scmagazine com May 2012 SC 13. 2 MINUTES ON through the federal and state JOBS MARKET times people don t think of digital forensics and elec Skills in demand. certification process as well, as passed the Voting System Me and my job electronic evidence in terms. of non criminal matters so I,tronic discovery seems to. have some practitioners and, New election same risks Testing and Certification Pro.
gram developed by EAC,usually offer up the example. of the person who leaves,attorneys worried I think. that we will need to make,With the popularity of mobile. and cloud computing compa,nies are scrambling to develop. But while guidelines Company A and then goes changes and learn new tech applications to combine. n November Americans and anti virus software they available that do not offer a and procedures on the fed to Company B its direct niques as practitioners but I information from disparate. will head to the polls to can still be hacked said John VVPAT In Georgia Mary eral and state level aid in the competitor Company A don t see cloud computing as systems and display them. cast ballots in a presiden Sebes CTO of the Trust land Louisiana South Caro overall security there is still may use us to see whether presenting the problems that in single dashboards This. tial election However the TheVote Project a nonprofit lina and New Jersey nearly potential for insider attacks their former employee took others envision requires software developers. technology used in voting technology think tank all voting equipment used in the manufacturing process formulas customer lists or with skills in collaboration. machines has changed little DREs share the basic in 2010 were DREs without Sebes said As well hardware other proprietary informa What annoys you software databases and. since the last contest and hardware architecture of VVPATs or vote counting software tion with them Black Box solutions that mobile device programming. security risks are still an most PCs where care Three major providers could be altered before it gets offer to solve all of a compa. ever present danger fully crafted inputs can cause Election Systems and Soft to election officials Brian Wol nger What do you think needs ny s or vendor s e discovery What it takes. VP of electronic discovery forensic, One type of voting system modifications to the software ware Sequoia Voting Systems Although voting equipment services LDiscovery more attention needs These solutions Three to ve years of experi.
that s commonly deployed as it executes memory he and Hart InterCivic supply may have vulnerabilities per I think digital forensic prac don t solve the problems they ence and certi cations in. is the Direct Recording said Attacks can in turn be the electronic voting systems haps an even bigger concerns How do you describe your titioners need to be aware of claim they do They tend to collaboration software Mobile. Electronic DRE machine used to modify the software in the United States Each involves physical security job to average people and become more involved be selling tools not techni device developers need one to. a touchscreen device that or data including votes vendor s technology has gone said Marcus MacNeill vice Thanks to TV shows like CSI in the recent actions in some cal offerings and they make three years of C C and Java. records votes and processes In the 2010 Election and president of products at Hart and NCIS most people have states that require private it more difficult for vendors. the data through a computer Administration Voting Sur InterCivic a provider of elec some general idea of what it investigator licensure for who are trying to address a Compensation. program Just as with any,internet enabled computing. system there are inherent,vey conducted by the U S. Election Assistance Commis,sion EAC an independent. individuals,tion voting systems,There has been a lot more. scrutiny in terms of proce,means to collect evidence I.
usually explain that we col,lect and examine evidence. those who offer digital foren,sic services This is a bad fit. client s needs honestly,What would you use,Collaborative software devel. opers can earn 100k to,135k while mobile develop, vulnerabilities bipartisan agency 18 states voted on Election dures and what jurisdictions from the electronic devices What security threats are a magic IT security ers can earn 65k to 95k. Even though the applica reported deploying DREs Day in 2010 are doing to ensure that the that fill our lives Sometimes overblown wand for. tions used in DREs offer soft which produce a voter chain of custody is main the evidence is for a civil While not a security threat I d eliminate spam I think Source Jerry Irvine CIO Prescient. Solutions www prescientsolutions com, ware security measures such verified paper audit trail Source EAC tained for the machines he lawsuit Other times it is per se the effect s of cloud the electronic world could.
as cryptographic signing keys VVPAT DREs are also said Marcos Col n for a criminal matter Many computing on our arena use the bandwidth. Briefs Company news, CloudLock a Waltham its xPatterns product The tech experience will lead the sales integrate SocialShield s social Industrial Defender a and CEO of Good Harbor and. Mass based cloud data security nology enables users to leverage and marketing organizations and network monitoring technology Foxborough Mass based global formerly special adviser on. rm has secured 8 7 million in end customer data while protect execute the company s go to into its portfolio provider of security compliance cyber security to President. Series B funding from Ascent ing consumer privacy market and channel strategies www avira com and change management solu George W Bush said the col. Venture Partners and Cedar www atigeo com He was formerly SVP at HP and www socialshield com tions for automation systems laboration will enable executives. Fund The cash injection will be www nokiasiemensnetworks com president and general manager of and Good Harbor Consult to manage dynamic cyber risks. used to expand the company s IBM Tivoli OpenDNS a leading provider ing an Arlington Va based and protect critical systems. engineering divisions develop Blue Coat Systems a www bluecoat com of internet security and DNS provider of global strategic www industrialdefender com. new platforms and pump up sales Sunnyvale Calif based provider services has appointed Dan cyber risk management ser www goodharbor net. efforts CloudLock CEO Gil Zim Gil Zimmermann CEO CloudLock of web security and WAN optimi Avira a Tettnang Germany Hubbard as CTO Hubbard is Dan Hubbard CTO OpenDNS vices have teamed up to assist. mermann said the funding also zation solutions has appointed based global supplier of security tasked with developing prod critical infrastructure operators Follow us on Facebook. will help the company attract tal Bellevue Wash based software David Murphy president and solutions has acquired San Bruno ucts and strategies that enable devices Hubbard has more than improve their cyber security and Twitter. ent Luke Burns partner with company Atigeo has partnered chief operating of cer reporting Calif based SocialShield a enterprises to better anticipate 20 years of experience in the posture Industrial Defender s. Ascent is leading the investment with Nokia Siemens Net directly to CEO Greg Clark Mur service that enables parents to internet threats and more intel security space He was previ solutions monitor manage and. and will join CloudLock s board works a global telecommunica phy who has 25 years of security monitor their children s activ ligently protect against them ously CTO at Websense protect critical infrastructure. www cloudlock com tions services company to supply infrastructure and networking ity on social networks Avira will across all internet connected www opendns com Richard Clarke chairman. 14 SC May 2012 www scmagazine com www scmagazine com May 2012 SC 15. From the CSO s desk Opinion, Bridging corporate and personal Bradley Anstis VP of technical. strategy M86 Security Avoiding the need to disclose. Michael Scovetta Consider a bring your are reused stored in clear he past two years have marked a breakthrough in reputation While this increase in process may strike some. director of advanced own device BYOD policy text or simply weak it s obvi incidents of targeted cyber attacks that were made as increased complexity and just one more regulatory hoop. technology at a large media, entertainment company Employees use personal ous that neither end users public However currently companies typically disclose to jump through in the long run the disclosure laws will. devices to access apps social nor application providers are breaches for one of two reasons either they have to because actually help companies secure their brand reputation and let. ver the past decade media corporate email and very good at using passwords the attackers have leaked their data or they must comply with consumers make more informed investment choices. technology innovations sometimes even to make Fortunately technologies like some sort of disclosure law New guidelines from the Securi Today s cyber attacks are designed to evade reactive security. have vastly increased telephone calls Tech client certificates SAML ties and Exchange Commission while not actual regulations controls To meet the challenge of protecting your brand and. consumer s expectations and nologies such as virtual OpenID and OAuth have will likely change all that which is a good thing when you reducing reporting complexity companies need to combine. have migrated into corporate desktop and application been available for some time consider that many companies simply are unable to keep up proactive and reactive security controls to maximize coverage. environments where there is virtualization can help and can mitigate much of the with the evolving exploits In the past year alone we ve seen This does not mean implementing a bunch of siloed products. increasing pressure to make but there is plenty of risk inherent in password attacks go to the next level as large global organizations and Not only does that slow response time when a threat occurs it. corporate resources available room for innovation in based authentication government agencies were attacked for commercial political makes compliance a real headache Instead look for a solution. to users on any device this space Address file sharing or military reasons that can correlate threat information to maximize attack intel. whether a smartphone tablet Embrace platform Email attachments are still Public companies already adhere to strong corporate ligence provide an optimal defense and simplify reporting if a. or laptop This must be done agnosticism Partially typically limited to 10 or governance and have to comply with regulations and address security breach occurs. without sacrificing security as a consequence of 20 megabytes When larg irregularities that are flagged or investigated Breaches should While cyber criminals will continue to develop intricate and. which is what makes the role BYOD the days of er fi les need to be trans be treated no differently Companies and their IT depart dynamic attacks the best defense today is through the combi. of a security professional designing applications ferred some users will ments will have to institute a strong layered verifiable secu nation of best practices sound security rules and state of the. exciting these days to be available on a single look to online services rity approach to protect their assets and uphold strong brand art technologies. Access to social media platform are over Users Modern enterprise grade. The rise of social media has need to access corpo fi le sharing solutions. led many to feel comfortable,placing copious amounts of. personal information out,rate resources using a,myriad of devices with more.
arriving every day This,can meet users needs and,enforce compliance with. security policies,Can t we just ignore PCI DSS, there for the world to see notion of heterogenity can We re living in a world t s fair to say that organizations have had PCI there is no denying that it is complex and. The ramifications of this also improve your security where users are no longer ample time to achieve an acceptable level of is likely to cause disruption but the benefits. sharing of data are being posture because investments content to wait for corporate compliance to the Payment Card Industry ultimately outweigh the pitfalls. felt in the corporate world in security solutions can solutions to catch up to what Data Security Standard PCI DSS but what With PCI being such a comprehensive. Employees expect social be applied more effectively they use in their personal we often see is pushback from the board level framework big thinkers argue that the. Mark Kedgley chief technical, media to be available at across platforms life As security profes of cer New Net Technologies when it asks for clear cut justification for PCI requirements should be leveraged to provide. Photo by Andrea Fischman, work and corporations that Improve authentication It sionals we are in a unique investment Other times the pushback comes security for company information as a whole. fail to adapt to a world with shouldn t be a surprise to any position to help implement from within the IT department which is and to protect against the ever growing. social media will have an reader that password based technologies that improve seeking to avoid the perceived disruption that mainstream issue of identity theft Losing. increasingly difficult time authentication is terribly security and the user experi implementing PCI will cause cardholder data is one thing but risking your. attracting top talent broken Whether passwords ence at the same time Add to this scenario the anecdotal feedback customers personal information is poten. that while acquiring banks promote the need tially far more damaging. for PCI they seldom have the focus and con Fifty years ago the state of Wisconsin. 30seconds on Adopting PCI,tinual drive to monitor the status of compli.
ance making it all too easy for merchants to,introduced legislation requiring seat belts in. cars but few people used them because they, Nothing like friends Personal intrusion People get ready Replacing the antiquated DSS is a sensible carry on just as they are were uncomfortable So it was only in 1984. If done right social media BYOD has exploded Many Embracing open standards A number of new technolo Regardless of where the resistance or inertia when the first state New York made the. resources can bring your com CSOs are under pressure to such as HTML 5 can future gies can move today s enter thing to do comes from the consensus is that adopt wearing of a seatbelt compulsory that the real. pany closer to your customers implement policy that doesn t proof your environment and prises a step or two in the right ing PCI DSS is a sensible thing to do from a benefits were realized Only then did com. and your employees closer to impact availability yet pro help you adapt quickly as new direction toward the secure. from a security security perspective But like so many things mon sense become standard practice Maybe. each other without compro tects company information technologies enter the market password less future for which perspective in life the common sense view is outweighed personal information protection needs the. mising security says Scovetta Scovetta says adds Scovetta we all are hoping by the perceived pain of achieving it With same treatment. 16 SC May 2012 www scmagazine com www scmagazine com May 2012 SC 17. Digital currency,guaranteed by trade secrets held at a. MONEY ON A CHIP,single company says Jeff Garzik,an employee at open source software. firm Red Hat and one of the founders,of Bitcoin,Bitcoin is a different system than.
MintChip Whereas MintChip is an,electric payment mechanism for existing. currencies Bitcoin is its own currency,Formed in January 2009 it is an experi. ment in peer to peer currencies Instead,of relying on a central mint clearing. The Royal Canadian Mint is hoping to make But the path may not be so rosy for. acceptance of the system Gavin Andres house or bank Bitcoins are generated by. electronic payments just as easy as handing en lead core developer on the alterna the system s own users using a complex. tive currency Bitcoin project argues algorithm built into every piece of. over cash Danny Bradbury investigates that the government may fi nd it difficult software interacting with the currency. to get MintChip adopted Where it says Peter Wuille a Ph D researcher at. ay is a landmark month for that permits Canadians to access their may get into trouble is that it is pushing European university K U Leuven who. Canada s currency People north money through automated banking a physical solution he says The worry has worked on the project. of the border fi nally got rid of machines ABMs and point of sale is that other smartphone enabled digital Ostensibly say experts MintChip. the penny The small bronze disks have POS terminals across the country cash systems such as Google s Wallet s use of tamper resistant modules. become relatively useless in recent years But not all fi nancial institutions sup will make it difficult for MintChip to and digital encryption along with the. because of high production costs But port this make inroads concentration on low transaction values. the disappearance of the penny may A 2011 report by the Task Force for And there has been speculation that of 10 or less create good security pros. only be the beginning of the end for Payments System Review a committee Apple s next generation iPhone will pects for the system On the other hand. Photo by Brent Lewin Bloomberg via Getty Images, physical money as the Royal Canadian formed in June 2010 by the Depart support near field communications there are some potential problems. Mint has a scheme to make electronic ment of Finance Canada to review the which enables data exchange between As an open source project Bitcoin s. payments just as easy as handing Canadian payments system and provide smartphones Apple is known for its ten inner workings are 100 percent open. over cash recommendations to the Department dency to base whole ecosystems around and transparent readily available. If its electronic payment scheme of Finance said the system for digital its phone and to be fiercely protective of for security review says Garzik. announced in April called MintChip payments is out of date Unless Canada them What would happen to MintChip Bitcoin relies on cryptography for its. takes off Canadians could be paying for develops a modern system the country say if Apple competed directly with strength not the ability of humans to. poutine and pints with a mobile phone will be unable to fully engage in the MintChip In this era of everyone keep trade secrets. or USB key rather than fumbling in digital economy of the 21st century having a smartphone in their pocket That latter approach can be a. their pockets for Loonies But will it be leading to a lower standard of living it will be interesting to see if they get problem warns Andresen On the. secure enough across the country and a loss in interna The currency is then sold to brokers this is a unique transaction When a chip enough bootstrap adoption to get one in technology side there is a danger that. The MintChip holds a variety of cur tional competitiveness the report said which then trade it with consumers and receives a message requesting payment it a phone Andresen says there may be some fatal flaw he says of. rencies in digital form on a chip which If Canada effectively upgrades its businesses Users who purchase Mint sends back another message containing The Mint does have an ace up its MintChip The same is true for a peer. a user can easily carry It is a direct asset digital payment system it could save Chip valuations have them loaded onto a the digital money which is encoded using sleeve It will offer a MicroSD version of to peer system But the danger with. transfer system meaning that the money around two percent of GDP around chip which is then used to transfer pay a signature and the chip s public key The the MintChip which could be plugged MintChip is that there s no opportu. is stored on the chip Making a purchase 32 billion per year the report added ments to another holder s chip without chip being paid uses this key to verify the into a supporting mobile device s slot nity for external review. subtracts the amount left on the chip But the nation needs to act quickly any third party intermediary message When the two chips agree that meaning that it would not have to per Nothing is ever truly secure and. It s like carrying actual money in one s Countries currently outpacing it in this So how are transactions securely trans the transaction is genuine and unique suade manufacturers to build support Bitcoin exchanges have also been. pocket but instead of paper and metal area include Romania and Peru mitted One chip sends an electronic their MintChip values are debited and for its system directly into the phone hacked But cash itself is probably one. users will carry ones and zeros One of the report s key fi ndings was message to another asking for a payment credited accordingly How private and secure is MintChip of the least secure payment systems. Canada s current payment system is the lack of a suitable digital identifi Inside that message is the chip s unique The Royal Canadian Mint has devised It prides itself on both The Mint points in existence MintChip relies on the. certainly in need of an overhaul many cation and authentication regimen ID along with an amount to be paid several methods for transferring and out that personal information is never tamper resistant device and the digital. say Other than PayPal or costly and MintChip sets out to solve that problem and a currency code Each transaction managing MintChip accounts Indi transferred during a transaction and certificate to be secure and presumably. cumbersome electronic funds transfers It stores value on a chip just as coins are also includes a random number that is vidual devices containing chips are that payments can happen offl ine with on the safety of any downloadable appli. the current de facto method for sending stored in a wallet The value is created used to identify the transaction itself The one approach These chips which are out it ever being involved cations too The Mint recently issued a. money electronically is via the Interac digitally by the Royal Canadian Mint number is complex enough that it will hardwired with the holder s unique ID MintChip is fundamentally a central challenge to developers to create appli. system a national payment network similarly to how coins are created never be used twice and each chip knows are designed to resist physical attack ized service whose value is ultimately cations supporting the system. C1 SC May 2012 www scmagazine com www scmagazine com May 2012 SC C2. AURICIO NGEE LUMNUS OF 3 IN NFORMATION 3ECURITY, 60 NFORMATION 3ECURITY ANAGER AT ERCANTIL OMMERCEBANK.
WHAT S THE SECRET TO,UNLOCKING A REWARDING CAREER,IN INFORMATION SECURITY. THE PASSWORD IS NSU A SPECIAL SECTION FROM MAY 2012 WWW SCMAGAZINE COM. With its distinguished faculty and cutting edge, curriculum Nova Southeastern University s Graduate. School of Computer and Information Sciences prepares. students for leadership roles in information security. In this era of rapid technological growth each day brings. GHPDQGV IRU LQFUHDVHG SUR FLHQFLHV RI SURIHVVLRQDOV LQ WKH. LQIRUPDWLRQ VHFXULW HOG, Located on NSU s main campus in Fort Lauderdale Florida. GSCIS has been offering graduate degree programs for over. WKUHH GHFDGHV 6WXGHQWV PD HQUROO LQ WUDGLWLRQDO HYHQLQJ RQ. campus online classes or combination of both and com. SOHWH WKH 0 6 GHJUHH LQ PRQWKV, NSU is designated a National Center of Academic Excellence. LQ QIRUPDWLRQ VVXUDQFH GXFDWLRQ E WKH 8 6 1DWLRQDO. 6HFXULW JHQF DQG WKH HSDUWPHQW RI RPHODQG 6HFXULW, GSCIS s curriculum in information security meets the NSA.
RPPLWWHH RQ 1DWLRQDO 6HFXULW VWDQGDUGV, GSCIS offers Master of Science degrees in a variety of IT. HOGV KHWKHU RX DUH HDUQLQJ RXU GHJUHH WR DFFHOHUDWH. your career or prepare for the next technological leap In this special section we examine the. a degree from NSU will give you the tools you ll need to. UHPDLQ RQ WKH FXWWLQJ HGJH importance of specialized classes and. certi cations versus work experience,and for the fourth year we ask some. of the universities designated by the,NSA and DHS as Centers of Academic. Excellence in Information Assurance,about their programs. Sponsored by,www scis nova edu sc,1 800 986 2247,Special section Education.
Certi cations have long validated security skills says W Hord Tipton. of ISC 2 But do they remain relevant Dan Kaplan nds out. s its executive director W Hord Still education is a necessity Tipton College graduates are not coming out. Tipton may run the show at non insists And while the computer sci with the adequate skills and knowl. profit ISC 2 which manages the ence curricula offered by colleges and edge Tipton says I know one of the. security industry s flagship certification universities continues to expand cer selling features of the CISSP is it not only. the CISSP but he knows no creden tifications remain the defining way for validates they have some knowledge of. tial can serve as a silver bullet security pros to learn the trade through security today it will keep them tied to. I once had a CIO at a major federal training for the exam and for potential the changing nature of that Holders of. government department ask me how employers to assess their abilities This is the credential must undergo 120 continu. many CISSPs does he need to have particularly important in a market where ing professional education CPE credits. to guarantee perfect security recalls the cyber security workforce is in far every three years or they lose it. Tipton 68 the former CIO of the U S greater demand than there is supply a But Tipton admits perplexity some. Department of Interior The answer of disproportion that is accentuated as data times reigns in an industry where there. course is It s not possible Even if you protection becomes more critical in light are scores of security certifications being. have the perfect person in place and of emerging technologies such as cloud offered by vendor agnostic entities like. they write you the perfect policy and and an increasing number of devices Florida based ISC 2 as well as security. configure your systems perfectly but becoming network connected solutions providers such as Cisco. you don t have compliance with those The Certified Information Systems We are working with other organi. policies there isn t a single thing your Security Professional CISSP creden zations to try to be explanatory and be. security person can do tial which received the coveted Ameri simpler in what our credentials mean. Human error remains the Achilles can National Standards Institute ANSI he says What is the value from certifica. heel of most security operations An accreditation in 2004 covers a total of tions It s a confusing world where you ve. organization can have all of its ducks 10 domains spanning the core principles got at least 250 acronyms out there. in a row but if an employee decides to required of the information assurance Rick Bauer director of research at. click on an email attachment claim professional By holding this certifica CompTIA a Chicago area based IT. ing to be a work related document tion available once individuals have trade association says his organization is. but which actually turns out to be a achieved five years of full time security bringing providers together so a road. Photo by Jay Carlson, trojan for which there is no detection work experience they can demonstrate map can be developed that matches. the most knowledgeable security pro they have a broad based understand certifications to job descriptions. W Hord Tipton,executive director, in the world may not be able to save its ing of the discipline and are willing to I think certifications may have suf. ISC 2 network from compromise become and stay qualified fered from their friends more than folks. www scmagazine com May 2012 SC 21,Special section Education. who don t believe in them says Bauer hiring than the federal government times years of preparation required. of the plethora of acronyms that security A 2010 report from the Center for and the organizations who employ the. practitioners display beside their names Strategic and International Studies con certified workers. on business cards often mockingly cluded that there are only about 1 000. referred to as an alphabet soup individuals in the United States with Adjusting for the times. Bauer helped lead the formation of the specialized security needs to defend Clearly demonstrating the value. the Cyber Security Credentials Collab cyber space whereas 10 000 to 30 000 of certifications is a key priority for. orative C3 which consists of vendor are needed The reasons for this dearth credentialing bodies Regardless the. neutral certification bodies specializing of talent include a lack of interest in flagship accreditations are doing better. in IT security and privacy CompTIA pursuing science technology engineer than ever Tipton says December was. EC Council GIAC ISACA and ISC 2 ing and mathematics STEM majors in a record breaking month when there. The stated purpose is to offer a forum college poor salaries when compared were some 3 700 CISSP exams taken. for collaboration that will result in the to the private sector and complex secu only about half passed. advancement of IT careers a more pre rity clearance processes And it s no surprise that it is one of. pared workforce greater insight into how Another often less recognized reason the most sought after certifications. these certifications are developed and is confusion over the value of certifica considering holders make about 98 000. how they meet the IT needs for organiza tions That s why one of the initiatives a year on average up from 78 000 if. tions including governments private from the nation s National Initiative for they didn t have it ISC 2 which also. enterprises educational institutions and Cyber Security Education to be led by offers well known designations like the. the public at large the Office of Personnel Management an Certified Secure Software Lifecycle Pro. Bauer says certifications have suffered independent branch of the federal gov fessional CSSLP and Systems Security. because there are so many of them As a ernment charged with managing civil Certified Practitioner SSCP counted. Source Foote Partners 2012 IT Skills and Certi cations Pay Index. result security pros and hiring managers service is trying to create a common more than 25 million in assets in 2010. often are unsure of their value which taxonomy for cyber security profession The allure of acronymic designations. results in workers not obtaining the cor als that will enable hiring agencies to extends to specific products as well. rect cert or organizations being unable to match roles to competencies says Tony Iovinelli president of West. match a candidate with the right position C3 in conjunction with the Univer Chicago Ill based SmartSource an IT. These are our customers who don t sity of Maryland and several analytics staffing company His firm hires person. understand it he says We can t com firms is planning to embark on a study nel for tech clients which then out. municate the value proposition of certifi on behalf of the U S Homeland Secu source these workers to organizations in. cations and it s really important for us to rity and Defense departments that will need of someone certified for example. help to inform the workplace measure the value of certifications both a Cisco Gold partner. Arguably there is no place feeling the for the individual who takes the exam It could be that the vendor is. pressure more when it comes to security remember there are months some upselling that they have certified people. All segments of IT certi cations declined in value in the second half of 2011. k 8ggc ZXk fe,gif iXd cXe lX 2 8iZ k Zkli,N Y 9 ee i Xe jpjk d X d e E knfib e gifa Zk de k. m cfgd ek kiX e e XkXYXj K j Zli kp e e i e Zfddle ZXk fe gifZ jj. www scmagazine com May 2012 SC 23,Special section Education.
or it could be the buyers are being more with certifications somewhat differently to be creative and explore but we don t. demanding Iovinelli says Either way He says he still sees value in the techni give them boundaries. a certification embodies dedication It cal training aspect but it s just focused ISC 2 s Tipton says he believes certi. gives them comfort when hiring indi on the wrong thing Many credentials fications provide the best way to validate. viduals he says If this individual went address compliance audit preparations one s skill set In fact when he began in. through that certification process with a and offensive security penetration test 2002 at the Department of the Interior. vendor the certifications kind of screen ing for example but fail to really cover Tipton remembers entering a culture. their willingness to improve their own some of today s largest needs monitor where there was little if any concern. skills and character ing for intrusions containing breaches paid to an adversary who may want to. Still the value of certifications is drop and performing analysis he says steal data But eventually the mindset. ping according to Vero Beach Fla based Many industry professionals Piscitello changed and certifications were a big. Foote Partners which tracks the market says have accepted the security fatalist part of driving that shift. In fact their value defined as the portion argument that breaches are a when not Tipton remembers his boss determin. of a worker s salary tied to the individual if proposition Organizations already ing that the best way to vet the security. carrying a credential dropped nine should assume they have or are going abilities of its staff was to have members. percent over the last two years to be hit by adversaries That s why he take the CISSP The agency gave them. David Foote the company s CEO says they need to have security employees a year to prepare and despite a lot of. says 2011 in particular was a correction who are well versed in the admittedly less screaming and hollering by workers it. year for certifications As budgets sprung glamorous position of defense turned out to be the best decision. back to life following the financial col We re good at deconstructing I wound up being the first CIO in a. lapse in 2008 organizations became things says Piscitello We re not quite Cabinet level job to get it says Tip. more focused on investing in revenue as good at constructing things that don t ton who is not related to the recently. generating projects something security break So it might be nice if we con deceased Harold Hal Tipton who co. oftentimes fails to provide centrated on that aspect when teaching founded ISC 2 in 1989 The organiza. Certifications are not as important people tion also lost another long time staffer in. as they used to be in the overall template Part of that includes building a net March when Judy Livers senior market. of what a security person is Foote says work and communications channel that development manager passed away. Now they re influencers they re market enables trustworthy incident response Still he admits that while taking. ers they re evangelists he says adding that he could never envi certification exams requires training. The most desired security hire has sion hiring a convicted hacker Part of and meets educational needs that many. become those individuals who can show the fundamental problem here with the colleges and universities currently can t. off multidimensional talents specifically way we re approaching this is we re start provide it is no substitute for more. their ability to connect with the business ing with the basis that we want people formalized learning. and speak the language Foote says As a That s why ISC 2 s charitable arm. result employees with a narrower tech the ISC 2 Foundation is trying to reach. nical focus and their related certifica CISSP students before they arrive at college. tions get short shrift Tests 10 domains with efforts such as its Safe and Secure. When security was thought of as Access control Online program which encourages. more of a technical issue security Telecommunications and network professionals to visit 7 to 14 year olds. certifications were much more popular security at school and get them interested in the. Foote says People have realized you Information security governance and field The program also offers scholar. have to do security in the process of the risk management ships to high school students who excel. business so we can t be a hindrance Software development security in capture the flag competitions such as. We have to get people here to talk and Cryptography the U S Cyber Challenge. influence business people It should Security architecture and design Education across the board is desper. be noted that there are a growing num Operations security ately needed Tipton says Our quest is. ber of management related certifica Business continuity and disaster to get this to high school where people. tions such as the Certified Information recovery planning can be trained on this on the ground up. Security Manager CISM accreditation Legal regulations investigations and and don t have to be converts from other. from ISACA compliance areas Our academic systems are not. Dave Piscitello senior security tech Physical security designed to develop people like this as. nologist at ICANN views the problem they might be for hard sciences. 24 SC May 2012 www scmagazine com,Special section Education. IN SESSION, an M S in computer science with a con The George Washington What roles jobs do your students enter. centration in computer systems security an University upon graduation Our students tend to get. M S in management with a concentration Which degrees certi cates are offered jobs designing and implementing security. in information systems security and a doc We offer the following graduate certificate Major employers of our students include. tor of computer science with concentra in computer security and information assur government and industry. tions in both digital systems security and ance CSIA which requires the successful. information assurance completion of four graduate courses in Jacksonville State University. the schoo cyber security M S degree in computer sci. A selection of some of the schools offering information to visit the e Dartmouth College ence which allows students to select several. ir Which degrees certi cates are offered cyber security courses as an area of focus. website fo, assurance programs recognized by the NSA and DHS informatio. B S M S and Ph D in computer science a Ph D degree which allows students to. What roles jobs do your students enter acquire knowledge and conduct research in. upon graduation Our graduating students several areas in security or in other areas of. ome 120 U S universities have been tration in computer information systems mation security M S IT IS information enter into a number of fields across indus computer science a B S degree and a B A. designated by the National Security M S in business administration option in technology software management M S try government and academe degree both in computer science which. Agency NSA and the Department information systems audit IT SM information networking M S IN How many students graduate each year require a student to take a technical track. of Homeland Security DHS as Centers How many students graduate each year and information security technology and We average 20 undergrads 10 20 master. of Academic Excellence in Information 100 120 undergraduate five graduate management M S ISTM students and 10 Ph D students Georgia Institute of Technology. Assurance IA and or Research We What roles jobs do your students enter. sent out questions to all schools noted for upon graduation Business systems Champlain College DePaul University Which degrees certi cates are offered. their strong IA programs seeking details analyst consultant computer forensics Which degrees certi cates are offered B S in computer science with information. about their offerings and more From information systems audit network admin We offers a B S in information assur assurance concentration B S in computer. this feedback we ve compiled a listing istrator security specialist telecommunica ance and security engineering and a M S information systems with information. of some of the universities that shared tions analyst web developer in computer information and network assurance concentration M S in computer. additional insight security We also offer a B S in networking systems and software design with informa. Capitol College with a security concentration tion assurance concentration. California State University Which degrees certi cates are offered How many students graduate each year What roles jobs do your students enter. San Bernardino We offer 12 B S degrees six M S degrees Our graduate rates are about 50 in upon graduation Software engineer. Which degrees certi cates are offered one M B A degree and one doctor of the graduate program and 20 in the Which degrees certi cates are offered computer security professional network. B S information assurance and security science degree Of these three degree undergraduate M S in information security and M S in administrator database administrator. management M B A information assur programs B S M S and doctor of sci computer science with specialization in system analyst. ance and security management ence are offered in the field of information East Stroudsburg University of information security The Georgia Institute. What roles jobs do your students enter assurance IA Capitol College also offers Pennsylvania of Technology offers a focused M S degree Mississippi State University. upon graduation Many students have 10 undergraduate certificates and six post Which degrees certi cates are offered Which degrees certi cates are offered in information security This is a technical Which degrees certi cates are offered. found positions within government baccalaureate certificates B S in computer and digital forensics B S B S in computer science and computer degree program suitable for students who We offer B S M S Ph D in computer. county state and federal and industry What roles jobs do your students enter degree in computer networking and infor security M S in computer science and already have a strong understanding of science B S M S Ph D in electrical and. supply chain upon graduation Many of our students are mation security M S degrees in digital information security this course is fully computer science and it is available at our computer engineering B S M S Ph D. currently employed or seek employment in forensics management this is an online online except for thesis defense Atlanta campus or via distance learning in management information systems. Cal Poly Pomona the Department of Defense including the degree M S degree in digital forensic sci Students enrolled in our more general M S B S M S Ph D in industrial and systems. supporting contracting community Capitol ence this is an online degree Florida State University degree in computer science can choose to engineering B S in software engineering. College s physical location near Department What do students get out of enrolling in Which degrees certi cates are offered specialize in information security An information assurance certificate pro. of Defense agencies and contractors posi your program Small classes and hands on Degrees in computer science CS B A gram is also offered for degree students. tion us well to help students gain entry into learning to reinforce concepts major minor in CS B S major minor Iowa State University. these competitive fields How many students graduate each year in CS master s in CS with infosec track Which degrees certi cates are offered Our Lady of the Lake University. 15 20 in digital forensics and 15 20 in com Ph D three Ph D s in information assur We offer the following degrees in informa OLLU. Carnegie Mellon University puter networking and information security ance since 2005 four Ph D s in CS in 2010 tion assurance these degrees are offered to Which degrees certi cates are offered. Which degrees certi cates are offered Certificates NSTISSI 4011 National both students on campus and via a distance Undergraduate B B A in computer. The Information Networking Institute Colorado Technical University Training Standard for Information Systems learning program Graduate certificate information systems and security B S in. INI offers M S degrees in the following Which degrees certi cates are offered Security INFOSEC Professionals and four courses M S with or without computer information systems and secu. areas information assurance Exec M S Computer security is a major focus for our CNSSI 4014 Information Assurance thesis M E coursework only We also rity teacher certification B S in computer. Which degrees certi cates are offered IA information technology mobility M S computer science degree programs We Training Standard for Information Systems offer Ph D in computer engineering with a information systems and security education. B S in business administration concen IT MOB information technology infor have a B S in computer systems security Security Officers ISSO focus on information assurance for grades 8 12 certification in computer. 26 SC May 2012 www scmagazine com www scmagazine com May 2012 SC 27.


Related Books

PENERAPAN MEKANISME DEPOSITO MUDHARABAH PADA PRODUK ...

PENERAPAN MEKANISME DEPOSITO MUDHARABAH PADA PRODUK

satunya produk deposito mudharabah. Deposito mudharabah sebagai produk penghimpunan dana di BPRS Mitra Agro Usaha, dalam praktiknya menggunakan akad mudharabah. Oleh sebab itu nasabah sebagai pemilik dana yang telah menyimpan dananya mendapatkan bagi hasil atau keuntungan yang telah disepakati bersama di awal pembukaan deposito.

Basic Graph Algorithms - Stanford University

Basic Graph Algorithms Stanford University

Basic Graph Algorithms Jaehyun Park CS 97SI Stanford University June 29, 2015. Outline Graphs Adjacency Matrix and Adjacency List Special Graphs Depth-First and Breadth-First Search Topological Sort Eulerian Circuit Minimum Spanning Tree (MST) Strongly Connected Components (SCC) Graphs 2. Graphs An abstract way of representing connectivity using nodes (also called vertices) and edges We will ...

LIFE CYCLE COST ANALYSIS N -R B

LIFE CYCLE COST ANALYSIS N R B

The goals of this report are to clarify the differences between Life Cycle Cost Analysis (LCCA) and Life ... to a building component, ... commercial (31% ...

la ducha PLATOS DE DUCHA ARQ - Hidrobox by Absara

la ducha PLATOS DE DUCHA ARQ Hidrobox by Absara

textura cemento textura cemento textura cemento textura cemento textura cemento textura cemento Rectangular ARQ 126. la ducha PLATOS DE DUCHA tarifa ARQ 100-110 SARC 0021 SARC 0081 SARC 0141 SARC 0201 SARC 0261 SARC 0321 111-120 SARC 0022 SARC 0082 SARC 0142 SARC 0202 SARC 0262 SARC 0322 121-130 SARC 0023 SARC 0083 SARC 0143 SARC 0203 SARC 0263 SARC 0323 131-140 SARC 0025 SARC 0084 SARC 0144 ...

RENAL PHYSIOLOGY, HOMEOSTASIS OF FLUID COMPARTMENTS (2)

RENAL PHYSIOLOGY HOMEOSTASIS OF FLUID COMPARTMENTS 2

RENAL PHYSIOLOGY, HOMEOSTASIS OF FLUID COMPARTMENTS (2) Dr. Attila Nagy 2019 Renal autoregulation: RBF and GFR is fairly constant between arterial pressure values of 80-180 Hgmm-Bayliss-effect-Local vasoactive metabolites-Tubuloglomerular feedback Regulation of renal circulation

Ami Pro - PHYS REN - ICMWK

Ami Pro PHYS REN ICMWK

Renal Physiology 8. Tubular Secretion as for reabsorption, the initial step is simple diffusion/bulk flow from the peritubular capillaries to the interstitial fluid from there, solute gains entry to the tubule either by SD through tight junctions, or by active transport through the cells in contrast to glomerular filtration, SD from capillaries is an equilibrium process therefore, protein ...

About the Authors - Heinemann

About the Authors Heinemann

About the authors : ... beginning control of the conventions of written language. ... share a variety of teaching resources for getting started that we hope

AVENDUS

AVENDUS

India goes Digital A Birdseye View of the Indian Digital Consumer Industry AVENDUS.com. Aashish Bhinde Karan Sharma Sanchit Suneja Anshul Agrawal Kanchan Mishra aashish.bhinde@avendus.com karan.sharma@avendus.com sanchit.suneja@avendus.com anshul.agrawal@avendus.com kanchan.mishra@avendus.com 1 Dear Reader, The Digital Consumer industry in India has made a surprise rebound into the public eye ...

Western University - Faculty of Engineering Department of ...

Western University Faculty of Engineering Department of

Identify, formulate, and analyze environmental hydraulics of open channel flows ... Apply weirs in the design of open channel flow measuring devices . e) ...

IMGD 4000 Technical Game Development II Basic Physics

IMGD 4000 Technical Game Development II Basic Physics

IMGD 4000 Technical Game Development II Basic Physics Robert W. Lindeman Associate Professor Interactive Media & Game Development Human Interaction in Virtual Environments (HIVE) Lab