Monday, August 7, 2017

Current Trends on Cybersecurity (Cont'd)


Week 10                                Current Trends in Cybersecurity

            As the world steadily move to IoT (Internet of Things) with driverless trucks and cars, cyber cars, the Roomba robot you just bought to help vacuum your house poses a security challenge as it can map your house and offer the information publicly to the highest bidder (smart home device manufacturers most probable). Is this an infringement on your right to privacy? iRobot end users license agreement (EULA)/ privacy notice would make this clearer. Are you planning to remodel your roof? Wait a second! Tesla can save 30 years of energy for you as its on-test launch for a new Solar Powered Roof (Crosbie, J., 2017). Similarly, the IT world is evolving from World Wide Web (Web 1.0), through Social Web (Web 2.0) to Semantic/Intelligent Web (Web 3.0). The Cyber world is not left behind; With the Siloed cyber (Cyber 1.0) start, through Integrated Cyber (Cyber 2.0), to Intelligent Cyber (Cyber 3.0) and the cloud that offers “machine learning to extract intelligence and content and machine generated signatures, accurate detection and classification of threats by fusing distinct dimensions ensuring continuous visibility and better control” as the threat environment becomes technologically more complex (Kellermann, T. TREND MICRO, 2012). Blockchain, an innovation to computing and information security (Google or Bitcoin blockchain, for example) is catching on, as well as cryptocurrencies. It is becoming popular in identity management, real estate, contracts and the energy industry. Actually, blockchain is a ledger arranged in batches (distributed design) of data or blocks that uses cryptographic hashing techniques for linkage and validation.

            What are the latest trends in ransomware and malware attacks as the world goes IoT? There has been steady growth at the rate which they spread, threat landscape and the change in targets. The IT world is increasingly experiencing malware worm spread through hub connected networks and devices causing greater infection of devices, systems and networks. Financial institutions such as banks, credit card companies, even churches, aside medical facilities and government establishments are becoming increasingly vulnerable targets for malware infection. Small organizations are not left out

The question at the back of the mind of most private and public organizations and government agencies’ decision makers, IT and information system security professional is, how can we effectively protect our critical resources? Microsoft Digital Crime unit, in collaboration with Dartmouth University, and NCMEC (National Center for Missing and Exploited Children) recently developed a crime and fraud mitigation program (Microsoft’s Photo DNA analyzer) to fight child abuse through the internet.

With increasing data breaches occurring in traditionally not-too-prone to attack organizations like churches, non-profit organizations, and some industries, mostly resulting from DDoS, the question at the back of the mind of the managers, IT and information security experts is, what can we do to provide a better security to our critical assets? First is to ensure data, file and message encryption. Strong password and internet use policy. Compliance to industry standards and government regulations. Biometrics access and authentication control system. Software and application patching and regular update. Firewall and IDS/IPS defense implementation. SETA and to effectively recover from ransomware attack, the need to ensure regular back up and agile and tested BC (Business Continuity) & DR (Disaster Recovery) program plan and team, and experienced IT and IS security team. For small businesses, the steps to ensure effective protection include: implementing multi-layered protection though endpoint and data/mobile/network device access protection; securing email servers and applications; backing up all critical information and offsite storage; education and security awareness training; patching and updating applications and software, and; protecting the cloud file sharing, hosted email, and more (Delany, R. Trend Micro, 2017)

References

Crosbie, J. Here’s How Much One of Tesla’s Amazing Solar Roofs Actually Costs.


Kellermann, T. The Evolution of Targeted Attacks in a Web 3.0 World. TREND Micro


Delany, R. Data Privacy Day 2017: Tips for Protecting Small Businesses. TREND

Posted by at No comments:

Current Trends on Cybersecurity


Week 9                       Reflections on Current Trends in Cybersecurity

Threat environment changes rapidly with evolving information technology and the IoT (Internet of Things). It is even difficult to keep up with methods and techniques to access and mitigate information system threats, vulnerabilities and business operations risks. However, a structured approach to threat modeling helps in the design of appropriate security architecture and control system in managing a distributed network system or any system. In implementing a resilient and responsive security control system, it is imperative to adopt multilevel and multilateral security system. After the information system security has been implemented, it is necessary to monitor and meter (audit, system evaluation and assurance) and gauge the performance of the controls as to ensure effectiveness and compliance to industry standards, government regulations, and meet business function needs.

The threat modeling process and tools used in the security analysis need be tested, evaluated, refined as to appropriately address identified IT risks and vulnerabilities that will impact organization critical assets. An Action Plan and Client Presentation to professionally present to the ERB (Executive Risk Board) security findings and recommendations to mitigate security gaps is a sine qua non. One thing I may wish to observe in the college Cybersecurity program, is an information security business management class to be able to put together an estimate, the cost-benefit (in terms of money value). The question the members of the executive risk board would have at the end of client presentation would be how much would it cost us to implement this recommendation and what is the time frame for it?

In threat modeling, one challenge to consider is the balance on trade-offs – avoiding, addressing, accepting, transferring, and ignoring risks. Another is threat modeling in technologies, cryptosystems, human factors and usability, and tricky areas, like web and cloud platforms.

In all, it is good for an information security professional to not only get the relevant certifications, but to keep abreast of the latest development, challenges and data compromises and mitigation or remediation response as to remain relevant in the ever-changing world of information security systems and business operations.
Posted by at No comments:

Friday, August 4, 2017

Current Trends in Cybersecurity


Week 9                       Reflections on Current Trends in Cybersecurity

Threat environment changes rapidly with evolving information technology and the IoT (Internet of Things). It is even difficult to keep up with methods and techniques to access and mitigate information system threats, vulnerabilities and business operations risks. However, a structured approach to threat modeling helps in the design of appropriate security architecture and control system in managing a distributed network system or any system. In implementing a resilient and responsive security control system, it is imperative to adopt multilevel and multilateral security system. After the information system security has been implemented, it is necessary to monitor and meter (audit, system evaluation and assurance) and gauge the performance of the controls as to ensure effectiveness and compliance to industry standards, government regulations, and meet business function needs.

The threat modeling process and tools used in the security analysis need be tested, evaluated, refined as to appropriately address identified IT risks and vulnerabilities that will impact organization critical assets. An Action Plan and Client Presentation to professionally present to the ERB (Executive Risk Board) security findings and recommendations to mitigate security gaps is a sine qua non. One thing I may wish to observe in the college Cybersecurity program, is an information security business management class to be able to put together an estimate, the cost-benefit (in terms of money value). The question the members of the executive risk board would have at the end of client presentation would be how much would it cost us to implement this recommendation and what is the time frame for it?

In threat modeling, one challenge to consider is the balance on trade-offs – avoiding, addressing, accepting, transferring, and ignoring risks. Another is threat modeling in technologies, cryptosystems, human factors and usability, and tricky areas, like web and cloud platforms.

In all, it is good for an information security professional to not only get the relevant certifications, but to keep abreast of the latest development, challenges and data compromises and mitigation or remediation response as to remain relevant in the ever-changing world of information security systems and business operations.
Posted by at No comments:

Monday, July 24, 2017

Cybersecurity Action Plan


Week 8

Information Security and Risk Mitigation Action Plan

            The need and importance of a regularly tested ISRM (information security and risk mitigation} action plan in an organization is underscored. This helps in ensuring a periodic review of the company’s cybersecurity strategy plan. If an organization fails to conduct regular “checkups, odds are good that today’s fast-changing threat landscape has left (it) vulnerable” (Rackspace.com, 2017). A good cybersecurity action plan combines people, processes and technology to deliver a cost-effective, responsive, and timely breach detection and risk/incident remediation program.

The action plan for cybersecurity and risk management of an organization is to help identify critical assets that are vulnerable to threat element exploitation or risk exposure, understand the likelihood of an impact to business operations, and put in place appropriate security controls to mitigate, accept, avoid or transfer the identified “risks to a level acceptable to the organization” (Lebanidze, E., 2011). It’s imperative, therefore, that the action plan be periodically updated to accommodate recent and current risk, threats and vulnerabilities that are exposed through ongoing evaluation and risk/vulnerabilities assessment as to implement appropriate, cost-effective up to date robust controls and incident response, disaster recovery and business continuity plans that would ensure assurance on CIA (Confidentiality, Integrity, and Availability) of critical organization resources. For this to be achieved, the organization needs an agile, responsive and experienced IT/IS team.

However, the cybersecurity action plan should be aligned to the business objectives, mission, operations and culture of the company. It’s also necessary to secure the commitment, involvement, interest, sponsorship and support of the board of directors, c-level managers and the compliance of all members of staff for effective organization-wide information security program. The action plan would also address and meet federal, state and local regulations, industry standards and best practices. It’s a requirement of best practices that “known and perceived risks be analyzed according to the degree and likelihood of the adverse results that are anticipated to take place” (Cantoria, S., C., 2011). The analysis, documentation and prioritization of such identified risks is embodied in the risk mitigation plan. When this is developed and integrated into its risk mitigation strategy, it is then referenced with the risk management plan. Risk management plan forms the framework for the risk mitigation plan. In essence, the risk mitigation action plan serves as a checklist of anticipated risks, degree of probability, categorized either as High, Medium, low, or Most Likely, Likely, Unlikely. Strategies to mitigate each identified threat, vulnerabilities, or risk are included in the action plan.     

References

Rackspace. (2017). Retrieved (2017-24-7) from


 Lebanidze, E. Guide to Developing a Cyber Security and Risk Mitigation Plan. (2011).


Cantoria, S., C. Anticipated Risks. What Comprises a Risk Mitigation Plan? (2011-28-2).

Posted by at No comments:

Friday, July 21, 2017


Week 7

Building an Effective Cybersecurity and Technology Risk Presentation for Your Board of Directors

By 2020, 100% of large enterprises will be asked to report to their boards of directors on cybersecurity and technology risk at least annually, which is up from today’s 40% (Proctor, E., P., Wheatman, J., McMillan, R., 2016)

Risk data regularly influences the decisions of 71% of organizations’ boards of directors (Gartner survey data, 2015)

Why would “UK banks spend more on security and suffered more fraud” (Anderson, J., R., p.228, 2008). Simple, UK bank employee became lazy and careless, a moral-hazard that led to increased fraud. Why is security budget lean in many organizations? Is security underfunded in organizations? If your answer is yes; you may want to know some of the reasons why this is so.

§  Risk and security leadership inability to provide board-relevant, business-aligned content, and abstracting out the direct technology references

§  SRM (security and risk management) leaders often use unnecessary fear, uncertainty, sometimes exaggeration and doubt in board presentations to drive home their points

§  SRM leaders use too much technology terms in board presentations, knowing that most board members are handicapped by the lack of understanding of security technology terms. This kind of limit questions from most board members

§  This result in the lack of creation of defensible connections between cybersecurity risks and business outcomes (Proctor, E., P., Wheatman, J., McMillan, R., 2016)

It is to be noted that SRM leaders are being asked more frequently to present to their boards on the state of cybersecurity controls in their enterprises. However, much of the reporting is low-quality, and has minimal benefit to the board, thereby not improving the relationship between the board and the security and risk management leaders. There are some best practices to improve on this:

ü  Communicate with your audience on their own terms

ü  Understand the board’s role and responsibilities

ü  Socialize the key messages before the presentation

ü  Road-test your presentation

ü  Use fear, uncertainty and doubt sparingly

ü  Focus on readiness

ü  Use process maturity as a proxy for risk posture

ü  Abstract out the technology

ü  Stress risk management and balancing protection with business outcomes

ü  Highlight the business value of security and risk investments

ü  Educate the board on how to influence effective security

ü  Always end with an “Ask” (Proctor, E., P., Wheatman, J., McMillan, R., 2016)

It is imperative to avoid the seven deadly presentation sins – too much technology; overly complex slides; too much FUD (avoid focusing too much on threats and theoretical risks); lack of business alignment; misleading data (avoid ROSI - return on security investment projections that you can’t defend); too many people in the process; failure to connect with board-relevant decision making, and; be prepared to address objections and personalities.

The good news is there are some tactics you may need to know:

·         Consider the perspectives you want to give the board

·         Gather intelligence

·         Be deliberate with your terminology

·         Be ready to address objections

·         Overcome apathy

·         Ask for an outcome and request the next date (Proctor, E., P., Wheatman, J., McMillan, R., 2016)

References

Proctor, E., P., Wheatman, J., McMillan, R. How to Build an Effective Cybersecurity and

Technology Risk Presentation for Your Board of Directors. (2016-3-3). Retrieved (2017-21-7) from https://www.gartner.com/document/3238219?ref=solrAll&refval=187825080&qid=4afe393c3486f20d5158fb21d4dd4d85

 Anderson, J., R. Security Engineering: A Guide to Building Dependable Distributed
          Systems. 2nd ed. (2008) Wiley Publishing, Inc. Indianapolis
Posted by at No comments:

Wednesday, July 12, 2017

Cybersecurity news and information sources


CYBR650 Week 6

Sources of news and information on current cybersecurity trends

1.    Sources of cybersecurity information

Sources of news and information on cybersecurity is shown in the Table below.

Sources
Website
1.    Symantec 
-       Symantec internet security threat report 2017
-       Website security report 2016
2.    Verizon’s data breach investigations report (DBIR) - 2017
3.    Forbes
-       Top 2016 Cybersecurity reports from AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec and Verizon
4.    Federal Communications Commission
5.    Health IT security
– Healthcare data security
   incidents in 2016
6.    John Schneier Blogs
7.    Security Wizardry Radar
8.    Homeland Security Cybersecurity
9.    CVE details
-       Security vulnerability data source
10. Microsoft Service and Update Center
11. Oracle Help Center
12. Homeland Security newswire
13. Tech News World
- Cybersecurity



http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/














http://www.technewsworld.com/perl/section/cyber-security/

2.    Additional sources of information on cybersecurity


Microsoft Cyber Security. Secure and manage your digital transformation. https://www.microsoft.com/en-us/security/default.aspx?WT.srch=1&WT.mc_id=AID623240__SEM_C9HtVpRB


3.    Some sources of cybersecurity news that may not be used:

Those sources of cyber security news and information that may not be used are those that publish unverified or untrue security news and information update
Posted by at No comments:

Saturday, July 8, 2017

Securing Mobile App Back End

 
CYBR 650 Week 5

Mobile App Back Ends and Security

Millions of sensitive records exposed by mobile apps leaking back-end

Credentials (Constantin, L., ComputerWorld, 2015)

With evolving medical apps to mobile platform introduces the challenge of malicious attackers exploiting vulnerabilities in an unsecure back-end of mobile apps. Protecting codes on mobile apps, no doubt, possess no serious challenge to the information security profession. But, being able to provide such security in back-end apps coding has not been as successful. This security failure has resulted in mobile app compromises of “easy-to-fix server security failures” (Zumerle, D., O’Neil, M., & Wong, J., 2016). In a study conducted on apps using BaaS (Backend-as-a-Service) by researchers from Technical University along with Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, it was observed that cloud services providers like CloudMine, Amazon Web Services or Facebook Parse included their primary BaaS access keys inside their apps. This poses security challenges as mobile apps can be “reverse-engineered to extract such credentials and access their back-ends” housing millions of data in the data base server (Constantin, L., ComputerWorld, 2015).  Another interesting challenge for back-end security is the involvement of mobile apps with “API-based (Application Programming Interface-based) interactions and back end systems and third parties” (Zumerle, D., O’Neil, M., & Wong, J., 2016). This interrelationship makes it even harder to identify and eliminate vulnerabilities.

How can the challenges of back-end security for mobile apps be addressed?

§  Is to integrate security in SDL threat model before, during, or even after the app have been developed.

§  Conduct penetration (app security) investigation to expose weaknesses in the app.

§  Deploy threat detection tools and enable encryption, integrity protection and

authentication.

§  For back-end API’s, use least privilege to lock down mobile apps.

§  It’s good to use security checklists, and guidelines to ensure compliance to

standards and best practices.

§  Implement effective controls for application-level and network anomaly. For

internet-facing or consumer-facing web and some other applications, establish user-level and behavior anomaly detection control systems (Zumerle, D., O’Neil, M., & Wong, J., 2016).

Having a secure coding for back-end apps does not guarantee security, if IT administrators, staff and the security team does not implement good security basics. In a research conducted by Appthority, a mobile security company, it was discovered that more than a thousand apps exposed data because of lack of security controls on the back-end servers that housed 43 TB of user data and analytic tools used in mining and analyzing data that was collected. What was the security gap? There were no firewalls, does not require authentication, and stands the risk of public access via internet. The critical resources in question included, “PII (personally identifiable information), passwords, location, travel and payment details, corporate profile data (emails and phone numbers), and retail customer data” (Rashid, F. CSO, 2017). There had been multiple cases of unauthorized access, phishing, and ransomware.  

References

Constantin, L. Millions of sensitive records exposed by mobile apps leaking back-end


Zumerle, D., O’Neil, M., & Wong, J. Securing Mobile App. Gartner. (2016-15-11).


 Rashid, F. Mobile app developers: Make sure your back end is covered. CSO, (2017-

Posted by at No comments:

Monday, June 26, 2017

Medical Data Security


CYBER-650 Week 4

How Secure Is Your Medical Data? 2016 Annual Healthcare Industry Cybersecurity Report

Cybersecurity is among the top five concerns of the healthcare industry

(PricewaterHouseCoopers, 2016)

With the increasing interest of hackers on e-PHI (electronic-Protected Personal Health Information), the healthcare industry is becoming more vulnerable to malicious attacks. Medical records and important patients’ personal information (SSN, accounts and contact info) are often housed within the same DBMS. A recent report by intel security puts the digital underground trading value of e-PHI at $200,000 (Stone, J., 2016). Individual patient records (“fullz”) sold for between $15 and $65 in the underground market as reported by Dell SecureWorks (Lemos, R., 2016). In its 2016 Annual Healthcare Industry Cybersecurity Report, SecurityScorecard (a Google-backed online risk monitoring group) research shows that “unlike the financial industry, which knows it is targeted and has hence taken significant cybersecurity measures, the medical industry is still very largely vulnerable” (Goenka, H., 2016-4-11). The report was a one year survey (2015-8 – 2016-8) conducted on 700 organizations in the healthcare delivery sector, included hospitals, device manufacturers, and healthcare insurers.

The report found that malware infection in the entire healthcare delivery system was 75 percent. With device manufacturers being the worst performer at 88 percent; Medical treatment centers was second, having about 76 percent infection rate. Medical treatment centers recorded over 95 percent of the overall industry total, when the difference in the number of device manufacturers and hospitals are considered. Why do treatment centers have such high malware infection rates? One reason is that they house large number of IoT (Internet of Things) devices. These devices with wireless capabilities are lacking in appropriate security. The danger of IoT wireless devices in the treatment centers has the possibility of malfunctioning and potential of being a gateway for hackers to access the healthcare network and DBMS. There is also legacy infrastructure problem, such as patch and update management, especially for those facilities that have been in existence for a while.

The top 3 causes of health data breaches as reported in the Verizon 2015 Protected Health Information Data Breach Report: Lost or stolen assets (45%), privilege misuse (EoP) 20.3%, and miscellaneous errors (20.1%) (verizonenterprise.com, 2017).  

References

PWC Health Research Institutes. Top health industry issues in 2016. Thriving in the


Stone, J., Stolen medical data on the cheap after waves of healthcare hacks. (2016-26-


Lemos, R. All about your ‘fullz’ and how hackers turn your personal data into dollars.


Goenka, H. Is Your Medical Data Safe? Healthcare Industry, Most Hospitals Low On


Verizon. 2015 Protected Health Information Data Breach Report. (2017). Retrieved

Posted by at No comments:

Friday, June 23, 2017

2017 Cybersecurity Threats


Week 3

2017 Cybersecurity Threats

Cybersecurity trends and themes impacting healthcare delivery system remains the bane of C-suite mangers in the healthcare sector. In 2016, data compromise in the sector recorded one per day. On March 20, 2017, 1,300 e-PHI were compromised at UNC (University of North Carolina) Health Care System (Daitch, H., Identity Force, 2017). HealthCare Dive identified four main areas of vulnerabilities senior managers in the sector have to be concerned with:

§  Poor cybersecurity practices – some organizations not following best practices arising from poor information security awareness and education or lack of cultural attitude or cost of complying; poorly regulated healthcare cybersecurity with organization depending on regulations to direct them on what to do; varying levels of interest, lack of data encryption, poor password selection and protection. Banner Health, for example, had a major class action suit for being cybersecurity negligent, which resulted in 3.7 million people data compromised. In February 2017, Children’s Medical Center, Dallas, was fined $3.3 million by HHS’ OCR for privacy breaches

§  Insider threats – 43% of healthcare data breaches in 2016 resulted from insider threat – unintentional and malicious (Protenus, Health Care Dive, 2017). BYOD, USB and mobile devices were methods mostly used for the attack. However, cloud computing offers a safer means of data transmission or storage.

§  Medical devices – these provide back doors that can be exploited. In MEDJACK (medical device hijack) with the increasing introduction of medical devices into the IoT (“Internet of Things”), it becomes pertinent for medical device manufacturers to include security in the design and production of devices. Although, device manufacturers are not constrained by HIPAA security standards, but FDA has published guidelines for manufacturers to identify and address inherent device vulnerabilities. The FDA effort is already yielding results as St. Jude Medical had to recall its heart devices following identified vulnerability that is capable of being exploited against patients by malicious agents.

§  Ransomware – has been identified as a top threat facing the healthcare delivery system and is expected to increase in 2017.

            The data breach trend continues with Experian fourth annual 2017 report of data breach industry forecast anticipating the following data breach trends: “aftershock password breaches will expedite the death of the password; nation-state cyber-attacks moving from espionage to war; healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging; criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago, and; international data breaches will cause big headaches for multinational companies” (Experian, p.2, 2017).

            Healthcare delivery systems are the second most affected victims (18%) as reported in the 2017 Verizon Data Breaches Investigative Report (DBIR). The financial sector was the No. 1 victim (24%) of attack tactics of hacking (62%), malware (51%), stolen or weak passwords (81%), social engineering attacks (14%), and physical actions (8%) (Bisson, D. 2017). 75% of these attacks were perpetrated by outsiders, internal actors (25%), state-affiliated actors (18%), multiple parties (3%), partners (2%), and organized criminal groups (51%) (Bisson, D. 2017).

References

Daitch, H. 2017 Dat Breaches – The Worst So Far. (2017). Retrieved (2017-24-6) from


Healthcare Dive. 4 cybersecurity threats every hospital C-suite admin should be familiar


Experian. 2017 Fourth Annual Data Breach Industry Forecast. (2017). Retrieved (2017-


Bisson, D. 2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 years

Posted by at 1 comment:

Thursday, June 15, 2017


Threat Process Model in the health care delivery system: Sources of information for threats, vulnerabilities, updates, and security news

Healthcare cybersecurity attacks rise 320% from 2015 to 2016

(Symantec’s 2017 Internet Security Threat Report - ISTR)

A good and effective approach to addressing threat that may affect information systems of an organization is the threat modeling process. A structured approach for a software-focused, or attacker-focused or asset-focused will decompose to four basic steps:

Step 1 – Decompose the application

Step 2 - Determine and rank threats

Step 3 – Identify vulnerabilities

Step 4 – Determine controls or countermeasures and mitigation

            The visioning of the security requirements and scenarios before building would help in identifying threats to the system being built or that has been built. It’s needful to analyze these threats, with Microsoft STRIDE, and rank the identified threats with DREAD, for example. Attack agents might exploit the vulnerabilities in the software, application or system. There is the need to also identify these vulnerabilities. Table 1.1 provides a list of some credible sources of information for threats, vulnerabilities, updates, and security news. This list is by no means exhaustive. It only represents members in this category. These sources are credible as they not only provide current information on threats, vulnerabilities, updates, and security news; but, are credible, accurate and reliable sources of information security that could be applied in many scenarios to mitigating information security risks. Symantec provides a monthly threat report.

Sources
Website
1.    Symantec 
-       Symantec internet security threat report 2017
-       Website security report 2016
2.    Verizon’s data breach investigations report (DBIR) - 2017
3.    Forbes
-       Top 2016 Cybersecurity reports from AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec and Verizon
4.    Federal Communications Commission
5.    Health IT security
– Healthcare data security
   incidents in 2016
6.    John Schneier Blogs
7.    Security Wizardry Radar
8.    Homeland Security Cybersecurity
9.    CVE details
-       Security vulnerability data source
10. Microsoft Service and Update Center
11. Oracle Help Center
12. Homeland Security newswire
13. Tech News World
- Cybersecurity



http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/














http://www.technewsworld.com/perl/section/cyber-security/

Table 1.1 List of some credible sources of information for threats, vulnerabilities, updates, and security news.

            In the event of getting conflicting reports from some online sites, it is needful to cross check with some of these and some other credible cybersecurity news sites, CBS cybersecurity, Security Magazine Cyber Security News, HuffPost Cyber Security, Secure Works, and Tech Republic, for example.

References

Symantec Security Center. 2017 Internet Security Threat Report (ISTR). (2017).


Morgan, S. Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM,


Health IT Security. Healthcare Data Security Incidents Second Highest in 2016. (2017-

Posted by at No comments:
Subscribe to: Posts (Atom)