CISSP – A Certification for Cybersecurity Leaders

Archive for IT Security

CISSP – A Certification for Cybersecurity Leaders

Looking to Excel Your Career with More Opportunities?

Do you want one of the most globally recognized certifications for information security professionals? If the answer is yes, then the Certified Information Systems Security Professional (CISSP) is the cybersecurity certification for you. The typical candidate for CISSP certification has at least 5 years of recent full-time professional work experience in at least 2 of the 8 domains within the CISSP Common Body of Knowledge (CBK). By holding a CISSP certification IT professional validate their skills to design, implement and manage a best-in-class cybersecurity program. CISSP certification holders also gain membership into (ISC)2 (International Information Systems Security Certification Consortium), which allows access to exclusive resources, tools and networking. CISSP professionals generally hold titles such as security manager, security analyst or chief information security officer, just to name a few.

 

What’s Covered on the Exam?

The CISSP Common Body of Knowledge (CBK) is the collection of 8 domains that cover comprehensive aspects of information security. To become certified, IT professionals need to show their expertise in each of the following domains:

  1. Security and Risk Management
    • Understanding concepts of integrity, confidentiality, and availability
    • Security governance vs. managementInformation Security Officer
    • Compliance
    • Understanding of professional ethics
    • Legal and regulatory issues
    • Business continuity and disaster recovery
    • Establishing personnel security policies and procedures
    • Apply fundamentals of risk management
    • Understanding threat modeling and methodologies
    • Building risk-based management concepts in supply chain
  1. Asset Security
    • Identification, classification, and ownership of information and assets
    • Classification of data
    • Data retention
    • Creating data security roles
    • System base-lining and hardening
  2. Security Architecture and Engineering
    • Implementation and engineering of secure design principles
    • Security models
    • Concepts for security capabilities of information systems
    • Cryptography
    • Security evaluation criteria
  1. Communications and Network Security
    • Creating and securing design principles in network
    • OSI reference model
    • Threats to network security
    • Firewalls
    • Establishing secure network components
    • Securing communication channels
  1. Identity and Access Management
    • Identify management to control the life-cycle for all assets in system
    • Managing authentication and identification of devices, people, and services
    • Understanding and integrating identity as a third-party service
    • Implementing authentication
    • Auditing
  2. Security Assessment and Testing
    • Common vulnerabilities
    • Assessing security control testing
    • Collecting secure data
    • Penetration testing
    • Facilitating security audits
  1. Security Operations
    • Understanding and supporting investigations
    • Logging monitoring activities
    • Asset inventory management
    • Concepts for foundational security operations
    • Understanding resource protection techniques
    • Incident management
    • Implementing and testing disaster recovery strategies
    • Business Continuity planning
    • Managing physical security as well as personnel security and safety
  2. Software Development Security
    • Identify and remediate software flaws
    • Software development methods
    • Effectiveness of software security
    • Evaluation of security impact
    • Software Development Life Cycle (SDLC)

As you can tell the CISSP domains are typically suited for professionals with work experience in networking and security. In order to bridge any gap, CISSP candidates must take a CISSP training course to cover the industry best practices for each domain.

 

Why Should I be Interested in Getting Certified?

Last year alone more than $150 billion was spent on cybersecurity defenses in the United States, by 2021, reports show a worldwide total of $1.5 trillion will be spent. With cybercrimes rising at an alarming rate, and the availability of qualified IT professionals decreasing this is the perfect time to consider building on your IT career. As of 2020 the average salary of CISSP professionals lingers above the $120k mark. The projected growth rate for this profession is higher than the industry average coming in at 11.1%, it is predicted that 3.5 million CISSP related jobs will be created by 2021. Now is the time to maximize your earning and career potential while standing out amongst your peers.

 

Click here to register for CISSP certification training.

 

 

 

 

 

Hackers: The Cybersecurity Super Heroes We Need

The limitless expansion in technological advances is a double-edged sword. Whereas we can achieve more in our daily life and handle our responsibilities with ease, we are now more vulnerable to cybercrime attacks. Whether it is your phone, computer, or tablet, we are all susceptible to becoming victimized by cybercriminals. Since the beginning of the pandemic the rise in cybercrime has been astonishing. It has been reported that attacks on banking systems rose by 238% and cloud-based attacks rose to 630% just between January-April of this year alone. Hacking is described as the attempt to exploit a computer system or a private network. To put it simply; hacking is the unauthorized access to private data with the intention to use the data for illicit purposes. Now more than ever we (businesses and individuals) need to make cybersecurity and the prevention of cybercrimes a priority.

Common Types of Hackers and Hacking Techniques

Based on the intentions of the hackers they are typically categorized as either White Hat or Black Hat hackers. However, there are many different types of hackers that don’t necessarily fall within that “white or black” description. Below are some of the most common types of hackers:

Black Hat (crackers) – Hacking with the intention to gain unauthorized access to a system or data to harm operations or ransack private data.

White Hat – Hackers with the purpose of discovering vulnerabilities in current systems and safeguarding from future threats – with the owner’s knowledge.

Grey Hat – These hackers typically are a blend of both black/white hat hackers. They purposefully, but without malicious intent, exploit security weaknesses without the knowledge of the owners. The goal for these hackers is to gain appreciation and hopefully a fee for their discoveries. They are not to be confused with Ethical Hackers (White Hats) as their actions are illegal.

Red Hat – These hackers are the vigilantes of hacking. Red Hats seek to disarm and destroy Black Hats. Rather than notifying the appropriate channels, Red Hats look to launch aggressive attacks against Black Hats in the hopes of destroying their computers and resources.

Blue Hat – These hackers typically are an outside computer system security consulting firm and are invited by Microsoft to discover vulnerabilities in their Windows system and fix the weaknesses.

Green Hat – Typically describes someone who is new to hacking with very limited experience or knowledge of technology and hacking.

The Cybersecurity Super Heroes We Need

 

 

 

 

 

The only thing that ties all these hackers together is the fact that vulnerabilities in systems were exposed, regardless of the hacker’s intentions. The most common techniques that hackers use to achieve their goals are social engineering & phishing, malware-injecting devices, missing security patches, cracking passwords, and Distributed Denial-of-Service (DDoS).

  • Social engineering & phishing is the attempt to get you to share personal information, usually by impersonating a trusted source. Emails are a leading culprit when it comes to phishing and socially engineered attacks.
  • Malware-injecting devices is the use of physical plugins (compromised USB cord, USB device, mouse cords, etc) to infiltrate the hardware system and sneak malware onto the device.
  • Missing security patches is when the hacker takes advantage of outdated security software in the system. 18% of all network vulnerabilities are caused by unpatched applications.
  • Cracking passwords utilizes spyware, usually “keylogging”, that monitors every keystroke made on that device, then the program surmises the possible password combinations that are used.
  • Distributed Denial-of-Service (DDoS) is the hacking technique aimed at taking down websites. This prevents the user from accessing or delivering their service. DoS attacks inundate the target’s server with massive inflation in traffic resulting in an overloaded server.

What Has Hacking Cost Us and How to Prevent Attacks

In 2020 a report showed that out of the 4,000 confirmed breaches, hacking was responsible for more than half of them. It is currently anticipated that 33 billion private records will be stolen by 2023. With hacker attacks occurring on average every 39 seconds, it is not difficult to see the alarming rate of concern rising amongst the public. With the surge of cybercrime, private and public enterprises are driving up their IT budgets to try and counteract cyberattacks. Reports indicate that the global spending for cybersecurity services will reach beyond $1 trillion, by 2021.Hacker

Some of the most common pitfalls that can make you an easy target for hackers include:

  • Not password protecting your personal Wi-Fi or using a public Wi-Fi
  • Not automatically updating software
  • Clicking links from questionable email sources
  • Simple or the re-using of passwords
  • Not using an anti-virus software
  • Not utilizing a multi-factor authentication

The easiest remedies to avoid a hacker attack:

  • Updating software frequently- this keeps hackers from being able to access your computer through outdated programs which can be easily exploited
  • Keep the most up-to-date security programs, including anti-malware software to protect your data
  • Destroy all personal data on any hardware system you plan on letting go
  • Create difficult passwords and authentication hints
  • Keep sensitive data off the cloud
  • Disable connections when you aren’t using them
  • Utilize multi-factor authentication when you can
  • Sign up for account alerts

By taking these extra little steps you could potentially be saving your private data from a hacker with malicious intent.

Certified Ethical Hackers (White Hats)

Certified Ethical Hackers  are qualified IT professionals that demonstrate knowledge in accessing computer systems and looking for weaknesses and vulnerabilities that might be targeted by outside sources with malevolent intent. Certified Ethical Hackers are the crème de la crème in the eyes of IT decision makers as they can typically save companies not only financially, but also, potential reputable harm, or discord amongst the daily operations. With over 40% of IT decision makers claiming difficulties in finding the right cybersecurity candidate now is the time to look into becoming certified. With a higher than average growth rate of 31%, according to the U.S. Bureau of Labor Statistics, and the alarming rate at which cybercrime is rising, this IT position provides job security as well as the immense ability to grow. The typical Certified Ethical Hacker salary starts in the low $90k range but with additional certifications that pay scale substantially rises. Now is the time to invest into a position that not only challenges you but also provides you with security—no pun intended.

 

If you are interested in learning how to become a Certified Ethical Hacker click here.

If you are interested in other cybersecurity certifications click here.

Cybersecurity Threats – Phishing and Data Breaches and Hacking, OH MY!

Bigger cybersecurity risks are looming…

It is only fitting that National Cybersecurity Awareness Month happens to be the same month as Halloween. Truth be told, there is nothing more terrifying than the elaborate cybersecurity risks created daily to wreak havoc on the public. According to the FBI, efforts to monitor trending scams such as Phishing, Data Breaches, and Hacking are at an all time high.

In the latest report, the FBI has claimed that cybercrime has reached a total loss of $10.2 billion dollars, in America alone. The projected cost of cybercrime is expected to reach in excess of $6 trillion dollars worldwide, by 2021. For organizations and individuals alike, the costs associated with cybercrime is vast and one of the greatest threats lurking around the corner.

Go Phish

Cybersecurity Threats Phishing With the spread of the pandemic a lot of businesses, as well as individuals, have had to migrate offsite and create a new “work/school” environment becoming almost completely dependent on technology. The extra time spent online has created larger areas for possible exploitation and targeting by cyber criminals. Current trends show that cybercrimes have become increasingly more socially engineered and geared to using human interaction to obtain or compromise information on individuals or organizations.  Phishing is one of the most common attacks and is a form of a socially engineered attack. Phishing typically uses email or malicious websites to gather personal data by presenting itself as a trustworthy source. These attacks typically look legitimate and will pose as a reputable company/person you might be familiar with. Some ways to protect yourself from Phishing include utilizing spam filters but it is always best to add more lines of protection. Some more protective steps include:

  • Protect your cellular data by updating its software automatically
  • Apply multi-factor authentication
  • Utilizing a security software on your computer, and update automatically
  • Backing up all your data

The typical Phishing email contains suspicious sender addresses, generic greetings, spoofed web links, suspicious attachments, and questionable misspellings and inconsistent formats. The easiest way to avoid Phishing attacks, is when in doubt—throw it out.

The Data has been Breached

What does Adobe, eBay, Netflix, and Facebook all have in common? They have all been a part of major data breaches within the 21st century. Data breaches include, either intentionally or unintentionally, the release of private confidential information within an untrusted environment. The most notable data breach involved Equifax releasing the Social Security numbers, birth dates, home addresses, tax ID numbers, and driver’s license information of nearly 150 million people in 2017. Within the last two years there have been over 2.1 billion people affected by data breaches. Some of the most common risks associated with data breaches include:

  • Reputational harm
  • Financial loss
  • Operations shutdown
  • Legal action

Whereas companies are fighting tooth and nail to combat data breaches they cannot keep up with the willpower of the cybercriminals and sometimes the sheer accidental data breach from internal sources. If you suspect that you have been a part of a data breach, there are steps you can take to secure your information as much as possible.

  1. Get confirmation of the breach and if your information was exposed
  2. Find out the type of data that was exposed
  3. Reach out to the company and see what help they can/will provide
  4. Update all login and security information on all sites
  5. After determining what type of data was stolen, reach out to the appropriate companies (example: credit cards) and inform them that your data was compromised
  6. Monitor all activity on accounts and new accounts meticulously
  7. File taxes early

There is no 100% safeguard way to eliminate your exposure to data breaches. However, there are legitimate companies that will monitor all of your data activity and make you alert if there is a potential concern.

The Hack Attack

It is projected that in 2023, 33 billion records would be stolen by cybercriminals.  Annually, Americans are losing $15 billion dollars just from identity theft alone. Cybersecurity ThreatsReports have shown that out of the 4,000 confirmed breaches this year more than half of them were caused by hackers. On average a hacker attack occurs every 39 seconds. We generally assume all hackers are bad, right? Wrong… There are good hackers and bad hackers. This is the “Black Hat vs White Hat” saloon shootout scenario, the Black Hats are the bad guys and the White Hats are the good guys. Certified Ethical Hackers  (White Hat), are the ultimate security professionals in combating and exploiting vulnerabilities and weaknesses throughout various systems before a Black Hat hacker can infiltrate their systems. Some ways to counteract the hacking attempts on your privacy would include:

  • Updating software frequently- this keeps hackers from being able to access your computer through outdated programs which can be easily exploited
  • Keep the most up-to-date security programs, including anti-malware software to protect your data
  • Destroy all personal data on any hardware system you plan on letting go
  • Create difficult passwords and authentication hints
  • Keep sensitive data off the cloud

Companies are painfully aware of the need to create infrastructures that not only protect customers privacy but also are proactive in defending against all incoming future cybersecurity risks. According to reports, worldwide spending for cyber security defenses will reach $170.4 billion by 2022. Companies are seeking highly qualified candidates in various fields of cyber security in order to guard themselves from external and internal cybersecurity risks. Certified Ethical Hackers (CEH) typically make around $105,000 a year and are highly sought after, especially with hacking and phishing making up 85% of cybercrimes. The Certified Information Systems Security Manger (CISSM) certification is the top credential for IT professionals to have in their arsenal to fight cybercriminals. Certified Information Systems Security Managers develop, manage, and oversee information security systems in enterprise-level applications while developing best security practices for organizations to abide by. The typical salary for a CISSM candidate is around $110,000 a year and has no fear of lack of job security. Companies understand that it is easier to prepare for cyber attacks than to repair from cyber attacks. They are investing into their cyber security defenses and now is the time to look into a new job or a new and improved job in cyber security.

Terrifying Cyber Crime Statistics

#1 | 780,000 records were lost per day in 2017

According to McAfee’s Economic Impact of Cyber Crime (February 2018) cyber criminals adapt at a fast pace. The scale of malicious activity across the internet is quite astounding. The figures are frightening on a monthly or yearly scale, let alone daily! Cyber criminals are constantly finding new technologies to target victims. With the introduction of Bitcoin, payment and transfers to/from cyber criminals is untraceable.

McAfee reports that one of the major internet service providers (ISP) sees 80 billion malicious scans a day

#2 | Over 24,000 malicious mobile apps are blocked daily

Symantec’s Internet Security Threat Report details that lifestyle apps are the main targets. The majority of these apps leak phone numbers. Further sensitive information like device location is also being made accessible. It would be completely impossible to monitor or check each of these apps for vulnerability issues. It’s essentially an open ticket for cyber criminals to do their worst.

In the first quarter of 2018, Google Play had over 3.8 million apps on their store.

#3 | Microsoft Office file formats are the most used file extensions

In the top 10 most malicious file extensions, Microsoft Office took the number 1 spot. Emails are a common way for cyber criminals to attack their victims. Emails are used on a daily basis around the world. If you see an email containing a .doc or .xls file extension, most users would relate it to Microsoft. Microsoft being a reputable company means people are more likely to open an attachment.

According to Cisco’s 2018 Annual Cybersecurity Report, 38% were Office formats

#4 | The U.S., U.K., & China are more vulnerable to Smart Home attacks

The majority of smart home devices are connected via an external network. If the router you’re using doesn’t have decent security protection, you could be opening up your home to a cyber attack. With smart home devices becoming more prevalent, criminals are finding new ways to exploit vulnerabilities.

According to Trend Micro, The U.S., accounted for 28% of smart home device incidents. The U.K. and China followed with 7% each

#5 | 21% of files aren’t protected

Varonis’s 2018 Global Data Risk Report is quite terrifying. 6.2 billion files were analysed. These files contained credit card information, health records, etc. 21% of these files were open for global access. Furthermore, 41% of companies have more than 1000 sensitive files open to everyone.

#6 | Healthcare industry ransomware attacks will quadruple

By 2020, CSO Online predicts ransomware attacks will be quadruple. The healthcare industry gets attacked more than most industries. Thankfully not all attacks will be successful. Healthcare industries should not give into demands and ensure their data is safe and backed up. Phishing emails are particularly common and often where cyber attacks originate from.

#7 | Cyber Crime to cost $6 trillion by 2021

In the 2017 Official Annual Cybercrime Report, it’s estimated that cyber crime will cost $6 trillion annually by 2021. In 2015, that figure was $3 trillion.

Cyber crime is now becoming more profitable than the global trade of illegal drugs!

#8 | 30% of phishing emails in the U.S. are opened

That’s almost one-third of all emails, according to Verizon’s 2018 Data Breach Investigations Report. Phishing emails no longer take the same approach they used to. Do you remember seeing an email from your bank, Apple, PayPal etc. asking for sensitive information? With the figures that high, it’s no wonder cyber criminals are preying on email victims.

So many of us receive these emails each day and 12% are clicking on the links/attachments contained within them

#9 | 58% of U.K. businesses sought cyber security advice

The Cybersecurity Breaches Survey 2017 shows U.K. businesses are more aware of cyber issues. However, it also shows that a large percentage of businesses aren’t seeking any advice or potentially protecting themselves from threats.

79% of medium firms sought advice whereas only 50% of micro firms did

#10 | 300 billion passwords worldwide by 2020

It may seem like passwords are dying, due to encryption etc. but according to Cybersecurity Media, they’re not. It’s predicted that 300 billion passwords will be used by 2020. That takes into account humans and machines! That’s an awful lot of passwords, all of which require cybersecurity protection. If not, that’s 300 billion potential threats, worldwide.

#11 | French president Emmanuel Macron emails hacked

Yes, even a president can get hacked! In 2017 Emmanuel Macron’s emails were hacked. His emails were posted online just days before he was due to go head to head against his opponent. 9GB worth of data was posted to Pastebin. Macron’s campaign confirmed it had been hacked.

#12 | More than 60% of fraud originates from mobile devices

The world has gone mobile, and so have fraudsters. 60% of fraud comes from mobile devices; of that figure, 80% comes from mobile apps. Once a cyber criminal has access to your mobile, it can access your mobile banking app and initiate multiple levels of cyber crime. Fraudulent transactions are now over double the value of real transactions.

#13 | 2.53 million fall victim to cyber crime in UAE

In 2016, Norton by Symantec reported over 2.5 million people were victims of cyber crime in UAE. Despite reports stating that awareness of cyber crime was high, people are still engaging in online behaviour that is deemed as risky. People know they should be aware of links and protect their information. 70% of those people still click on information that they aren’t 100% sure of. Millennial’s seem to be the most affected group of people.

53% of millennial’s experienced cyber crime in the last year

#14 | Netherlands have the lowest cyber crime rate

In 2015, Symantec reported the Netherlands as having the lowest cyber crime rate. Only 14% of the population were affected. Although 14% is still high, compared to other countries, it wasn’t! Indonesia, for example, was subject to the highest cyber crime rate in the world.

59% of the population fell victim to cyber crime

#15 | Personal data sells for as little as $0.20

Have you ever thought how much your personal data is worth to you? Well, to some, it could sell for as little as $0.20, up to $15. Credit card information and account information can be accessed and purchased much more easily than you might think. The value of information is dependent on the type of details included. For example, credit card details are more valuable than other information. As well as this, it’s also dependent on how easy it would be to resell the information. If it’s too difficult, the value of personal data decreases.

#16 | Japanese exchange lost $530 million due to hacking

Coincheck is one of the biggest Bitcoin and cryptocurrency exchanges in Asia. In January 2018 it reported that it had lost $530 million due to hacking. Due to the incident, Coincheck seized and stopped all sales and withdrawals of it’s cryptocurrency at the time. The cryptocurrency used for the exchange was called NEM. Coincheck deal with other cryptocurrencies too.

#17 | In 2016, Adware affected 75% of organisations

Cisco investigated 130 organisations in it’s Cisco 2017 Annual Cybersecurity Report. It found that 75% of companies were affected by adware. Adware in itself is a nuisance, but it can also facilitate further malware or virus attacks. Adware presents itself in the form of advertisements. Whether you’re using your device on or off the internet, adverts can be displayed. Often if you’re trying to perform an internet search, the results direct you to other websites or marketing pop-ups to obtain your personal data.

#18 | Average ransomware demand is $1,077

Although not every ransomware demand is paid, the average demand value is $1,077. Since the last report, this shows an increase of around 266%! When victims are faced with a ransom amount, they often pay up. We rely on the internet for daily activities, for personal and work. We rely on the internet to connect our devices, and even our homes with the introduction of smart home products.

Demands are significantly increasing because we’re so reliant on the internet. As ransomware attacks increase, we can expect the demand values to increase as well

#19 | China have the most malware in the world

Over 55% of China’s computers are infected with malware. Since 2014, that figure increased by nearly 30% more! Even with people being more and more aware about cyber crime, it’s clear to see it doesn’t stop attackers. Taiwan follow closely with 49% of their computers being infected. Of all the malware across the world, Trojans were the cause of the most infection. Trojan’s are malicious programs that provide a back-door kind of entry to computers.

Once hacked, attackers can access personal information, passwords, and infect other devices connected to the same network

#20 | 90% of hackers use encryption

Encryption is a process which involves encoding a message, information, or program. Encryption allows only authorised people to access it. For example, a document that may be readable in normal circumstances would appear completely illegible when encrypted. In order to access encrypted information, it must be decoded first. Hackers are of course aware of how best to hide their tracks. 90% of them use encrypted traffic to disguise what they’re doing. If we, as users, used encryption to the same level, it would be much more difficult for cyber crime to take place.

#21 | Companies take over 6 months to notice a data breach

For me, this is one of the most terrifying statistics. Research suggests that most businesses take up to 197 days to notice breach of their data. ZDNet reports finance firms can take an average of 98 days! Due to the amount of time it takes for companies to realise a data breach, attackers are able to obtain even more information. Think about it, imagine what a cyber criminal can obtain over a 6 month period. Certain industries are of course more vulnerable to attacks, due to the data they hold.

83% of finance companies incur over 50 attacks per month. Once data has been stolen, it gets sold on the black market

 

Source: Original report can be found on VPN Geeks.

The Best Cybersecurity and Information Security Certifications

Information Security CertificationsLet’s begin with “Information Security” and “Cybersecurity”.  There are two expressions that people often use somewhat interchangeably. They are not quite the same though, as we have already explained in one or our previous blog posts. In any case, both have – naturally – the security aspect in common. This means, that if you are planning for a professional career in this field, not only are your knowledge and skill set of particular importance, but also are your reputable credentials, such as, Cybersecurity and Information Security Certifications.

Let us have a look at some of the best information security certifications to boost your career as an information security professional.

 

Information Security Certifications

Certified Penetration Testing Engineer (C)PTE)

The Certified Penetration Testing Engineer certification constitutes an upgrade to the Certified Ethical Hacker/CEH. The Techsherpas certification course is based on proven, hands-on penetration testing methods and the Five Key Elements of Pen Testing:

  • Information Gathering
  • Scanning
  • Enumeration
  • Exploitation
  • Reporting

CISM: Certified Information Security Manager

The certification as a CISM/Certified Information Security Manager demonstrates your proficient knowledge and skill set in the field of Information Security Management, such as:

  • Threat analysis and risks
  • Risk and incident management
  • IS security strategy/frameworks
  • Security programs and CISO roles
  • Creation of policies for audit and risk management, compliance and awareness
  • DR and BCP development/deployment/maintenance

 

CompTIA Security+

With Information Security Certifications like CompTIA Security+ you demonstrate the necessary computer security skills to successfully perform your duties in a wide range of IT security-related roles. Such skills are, for example:

  • Identification of the fundamental computer security concepts
  • Identification of (potential) security threats
  • Data management and application
  • Host security management
  • Network security implementation
  • Identification/implementation of access control
  • Identification/implementation of account management security measures
  • Identification/implementation of compliance and operational security measures
  • Certificate and risk management
  • Troubleshooting and management of security incidents.
  • Business continuity and disaster recovery planning

 

CISSO: Certified Information Systems Security Officer

A Certified Information Systems Security Officer (CISSO) demonstrates proficiency in the knowledge and skill set (including industry best practices) that characterize the work of a security manager/security officer, such as:

  • Expertise regarding the in-depth theory of core security concepts, practices, monitoring and compliance
  • Use of a risk-based approach
  • Ability to implement and maintain cost-effective security controls

The CISSO certification training also covers the exam objectives of the CISSP: Certified Information Systems Security Professional

 

C)IHE: Certified Incident Handling Engineer

The Certified Incident Handling Engineer (C)IHE) is directed toward IT professionals, such as incident handlers, system administrators and general security engineers. The training, which also covers the GCIH- GIAC Certified Incident Handler, teaches students:

  • Planning, creation and utilization of systems for attack prevention, detection and response
  • Step-by-step approaches as used by hackers worldwide
  • Identification of the latest attack vectors and implementation of safeguarding measures
  • Incident handling procedures
  • Strategies for each type of attack
  • Recovery measures after an attack

 

Have a look at our public training schedule to find out more about how we can support you to achieve the Cybersecurity and Information Security Certification that is best for your career plans.

 

 

 

Sources:
https://www.businessnewsdaily.com/10708-information-security-certifications.html
https://en.wikipedia.org/wiki/List_of_computer_security_certifications
https://www.darkreading.com/risk/10-security-certifications-to-boost-your-career/d/d-id/1322449?image_number=3
https://techsherpas.com/it-training/cihe-certified-incident-handling-engineer-on-demand

2 Additional Technology Jobs In Demand and How to Qualify for Them

In our recent post, we have already talked about technology jobs in demand.  Since the world of technology is getting more and more complex, so diverse are the type of professionals to navigate it. Therefore: Here are MORE of those tech/IT jobs that are particularly in demand.

Technology jobs in demand

Data Analyst/Data Scientist

Computers and networks run on data, and every day, more data is being generated and collected. Therefore the amount of such data (big data) is constantly increasing. In order to evaluate and interpret this flood of information (words, numbers, pictures etc.), specialists are in high demand.

Many decisions and business strategies, across all industries are based on such information.

If you aim for a job as a data analyst/scientist, the minimum of a bachelor degree is typically expected. Most professionals who work with big data have obtained an advanced degree, such as  a Masters or Doctorate Degree in an area such as computer sciences, but also subjects like mathematics or statistics.

Information Security Analyst/Computer Security Analyst

Since the information stored on computers and in computer networks are often of a confidential nature, keeping it secure is of the utmost importance. Experts in information security and computer security (see also: “Cybersecurity”) are definitely technology jobs in demand. An information security analyst’s responsibility involves the planning and implementation of protective measures.  They also need to detect potential security gaps and anticipate future data breaches by computer hackers.

The methods of computer hackers are constantly evolving. Therefore, the information security analyst needs to stay up-to-date with the developments in computer sciences and related technologies. Just as it is the case with most IT jobs, it is important to participate in further education and training beyond the achievement of a college degree. This is possible by participating in additional IT training courses and IT certification training (see TechSherpas IT Certification Training overview).

Maybe you already have an IT-related college degree and want to enhance your career. In any case, you should have a look at our various computer training and certification programs, including our on-demand learning solutions that can help you obtaining your certification on your own schedule and at your own pace.

Here are just a few examples for the training that we currently provide:

  • MCSE: Data Management & Analytics 70-773 Analyzing Big Data with Microsoft R
  • MCSE: Data Management & Analytics 70-767 Implementing a SQL Data Warehouse
  • CVSE: Certified Virtualization Security Engineer
  • CSSO: Certified Cloud Security Officer

 

Sources:

https://www.cbsnews.com/media/americas-10-toughest-jobs-to-fill-in-2017/
https://www.bls.gov/careeroutlook/2013/fall/art01.pdf
https://www.degreequery.com/degree-need-information-security-analyst/

 

 

7 DON’Ts for Your Computer Security

We have recently written several articles revolving around cyber-, IT and computer security. While certain aspects of these topics are more complex (you can find information on further training and certifications we provide here), here are a few simple things to keep in mind, some DON’Ts as in things that you should better not do – or at least think twice about before doing so – to avoid risking your computer’s and personal information’s integrity and security.

Ways to Protect Your Information- Even Before Training and Certifications

Saving passwords on shared devices

Don’t save any passwords or PINs (Personal Identification Numbers) that grant access to your profiles and accounts on any computer devices that you share with others or that might potentially be shared with others, for example:

  • Office computers
  • Computers at internet cafés, public libraries or
  • any kind of public computer terminals

Staying logged in on shared devices

Don’t leave the above mentioned computers without first logging out of your accounts and closing your browser tabs. (The very least you should do when leaving your office computer unattended, is using a password-protected lock-screen.) For added security, you might even want to delete your browsing history.

Leaving mobile devices unattended

That one should really be a “no-brainer”: Don’t leave your mobile devices unattended. Not only are you risking unauthorized access by other people – you are risking THEFT of the device (laptop, tablet, smartphone).

Staying on outdated operating systems/internet browsers

Don’t ignore security patches and updates for your software, especially when it comes to your operating systems and internet browsers: Many software providers frequently provide updates and patches for their products, and for a good reason. Outdated operating systems, internet browsers etc. can make you more vulnerable to malware, hacking attacks etc. (Needless to say: If you do your updates manually, make sure you are getting them from their genuine source.)

Clicking on unknown attachments

Don’t blindly click on email attachments if you don’t know or have not verified the sender. This especially refers to (but is NOT limited to) .exe and .zip files, since those formats are more likely to contain malware.

Trusting potential phishing emails that want you to “verify your account”

They might claim to come from one of your providers or even banks, and they might ask you to click on a given link to re-enter your log-in details. Make very sure that the email actually does come from the sender it claims to be coming from. Be suspicious, and when in any doubt, go to your already familiar provider’s home to log into your account and see if you are prompted to verify or change any personal information.

Storing of login information next to your computer

Don’t leave notes with your login information with your computer (i.e. on your desk, under the monitor, in your laptop case etc.)

 

 

https://its.ucsc.edu/security/top10.html

https://www.consumer.ftc.gov/articles/0009-computer-security

https://www.consumer.ftc.gov/articles/0015-laptop-security

https://its.ucsc.edu/security/training/docs/intro.pdf

 

 

Safety and Security Measures You Should Follow

Security is important, especially with computers, internet, and personal information.  Here’s a few cybersecurity tips to keep yourself safe.

Follow These Cybersecurity Tips for Safe Computer Access

Make use of passwords and PINs

Your passwords and PINs are an imperative line of defense, not only for your devices, but especially for your online “existence” – your social media profiles, online-shop accounts and access to your online-banking.

In other words: When your device offers you the option to use are protective password or PIN (personal identification number) in order to access it, then do make use of it. (The access to your various online profiles is usually password-protected as a rule, anyway.)

Avoid easy guesses

Don’t use PINs like 1234 or your birthday – those are combinations that other people often try first to get unauthorized access.

The same goes for passwords: Neither your own name, nor your partner’s or your children’s names are a difficult leap – and would-be hackers know that, too – so it’s better if you stay clear of such password choices.

Make your passwords more complex (and therefore more difficult to guess or hack) by making them at least eight digits and a combination of letters, numbers, and where applicable, even symbols. When you set up an online-profile, the provider often gives you a guideline regarding the minimum security requirements for your password choice.

Don’t use the same password every time

Make sure not to use the same password all over your various accounts, especially not in combination with the same username or email-address. The reason is a simple one: In case one of your accounts should get hacked after all, you don’t want the hackers to have access to your other accounts as well!

Keep changing your passwords periodically

For similar reasons, it is a good idea to change a once determined password after a while, so that even if your account had been compromised at one point, maybe without your noticing, the hacked password will not work for unauthorized people’s future use.

Organize your passwords and keep them safe

It’s obvious that all these different passwords and user names need some organization as well as safekeeping. You might want to write them down somewhere, but if you do, keep them away from open display and if possible not in direct vicinity to your computer. One way to do this electronically is using a special password-manager software (that can even create unique and elaborate passwords for you).

Make sure to log out of your accounts when you leave, especially on computers that are not yours

Many online-shops provide the option to stay logged in your profile with them, so that you are not automatically logged-out once you check out and leave the shop. This is usually done by checking a little box where you log into your account (e.g. “Keep me signed in”).

While this can be a handy little option to use on your personal device in order to do some quick shopping without having to go through the log-in process, you should definitely not use this option on a public computer, or any computer that other people might have access to. This is one of the basic steps to protect your profiles and accounts – so basic, that the providers of this option usually expressly advise against staying logged-in themselves.

 

Sources:

https://fieldguide.gizmodo.com/18-ways-to-make-your-online-accounts-more-secure-1793250264

https://support.google.com/accounts/answer/32040?hl=en

https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/

 

 

The Difference between Cybersecurity, Information Security and Computer Security

First things first: cybersecurity and IT security (information security) are not precisely the same thing, even though many people tend to use these terms interchangeably – which is understandable, because they are very closely related. In general, they both refer to the world of computers, computer networks and the information that is stored and processed there. This information is often highly sensitive and therefore, of course, needs to be protected by various measures.

Security for IT Professionals Explained

Security for IT professionals is a complicated matter, so here’s a basic explanation of the main types of security.

Simply put, one could probably say that “cybersecurity” (or according to the Merriam-Webster dictionary “cybersecurity”) aims at protecting the computer and/or computer network or computer system (which of course includes access via the internet as well), while “information security” or “IT security”, as the expression might suggest, concentrates on the protection of the data within those computers/computer networks.

Almost the same – but not quite the same

Of course, one could argue that the reason for protecting “the computer(s)” as such is the protection of the data/information, one way or the other.

According to the Glossary of Key Information Security Terms from May 2013 that is published by the National Institute of Standards and Technology (NIST), Cybersecurity refers to the “ability to protect or defend the use of cyberspace from cyber attacks” (CNSSI-4009)

According to Merriam-Webster, Cybersecurity is defined as “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack”.

On the website of “The School of Business at George Mason University”, one can read the following definition: “protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability”.

This might sound/read rather similar, but this time, the definition happens to refer to the term of Information Security. So, how can that be? Is it simply a question of semantics?

Actually, there is a slight difference between those two definitions: The second one focuses on the protection of the information.

Two aspects of the same challenge

Does this still sound quite the same? That’s because in both cases, the eventual challenge is the same. But the focus of the protective measures is slightly different – just like there is a difference between a watchdog and/or security guard securing the entrance to a building and the bodyguard that might protect a person that lives inside.

Back to the world of computers, one could probably argue that Cybersecurity and Information Security are two aspects of the same challenge – Computer Security or “COMPUSEC”, defined by NIST as: “Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.” (CNSSI-4009)

How Cloud Storage Has Changed Technology

The concept of the cloud technology has been well-loved since it was first introduced, but very few truly understand what it is and the power it has to influence our daily lives. Basically, the cloud is responsible for any process that you don’t do or store on your own computer. If you’re accessing some remote server or computer to do a task, like save a big file, that’s the cloud. See, when the cloud first came into creation, it looked different and served limited functions. Now, it has morphed into a very useful technology that people can’t seem to live without.

How Cloud Technology Changed Our Lives

To fully understand just how much the cloud affects our day to day lives, here are some of the ways that cloud storage has changed the technology as we know today.

  • Quick and easy repairs or upgrades

From here on out, any technology linked to the cloud can be fixed with ease and almost zero intervention from their owners. That’s why when your car’s GPS needs updating, the cloud makes sure it’s able to quickly do that. The same goes for the apps in your phone and the accounts you maintain online.

This same feature is used by medical companies to remind technicians when they have to maintain specific medical equipment. To make their jobs even easier, there are even readily accessible manuals that would help them fix new equipment that they don’t have the expertise for.

  • Obscure and hands-free computers

The more you use the cloud, the more you’re contributing to spreading that same network. You have to understand that the cloud is nothing but a huge, well-maintained computer network. As the spreads, it is able to cover more functions and takes it off of users. You don’t have to manually update your apps, store your files or check the battery of your car. Everything will be tailor fitted to your needs. Slowly, you won’t have any use for bulky technology, thus the rise in popularity of hands-free devices.

  • Consumer-centric technology

Because there is more data readily available for different businesses to base their marketing approaches off of, like when you’re most likely to work or shop, their approach to sales will shift from quick conversion to building a relationship with their users. You can already observe this in bigger e-commerce sites where they give a lot of space to recommendations for what movie to watch, how to dress up certain clothes and so on.

Sources:

https://www.pcmag.com/article2/0,2817,2372163,00.asp