(ISC)2 Foundation and University of Phoenix Research identify gaps hindering efforts to fill cybersecurity jobs

100914.isc_

Cybersecurity breaches affect businesses large and small, and the annual cost of computer- and network-based crimes worldwide is estimated to be more than $400 billion, according to a report from McAfee and the Center for Strategic and International Studies. As organizations increasingly use data networks for business, commerce and the transfer of sensitive information, the risks multiply, as do the needs for qualified cybersecurity professionals.

(ISC)2 Foundation and University of Phoenix recently conducted a national roundtable with cybersecurity leaders from industry and higher education to develop actionable recommendations to prepare students for cybersecurity careers.

The (ISC)2 Foundation and University of Phoenix report, Cybersecurity Workforce Competencies: Preparing Tomorrow’s Risk-Ready Professionals, identifies three education-to-workforce gaps that leave employers and organizations particularly vulnerable. These gaps are competency, professional experience, and education speed-to-market.

The report is based on a year of research, including analysis of industry competency models and labor statistics, which led to a national focus group, followed by the roundtable with industry leaders.

“The growing frequency, sophistication, and costs of cyberattacks threaten business continuity for organizations of all sizes,” said Julie Peeler, director, (ISC)2 Foundation. “Preparing and attracting the next generation of cybersecurity professionals is critical to the health of the economy and businesses globally.”

Roundtable participants say the following actions by industry and education leaders can have the most immediate impact on closing the gaps:

1.       Encouraging problem-based learning via case studies and labs;

2.       Offering meaningful internships for cybersecurity degree completion; and

3.       Developing curriculum and career resources that are informed by cybersecurity employers.

“The multi-faceted cybersecurity field demands a strong workforce comprised of individuals who can adapt to constant shifts in the sector,” said Dennis Bonilla, executive dean of University of Phoenix College of Information Systems and Technology. “The industry increasingly needs professionals who possess both technical skills and strong business acumen, and curriculum is shifting to reflect these dynamics. Relevant education and training aligned to industry requirements are crucial to protecting and growing business infrastructure in the U.S. and globally.”

“Having qualified cybersecurity professionals is critical in all industries,” said Peeler. “Employers must act quickly to close workforce gaps and mitigate the risks that threaten enterprises. The roundtable report by the (ISC)2 Foundation and University of Phoenix provides practical recommendations to key stakeholder groups that must work together to build the cybersecurity talent pipeline.”

Closing the education-to-workforce gaps: Recommendations for students and employers

The report offers the following tips for students interested in cybersecurity careers, and for employers struggling to fill job openings:

Recommendations for students:

1.       Get certified. Obtain the relevant certifications that can help enhance employability.

2.       Understand clearance requirements. Many jobs in this field may require a security clearance. Be mindful that past actions could affect your eligibility.

3.       Get involved. Demonstrate interest in the field by developing professional relationships. Stay abreast of industry trends by joining an association.

4.       Build a portfolio. Seek opportunities to demonstrate your expertise by co-presenting at industry conferences and completing relevant projects.

5.       Seek opportunities. Look for ways to obtain professional experience through internships, job shadowing or work-study jobs.

Recommendations for employers:

1.      Engage with educators. Offer internships and participate in higher education curriculum advisory boards.

2.      Champion cybersecurity careers. Partner with middle schools and high schools to increase awareness of cybersecurity career opportunities.

3.      Steer clear of clearances. Remove barriers to entry-level jobs by decoupling tasks that require a security clearance. Many applicants, such as non-U.S. citizens, may be unable to obtain a security clearance readily.

4.      Promote partnerships. Develop partnerships with higher education institutions to support curriculum development, career networking, and internships.

5.       Encourage professional experience. Develop and fund programs that provide industry experience to students. Ensure programs meet the National Security Agency’s Centers of Academic Excellence accreditation requirements, and seek accreditation approval for such programs.

6.      Hire interns. Internships are a viable step to employment and demonstrate the value of entry-level experience as a pathway to a career.

Enhanced Ebola screening to start at five U.S. airports for all people entering U.S. from Ebola-affected countries

10633997_805341516177900_2451936697754944116_o

The Centers for Disease Control and Prevention (CDC) and the Department of Homeland Security’s (DHS) Customs & Border Protection (CBP) this week will begin new layers of entry screening at five U.S. airports that receive over 94 percent of travelers from the Ebola-affected nations of Guinea, Liberia, and Sierra Leone.

New York’s JFK International Airport will begin the new screening on Saturday. In the 12 months ending July 2014, JFK received nearly half of travelers from the three West African nations. The enhanced entry screening at Washington-Dulles, Newark, Chicago-O’Hare, and Atlanta international airports will be implemented next week.

“We work to continuously increase the safety of Americans,” said CDC Director Tom Frieden, M.D., M.P.H., in a statement. “We believe these new measures will further protect the health of Americans, understanding that nothing we can do will get us to absolute zero risk until we end the Ebola epidemic in West Africa.”

“CBP personnel will continue to observe all travelers entering the United States for general overt signs of illnesses at all U.S. ports of entry and these expanded screening measures will provide an additional layer of protection to help ensure the risk of Ebola in the United States is minimized,” said Secretary of Homeland Security Jeh Johnson. “CBP, working closely with CDC, will continue to assess the risk of the spread of Ebola into the United States, and take additional measures, as necessary, to protect the American people.”

CDC is sending additional staff to each of the five airports. After passport review:

  •  Travelers from Guinea, Liberia, and Sierra Leone will be escorted by CBP to an area of the airport set aside for screening.
  • Trained CBP staff will observe them for signs of illness, ask them a series of health and exposure questions and provide health information for Ebola and reminders to monitor themselves for symptoms. Trained medical staff will take their temperature with a non-contact thermometer.
  • If the travelers have fever, symptoms or the health questionnaire reveals possible Ebola exposure, they will be evaluated by a CDC quarantine station public health officer. The public health officer will again take a temperature reading and make a public health assessment. Travelers, who after this assessment, are determined to require further evaluation or monitoring will be referred to the appropriate public health authority.
  • Travelers from these countries who have neither symptoms/fever nor a known history of exposure will receive health information for self-monitoring.

Entry screening is part of a layered process that includes exit screening and standard public health practices such as patient isolation and contact tracing in countries with Ebola outbreaks, DHS says. Successful containment of the recent Ebola outbreak in Nigeria demonstrates the effectiveness of this approach.

These measures complement the exit screening protocols that have already been implemented in the affected West African countries, and CDC experts have worked closely with local authorities to implement these measures. Since the beginning of August, CDC has been working with airlines, airports, ministries of health, and other partners to provide technical assistance for the development of exit screening and travel restrictions in countries affected by Ebola. This includes:

  •  Assessing the capacity to conduct exit screening at international airports;
  • Assisting countries with procuring supplies needed to conduct exit screening;
  • Supporting with development of exit screening protocols;
  • Developing tools such as posters, screening forms, and job-aids; and
  • Training staff on exit screening protocols and appropriate personal protective equipment.

Today, all outbound passengers are screened for Ebola symptoms in the affected countries. Such primary exit screening involves travelers responding to a travel health questionnaire, being visually assessed for potential illness, and having their body temperature measured. In the last two months since exit screening began in the three countries, of 36,000 people screened, 77 people were denied boarding a flight because of the health screening process. None of the 77 passengers were diagnosed with Ebola and many were diagnosed as ill with malaria, a disease common in West Africa, transmitted by mosquitoes and not contagious from one person to another.

Exit screening at airports in countries affected by Ebola remains the principal means of keeping travelers from spreading Ebola to other nations, DHS says. All three of these nations have asked for, and continue to receive, CDC assistance in strengthening exit screening.

Police struggling with cyber-crime says top policeman

640_bernard-hoganPolice have still not “got to grips” with online fraud despite a huge rise in the crime, the UK’s most senior officer has admitted.

The Metropolitan Police has seen a 54 per cent rise in reports of cyber-crime in the past year, with half of the 17,000 cases referred to the force by Action Fraud involving the use of technology.

Speaking at a security conference in London, Met Commissioner Sir Bernard Hogan-Howe told delegates at the British Library that investigators have a challenge to gather evidence linked to a crime that has no immediate witnesses.

The Scotland Yard chief said: “There is an emerging and great criminal challenge that we need to confront and I would argue that police have not yet got to grips with this very significant, different type of crime.”

Despite a 20 per cent budget cut, the Metropolitan Police has moved hundreds of officers and staff to a specialised unit called Falcon, which stands for Fraud and Linked Crime Online, to try tackle the problem.

The unit is the biggest anti-cybercrime unit in Europe, and was officially launched earlier this month with a team of 300 staff, which is expected to rise to 500.

Sir Bernard said his force had to find officers and staff for the new unit despite slashed budgets.
He added: “We’ve had to find them because people are suffering and businesses are suffering. We have to do something about it. Frankly I got tired of coming to conferences where people were describing a problem and very little action seemed to have been taken.”

The unit has already made 79 arrests since it began operating in August.

Apple Pay Will Have Some Security Vulnerabilities

th

Apple Pay couldn’t have arrived at a better time; security breaches in major retailers appear almost daily in the news, and consumers are looking for a more secure way to pay. And while Apple Pay may address that need for many, there are still potential security breaches.

Security is a major part of Apple’s marketing for Apple Pay. But one potential flaw in Apple Pay’s security is the Touch ID. After the release of the feature last year, the biometrics hacking team at the Chaos Computer Club showed the iPhones 5s was susceptible to hacking. As noted in DARKReading, the “CCC researchers demonstrated that an attacker with physical access to the phone could take a picture or scan fingerprints of the device’s owner and use that to create a mold of the fingerprint to launch an attack.” In theory, this vulnerability would pose a significant threat for Apple Pay users. A hacker who succeeds in thwarting the Touch ID would then have access to the stored credit cards.

The iPhone 6 is not immune to this form of hacking either, although the “iPhone 6’s fingerprint sensor is a bit more sensitive than its predecessor,” and therefore would require a more highly-skilled hacker to replicate the fingerprint, according to Security Today. The same article goes on to emphasize the additional security threat implied when a hacker is able to breach the Touch ID’s security—namely that he or she would then have access to the credit cards stored on the iPhone via Apple Pay.

Although the potential flaws in the Touch ID feature are nothing to be ignored, Apple Pay includes other security measures which go to great lengths ensuring the safety of credit card data. As noted in Fox News, EMV technology and token technology are both major features that secure payments via Apple Pay. Already in use in Europe, “EMV technology is at the heart of each Apple Pay transaction,” according to James Anderson, Group Head of Mobile and Emerging Payments at MasterCard. EMV secures Apple Pay by creating a unique string of numbers—a cryptogram—during a transaction. Someone trying to intercept a payment would be unable to do so because “they couldn’t generate a cryptogram to complete the transaction.”

Token technology, the other major security feature, creates a unique number that is bound to the iPhone. That is, “if someone hacks into the phone and successfully retrieves your 16-digit token, the hacker won’t be able to use that number to make purchases if they don’t have the phone itself.” So, even if someone were able to hack into an iPhone and retrieve that unique number, he or she would be unable to act on that information without the physical phone in hand.

Potential for flaws in security aside, Apple Pay is ultimately the most secure form of payment on the market. The benefit it brings in terms of security—especially when compared to traditional modes of payment or even existing mobile payment options – far outweigh the downsides. And, when paired with a secure point of sale system, Apple Pay will help ensure that credit card breaches are a thing of the past.

Methods of Crime changes with Technology, EuroPol warns cyber murders in 2014

3245_report
As technology is advancing, we are getting new products like Smartphones, smart computers, smart TVs GPS devices, and more that makes our lives easy. But, it is not only us who are getting these new-tech (or high-tech) products to be used, cyber-criminals who can exploit loopholes in these products also use these products/technology for crime also are getting access to these products.
Europol has shared a document with the public which on Internet Organised Crime Threat Assessment (iOCTA) outline the future of cyber-crime and criminals using cyber prowess to commit crimes.
Europol is a Council of Ministers for Justice and Home Affairs, which is s responsible for the main control and guidance of Europol. It is European Union’s criminal intelligence law enforcement agency.
According to the report “Criminals are freely able to procure such services, such as the rental of botnets, denial-of-service attacks, malware development, data theft and password cracking, to commit crimes themselves.”
The report emphasizes on the need for a different approach to tackle cybercrime since new technology that is meant to protect citizen is also being utilized by criminals. The anonymisation techniques used in parts of the Internet, known as Darknets allow citizen to use them to protect privacy. But these “are also of primary interest to criminals that abuse such anonymity on a massive scale for illicit online trade in drugs, weapons, stolen goods, forged IDs and child sexual exploitation.”
That’s not all, the report further says “Best practices on how to rape, kidnap, murder and dispose of children’s bodies are also shared openly on Darknet forums” which could be a concern.
This report refers to the Internet Identity (IID) report from last year which says in year 2013 the predictions for 2014 (by the end of year 2014) “we will witness the first ever public case of murder via hacked Internet-connected device.”
The Independent revisited the prediction this year and said “the concept is behind the likely development of smart homes, cars and even cities, but police warned that the failure to protect devices properly could see them open to being hacked by outsiders to make money or to attack opponents.”
In its report on predictions for the 2015 the security “the once optimistic concept of the “Internet of Things,” where virtually everything electronic is conveniently connected to the Internet, will reveal its dark side. Malicious hackers will have the power to provoke chaos inside your home, burning your house down by hacking your oven to flood your house with gas and ignite it, or remotely turning off your security system to allow burglars inside.”

Microsoft admits reading Hotmail inbox of blogger

_73718193_169844076Microsoft is caught up in a privacy storm after it admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation.

On Thursday, the firm acknowledged it read the anonymous blogger’s emails in order to identify an employee it suspected of leaking information.

Microsoft owns Hotmail, a free email service now called Outlook.com.

John Frank, deputy general counsel for Microsoft, said it took “extraordinary actions in this case”.

While the search was technically legal, he added Microsoft would consult outside counsel in the future.

Microsoft’s actions came to light this week as part of a legal case by US prosecutors against an ex-Microsoft employee, Alex Kibalko, who was a Russian native based in the company’s Lebanon office.

In 2012, Microsoft had been alerted to the fact that the blogger, whose identity was kept anonymous in the court papers, had been given some stolen lines of code from the not-yet-released Windows 8 operating system.

The blogger then posted screenshots of the unreleased Windows operating system to his blog.

To figure out the source of the leak, Microsoft began an investigation and, as part of that search, looked into the blogger’s accounts to find out the name of the employee.

The search was legal because it fell within Microsoft’s terms of service which state that the company can access information in accounts that are stored on its “Communication Services”, which includes email, chat areas, forums, and other communication facilities.

The terms of service add: “Microsoft reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion.”

Nonetheless, revelations of the search have led to renewed focus on the privacy violations of technology firms.

It has also left Microsoft in a difficult position, as the firm has often criticised rival Google for its automatic scanning of users’ emails in order to serve them with advertising.

Romanian Hackers Allegedly Used The Shellshock Bug To Hack Yahoo’s Servers

Romanian Hackers Allegedly Used The Shellshock Bug To Hack Yahoo’s Servers



Security researcher Jonathan Hall says he has found evidence that Romanian hackers used the Shellshock bug to gain access to Yahoo servers, according to a post on his website Future South. The Shellshock bug can be used by hackers to

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Hackers Gain Control With Software Bug

Hackers Gain Control With Software Bug



A new fatal security threat, larger than the open SSL security loophole Heartbleed, has been discovered, according to the Viet Nam Information Security Association (VNISA). The association said that the flaw lies in the way many devices communicate over the […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Hundreds of hackers taking part in MU hackathon

Hundreds of hackers taking part in MU hackathon



Hundreds of college students deprived themselves of sleep for 48 hours over the weekend in a computer hacking marathon at the University of Missouri that has tripled in size since its inaugural weekend last year. HackMizzou, which ran through Sunday, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

eBay Files Motion in Data Breach Case

eBay Files Motion in Data Breach Case



Online auction company eBay has filed a motion to dismiss a class action lawsuit against it for an alleged data breach, claiming the plaintiff failed to state a claim. “Plaintiff brings this putative class action seeking to capitalize on a […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Page 2 of 2,285«12345»102030...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!