[ISN] Top IT Security Certifications 2014

http://www.careersandeducation.com/top-security-certifications-2014 By S. Sotans CareersandEducation.com April 29, 2014 Best IT Security Certifications 2014: the 10 top paying The global threat to core IT infrastructure by hackers has created the conditions for security certification skills. When enterprise systems networks are violated by way of internet service providers (ISP) or unauthorized access to designated user login credentials, operations may result in failure. For professionals working in the IT administration and engineering fields, the risk of violations to core infrastructure and data has opened the door for new opportunities in IT security certification. The best information technology security certifications available to IT professionals in 2014, are also top paying roles in the field of enterprise systems management. Entry level training for a Security+ certification is the first level of training for IT security qualification. Security+ and SSCP are preface CISSP, CISA, and CASP certification. The U.S. National Security Agency (NSA) and Committee on National Security Systems (CNSS) both recognize Cisco Company security training courses meeting certification standards in different areas of IT security. Increase IT enterprise systems efficiency with security certification. Professionals can train with Cisco or other accredited source for meeting certification requirements. Earning potential for most tech security certification is over $100,000 per year. If you are a CIO, information systems engineer, or entry level IT administration professional, the potential offered in certification has never been better. By training in an IT security certification program, technical professionals receive the education and specialized skills they require to design, maintain, analyze, and govern core IT enterprise systems infrastructure. For IT network administrators, security is an essential element of continuing education. Certification in information technology security measures ensures that IT operations are controlled with the appropriate measures to ward against hacking or other systems attack. Here are the top paying IT security certifications for 2014: 1. CISSP Security Professional Certification




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Where’s the Next Heartbleed Bug Lurking?

http://www.technologyreview.com/news/527016/wheres-the-next-heartbleed-bug-lurking/ By Robert Lemos MIT Technology Review April 29, 2014 After causing widespread panic and changing of passwords, the Heartbleed bug has largely disappeared from the news. Yet the implications of the discovery are still being debated across the computer industry. The biggest concern for security experts is how to preëmpt other flaws lurking in the Internet’s foundations. The Heartbleed bug was discovered earlier this month in a piece of software called OpenSSL that is widely used to establish a secure connection between Web browsers and servers by managing the cryptographic keys involved. OpenSSL is an “open source” project, meaning that the underlying code is published along with the software. Also, like many other open-source efforts, it is maintained by a small group of volunteer programmers (see “The Underfunded Project Keeping the Web Secure”). The problem is being recognized by big software companies that rely on efforts like OpenSSL. Last week, the Linux Foundation, which provides support for the popular Linux operating system, launched an effort called the Core Infrastructure Initiative to support small open-source projects. Companies including Google, Amazon, Facebook, IBM, Intel, Cisco, and Dell have so far committed more than $3 million to the effort. A steering committee will try to identify the open-source projects that most need financial support. “The problem with open source is that you have the ‘free rider’ problem,” says Chris Wysopal, a well-known computer security expert and chief technology officer and cofounder of Veracode, an application-security assessment firm. “People and companies who are using it, and getting huge value out of it, are not giving a lot of money to keep it going.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Obama Policy on Zero Days Craps Out

http://www.forbes.com/sites/jennifergranick/2014/04/29/obama-policy-on-zero-days-crap/ By Jennifer Granick Forbes.com 4/29/2014 Yesterday afternoon, the White House put out a statement describing its vulnerability disclosure policies: the contentious issue of whether and when government agencies should disclose their knowledge of computer vulnerabilities. The statement falls far short of a commitment to network security for all and fails to provide the reassurance the global public needs in the midst of the NSA’s security scandal. It basically says the White House plays a well-intentioned guessing game with our online safety. The National Security Agency (NSA) is a single agency with a dual mission—protecting the security of U.S. communications while also eavesdropping on our enemies. In furtherance of its surveillance goals, we recently learned about some of NSA’s top secret efforts to hack the Internet. For example, the NSA runs a network of Internet routers that it surveils all traffic going through. It hijacks (or did until recently) Facebook sessions to install malware. It has its own botnets, or networks of compromised computers, that it controls, and it has taken over botnets created by other criminals. It uses these capabilities to steal information, to deny access to websites and other internet services, and to modify digital information, whether in transit or stored on servers. Given these revelations, the public might reasonably believe the NSA’s deck is stacked against securing people from the very same online vulnerabilities the agency could exploit. For example, some skeptics–not I, however–disbelieve government disavowals of advance knowledge of Heartbleed, one of the worst security holes ever found. To assuage this concern, on April 12th, President Obama announced the government will reveal major flaws in software to assure that they will be fixed, rather than keep quiet so that the vulnerabilities can be used in espionage or cyberattacks, with one huge exception—if there’s “a clear national security or law enforcement need”. Yesterday’s statement by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, tries to reassure the public that this Administration knows how to make that judgment call. There are “established principles” and an “established process” for making what are essentially guesses—bets—on network insecurities, based on a series of facially sensible, but practically almost unanswerable, questions. Officials have to assess the risk from vulnerabilities. They have to guess how hard it is for other people to find the same flaw. They have to gamble on whether officials will figure out when the bad guys gain the same attack capabilities. They have to hypothesize whether, when they do, the attackers will use their knowledge to devastating effect. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber spying bug, attack plans found in Lithuania — report

http://www.lithuaniatribune.com/67422/cyber-spying-bug-attack-plans-found-in-lithuania-report-201467422/ By Editor The Lithuania Tribune April 29, 2014 Lithuania’s military intelligence said on Tuesday it last year found spying software in computers used to process information related with Lithuania’s domestic and foreign policy, as well as energy. In a report, the Defence Ministry’s Second Investigation Department also said it had evidence about large-scale cyber attacks plotted in Lithuania. “Cyber incidents were reported in the cyber space in the first half of 2013, and they had to do with the spread of spying software,” reads the document. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘War-like’ cybercrime threatens European growth

http://www.cnbc.com/id/101623392 By Arjun Kharpal @ArjunKharpal CNBC.com 04/28/2014 State-backed hackers are aiming to create “war-like activities” that could harm economic growth in Europe, the region’s cybercrime chief warned on Tuesday. The stark warning from Troels Oerting, head of the European Cybercrime Center and assistant director at law enforcement agency Europol, comes as governments and law enforcement agencies across Europe are already struggling to contain the threat of cybercrime. “What we are looking at is state-sponsored activity and it is no secret that we have state-sponsored activities…aimed at starting warlike activity,” Oerting said at a speech at the Infosecurity Europe conference in London Tuesday. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Even Homeland Security Says Not to Use Internet Explorer

http://mashable.com/2014/04/28/homeland-security-internet-explorer/ By Christina Warren mashable.com 4/28/2014 How scary is the latest Internet Explorer security vulnerability? Even the U.S. government says not to use IE until the browser is fixed. The flaw, which affects Internet Explorer versions 6 and up, allows bad guys to gain complete access to a PC via a malicious website. Dubbed “Operation Clandestine Fox” by the security by the security firm FireEye, the threat is real. And dangerous. The U.S. Department of Homeland Security doesn’t issue security alerts for computer software very often, but this time, it made an exception. Many agencies within the U.S. government use versions of IE. Homeland Security recommends that users or administrators “enable Microsoft EMET where possible” and to “consider employing an alternative web browser until an official update is available.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Exclusive: Meet the Secret Fed Cybersecurity Unit Keeping Trillions of Dollars Safe From Hackers

http://www.foreignpolicy.com/articles/2014/04/28/exclusive_meet_the_secret_fed_cyber_security_unit_keeping_trillions_of_dollars_s By Shane Harris Foreign Policy April 28, 2014 If the U.S. central banking system is ever hit with a crippling cyber attack, a group of roughly 100 government employees working in a three-story fortress-like building next door to a Buick dealership in East Rutherford, N.J., will be among the first to know about it. That’s where, almost entirely out of sight, a team from the Federal Reserve System’s crack cyber security unit is constantly on watch for malicious hackers, criminals, and spies trying to breach the computer networks of the Fed, its regional banks, and some of the most critical financial infrastructure in America. The National Incident Response Team, or NIRT, as the group is called (pronounced “nert”) tries to prevent intruders from breaking into Fed computer networks and money transfer systems used by thousands of banks across the U.S every day. Among the team’s most important protectees is the Fedwire Funds Service, a real-time settlement system that banks use to transfer money between accounts. In 2013, Fedwire handled on average $2.8 trillion in transfers every day. For several years now, current and former U.S. officials, as well as bank executives, have warned that cyber attackers could sow mass panic by disrupting critical financial networks such as the ones NIRT protects, causing the systems to crash or manipulating information so that customers didn’t know how much money was in their accounts and financial institutions couldn’t square their ledgers. The nightmare scenario for NIRT members is a malicious hacker gaining access to Fedwire or to sensitive computers used by the Treasury Department, such as the International Treasury System, which the federal government uses to make payments directly to foreign individuals and companies around the world and is also monitored by the NIRT. The cyber security team is the first line of defense for the central banking system. “If there’s a breach of Fedwire or another critical system, they’re going to wake the [Federal Reserve] chairman up out of bed,” said one former NIRT member. “That’s a shit-your-pants type of emergency. Anything that compromises the faith and trust in the [government-backed] money system. And that’s all bound to the Fed and Treasury systems.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber Security: Why Nigeria Needs Computer Emergency Response Team

http://leadership.ng/news/368843/cyber-security-nigeria-needs-computer-emergency-response-team By Nkechi Isaac Leadership April 29, 2014 Cybercrime is one of the fastest growing areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that modern technologies offer in order to commit a diverse range of criminal activities. These include attacks against computer data and systems, identity theft, the distribution of child sexual abuse images, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, Botnets, and various email scams such as phishing. The global nature of the Internet has allowed criminals to commit almost any illegal activity anywhere in the world, making it essential for all countries to adapt their domestic offline controls to cover crimes carried out in cyberspace. The use of the Internet by terrorists, particularly for recruitment and the incitement of radicalization, poses a serious threat to national and international security. In addition, the threat of terrorism forces authorities to address security vulnerabilities related to information technology infrastructure such as power plants, electrical grids, information systems and the computer systems of government and major companies. Speaking at the handover and launching of the Computer Emergency Readiness and Response Team (CERTT.ng) Ecosystem by Consultancy Support Services (CS2) to the National Information Technology Development Agency (NITDA), the former acting director-general of the agency, Dr. Ashiru Daura, said the project marked a turning point in the fight against cyber crime in Nigeria. Daura said, “CERTT.ng is concerned with cyber crime which is crime committed on the cyber space, the internet. A lot of these crimes, which are of different kinds, happen every minute and every second, now even though we try as much as possible to provide protection for our systems, our networks some of these criminals penetrate or attack. So, there is need for us to do at least two things and these are to repel the attack and recover the systems, to make sure that we can come back to our original status as fast as we can and then also learn few lessons from the attack. That’s the purpose for this team which is to provide response to any threat or attack in the cyber space.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail