Analysis: Facebook Breach's Impact

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections

UK Cyberattack Investigations: An Analysis

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web

ISO 27001: Gap analysis vs. risk assessment

IT Governance

What is a gap analysis? An ISO 27001 gap analysis gives organisations an overview of what they need to do to meet the Standard’s requirements. Download now >> The post ISO 27001: Gap analysis vs. risk assessment appeared first on IT Governance Blog.

Analysis: Russian Misinformation Campaign

Data Breach Today

The latest edition of the ISMG Security Report offers an update on how Russian bots and trolls are spreading misinformation on vaccines via social media - and the public health impact of the campaign. Plus: Tips on disaster recovery, internet of things security

Analysis: Health Data Breach Tally Trends

Data Breach Today

Here's an analysis of the latest statistics and the reasons behind the trends

White House National Cyber Strategy: An Analysis

Data Breach Today

Security Experts Examine Administration's Document and Rhetoric A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S.

Malware Analysis for Blue Teams

Data Breach Today

At a time when security professionals are faced not only with a barrage of threats, but with a myriad of threat intelligence data sources, it can be challenging to know when to stop an investigation. Join DomainTools Senior Security Engineer Tarik Saleh to learn essential methodologies from a blue team perspective

Analysis: Verizon's Breach Report 2018

Data Breach Today

Verizon's latest Data Breach Investigations Report shows that half of data breaches in 2017 worldwide were orchestrated by organized cybercriminal groups, says Verizon's Ashish Thapar, who offers an in-depth analysis of the findings

Using Machine Data Analysis to Detect Fraud

Data Breach Today

Jade Catalano of Splunk Discusses Early Detection Methods Connecting the dots between disparate forms of machine data can prove to be valuable in discovering fraud patterns, says Jade Catalano of Splunk, who explains how

Risk Analysis Requirement Survives 'Meaningful Use' Revamp

Data Breach Today

But current program requirements for conducting a security risk analysis would stick CMS Proposes Major Overhaul of EHR Incentive Program, Emphasizing Interoperability Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program.

Medicaid Data Breach Trends: An Analysis

Data Breach Today

One Big Hacker Incident Responsible for Most Victims Impacted in 2016 Medicaid agencies and their contractors reported more than 1,200 data breaches in 2016, but just one hacking incident accounted for more than 70 percent of all victims, according to a new report. What else does the report reveal

Analysis: Did Anthem's Security 'Certification' Have Value?

Data Breach Today

Insurer Was Certified as HITRUST CSF Compliant Before Its Mega-Breach Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework

Analysis: Data Breach Litigation Trends

Data Breach Today

Lawsuits filed in the wake of data breaches are evolving, says attorney John Yanchunis, who represents plaintiffs in many of these class action cases

Analysis: FDA's Reworked Premarket Medical Device Guidance

Data Breach Today

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details

The importance of knowing ‘where’ in digital forensic analysis

OpenText Information Management

This issue is often exacerbated by a … The post The importance of knowing ‘where’ in digital forensic analysis appeared first on OpenText Blogs. Professional Services Digital Forensic Analysis EnCase EnCase Training OpenText EnCase OpenText Security Security Solutions

Analysis: Updates to STIX, TAXII Standards

Data Breach Today

Allan Thomson of LookingGlass Describes Enhancements The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards

Analysis: California's Groundbreaking Privacy Law

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach

Analysis: Opioid Legislation Stripped of Privacy Provision

Data Breach Today

Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision, says Geisinger Health CIO John Kravitz, who analyzes the implications

The Legal Case for a Coherent Risk Analysis Program

Data Breach Today

Attorney Shawn Tuma on Improving Cybersecurity and Regulatory Compliance A coherent risk analysis program tailored to the organization is a vital component of any effort to improve cybersecurity and meet regulatory requirements, says attorney Shawn Tuma

5 key benefits of an ISO 27001 gap analysis

IT Governance

One way to simplify the process is to conduct an ISO 27001 gap analysis , a process in which your current state of compliance is measured against the Standard. Below we have outlined exactly how an ISO 27001 gap analysis can benefit your organisation.

Analysis: NY Attorney General's Anti-Breach Actions

Data Breach Today

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case

Analysis: Security Elements of 'Trusted Exchange Framework'

Data Breach Today

Some Proposals More Specific Than What's Required Under HIPAA Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements.

What exactly is an ISO 27001 gap analysis, anyway?

IT Governance

One solution is to conduct an ISO 27001 gap analysis – a process many organisations consider an important starting point when putting a prioritised plan in place. But what is an ISO 27001 gap analysis, and what does it entail? The breadth of applicability of? ISO 27001 ?can

Analysis: Distraction Tactics Used in Banco de Chile Hack

Data Breach Today

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe

Analysis: Swiping Cryptocurrencies Through a Back Door

Data Breach Today

Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning

Analysis: VPN Fail Reveals 'Guccifer 2.0' is 'Fancy Bear'

Data Breach Today

Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee, among other targets, says cybersecurity expert Alan Woodward

Recalling 9 Years of Cybersecurity News and Analysis

Data Breach Today

This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism

What’s the difference between a risk assessment and a business impact analysis?

IT Governance

Whether you’re creating a disaster recovery or business continuity plan, you must conduct a risk assessment and a BIA (business impact analysis). Business impact analysis. The post What’s the difference between a risk assessment and a business impact analysis?

Analysis: 'Orangeworm' Attacks Appear to Involve Espionage

Data Breach Today

Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm

Traffic Analysis of the LTE Mobile Standard

Schneier on Security

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

Assessing the Human Element in Cyber Risk Analysis

Threatpost

Breach Hacks InfoSec Insider Vulnerabilities breach email Factor Analysis of Information Risk FAIR Phishing Verizon Data Breach Investigations ReportThe human factor doesn't have to be an intangible when assessing cyber risks within a company.

2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 110

Q4 2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 104

The Better Way: Threat Analysis & IIoT Security

Dark Reading

Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities

How to conduct an ISO 22301-compliant business impact analysis

IT Governance

If your organisation has adopted, or plans to adopt, ISO 22301 , you will need to conduct a business impact analysis (BIA). However, there are universal factors that organisations should base their analysis around.

Detecting Drone Surveillance with Traffic Analysis

Schneier on Security

This is clever : Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance.

Hybrid Analysis Grows Up – Acquired by CrowdStrike

Lenny Zeltser

CrowdStrike acquired Payload Security , the company behind the automated malware analysis sandbox technology Hybrid Analysis , in November 2017. The success of Hybrid Analysis was, to a large extent, due to the engagement from the community.

MY TAKE: Can ‘Network Traffic Analysis’ cure the security ills of digital transformation?

The Last Watchdog

This requires full stream reassembly for content analysis, and then real time transaction analysis, all at speeds of millions of transactions per second.”. By really understanding these relationships, and what represents privileged access and what represents control, we’re able to do much more sophisticated analysis.”.

Hunting down Gooligan — retrospective analysis

Elie

This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise. This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware.

Untangle NG Firewall: UTM Overview and Analysis

eSecurity Planet

We review Untangle NG Firewall UTM solutions, which get high marks from small businesses for blocking advanced threats

How situational analysis helps your school become #BreachReady

IT Governance

In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care. Situational analysis – understand what’s happening now.

Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm

Dark Reading

"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.

SonicWall NSA 2650: UTM Overview and Analysis

eSecurity Planet

We review the SonicWall NSA 2650 UTM solution, which uses automation to help small IT teams detect and stop attacks