10 Benefits of Running Cybersecurity Exercises

Dark Reading

There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

President Biden’s Peloton exercise equipment under scrutiny

Security Affairs

President Joe Biden can’t bring his Peloton exercise equipment to the White House due to security reasons. Peloton exercise equipment’s popularity surged during the pandemic, it allows users to do gymnastic exercise from home, interacting with each other within an online community.

IoT 100

Exercising Social Distancing With Online Doctor Appointments

Record Nations

The post Exercising Social Distancing With Online Doctor Appointments appeared first on Record Nations.

67

Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise

Security Affairs

The international live-fire cyber defence exercise Locked Shields 2019 (LS19) took place on April 8-12 in Tallinn, Estonia, and the figures behind this important competition are important. “This year the exercise evolved around 4000 virtualised systems that had to take more than 2500 attacks. ” said Lauri Luht, Head of Cyber Exercises at NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).

DNC Incident Was a Phishing Exercise

Dark Reading

False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack

This Is Not a Drill: Designing Tabletop Exercises to Test Your Preservation Strategies

Hanzo Learning Center

If you—or your child—have ever been in a live performance, you know that it hardly matters how much time and effort the cast and crew have put in: the moment that curtain goes up, everything changes.

IT 52

Bank of England cyber resilience exercise

Data Protection Report

BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise. Exercise overview. The exercise explored the sector’s resilience to a major cyber incident impacting the UK. The exercise demonstrated the sector’s ability to respond to a dynamic and challenging disruption simulation. Communication practices – the exercise recognised the importance of effective communications in maintaining customer and market confidence in the system.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. The Department of Energy wants to test the resilience of an electrical grid to a cyber attack, so it’s going to launch the first hands-on exercise to test the ability of the operators of such infrastructure in recovering from a blackout caused by a cyber attack.

HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Data Matters

First, as covered in an earlier posting , HHS took action to waive penalties and assure companies that it would exercise enforcement discretion with respect to the Privacy Rule’s application to telehealth services and certain limited communication activities related to COVID-19 treatment efforts. The post HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts appeared first on Data Matters Privacy Blog.

In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue. It’s election day in Nolandia, an imaginary, mid-sized U.S. city in a key “swing” state, and things are not going as planned – at least for government. Read the whole entry. »

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. NATO has announced that it has launched “the largest and most advanced international live-fire cyber defence exercise” this week to “practise protection of national IT systems and critical infrastructure under the intense pressure of a severe cyber attack”. According to CCDCOE, the exercise is running from 23 to 27 April.

To the Victor Go the Spoliation Sanctions: Eastern District of Louisiana Exercises Inherent Power to Issue Sanctions for Spoliation via JD Supra

IG Guru

” The post To the Victor Go the Spoliation Sanctions: Eastern District of Louisiana Exercises Inherent Power to Issue Sanctions for Spoliation via JD Supra appeared first on IG GURU.

IT 56

Real Pen Work and Exercises for Flourishing

Archives Blogs

There are handwriting exercises as well as exercises for flourishing, the latter of which sounds suspiciously like something one would find on a clean eating and wellness blog. We recently acquired a lovely volume entitled Real Pen Work: Self Instructor in Penmanship, published in 1884 by Knowles & Maxim. This book includes step-by-step instructions on everything from how to sit properly at your writing desk to the proper degree to which to slant letters.

IT 20

Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise

Hunton Privacy

On March 21, 2017, Hunton & Williams is pleased to host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. Drawing from deep experience in their respective fields, the panel members will discuss the implications of the EU General Data Protection Regulation’s breach notification obligations in the context of a state-of-the-art cyber attack simulation.

How a Phishing Awareness Test Went Very Wrong

Data Breach Today

But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships Tribune Publishing Co. Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises.

7 Must-Haves for a Rockin' Red Team

Dark Reading

Follow these tips for running red-team exercises that will deliver added insight into your operations

87

Teleworking by Healthcare Employees: Security Challenges

Data Breach Today

With increasing demands on healthcare organizations to quickly accommodate a surge of teleworking employees as a result of the COVID-19 pandemic, IT and information security departments need to exercise security vigilance, says former healthcare CIO Drex DeFord

Fight Phishing with Intention

Dark Reading

Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them

Strava Fitness App Shares Secret Army Base Locations

Dark Reading

The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty

62

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

Data Matters

First, effective March 15, 2020, Health and Human Services Secretary Azar exercised his statutory authority to issue a waiver of penalties and sanctions that would otherwise apply to certain hospitals for violations of specified provisions of the HIPAA Privacy Rule. This week the Department of Health and Human Services (HHS) took action to relax certain federal health information privacy restrictions under HIPAA in response to COVID-19.

68% of Companies Say Red Teaming Beats Blue Teaming

Dark Reading

The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows

85

Introducing 'Secure Access Service Edge'

Dark Reading

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

Apple White Hat Hack Shows Value of Pen Testers

eSecurity Planet

An eye-opening exercise at Apple showed the value of human security testers in addition to tools - and the value of bug bounty programs too

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

Fact Checking: Sizing Up Facebook's Efforts

Data Breach Today

Is the social media giant merely conducting a public relations exercise A Former Fact Checker Shares Her Experience Facebook's effort to stem the flow of fake news globally has been ineffective, allege some fact checkers who have collaborated with the social media giant to identify and debunk false stories.

145
145

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

I think, therefore I modernize: introducing Enterprise Suite 6.0

Micro Focus

I need to change – IT needs to change Rapid and large-scale IT change is a very costly exercise. Worse still, it is fraught with risk, the IT world beset with uncomfortable stories of failed transformational programs. CIOs can ill-afford such risk.

Risk 107

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way

ChiefTech

Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

Nation-State Attacks: Why Healthcare Must Prepare

Data Breach Today

and Iran continue to rise, healthcare organizations need to exercise extra vigilance in shoring up their security to defend against potential Iranian cyberattacks on critical infrastructure sectors, says Errol Weiss of the Health Information Sharing and Analysis Center As tensions between the U.S.

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

SynerComm Reboots a Security Staple with 'Continuous' Pen Testing

Dark Reading

In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd.

Three ways the California Consumer Privacy Act (CCPA) can help bolster your customer satisfaction

IBM Big Data Hub

This exploitation is a result of the theft or breach of data, as well as the limited controls and rights that people associated with this data can exercise.

IT 68

Can Training Work Remotely?

Adam Shostack

I see two sets of advantages: the exercises and time budgets. On the exercises, people can spend the time they need. This can also be a curse, and so our exercises have a time range per exercise so people can see when to ask for help.) Also, doing the exercises in small groups does have its advantages, and a key disadvantage: the weaker students can just nod along, rather than struggling through the exercises.

IT 40

New Research: "Privacy Threats in Intimate Relationships"

Schneier on Security

Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships.".

Digital transformation threats and opportunities in travel and transportation

DXC

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. They consider their job done when passengers are delivered safely to their appointed destination for their segment. A railway, for example, may only care that it has moved passengers safely from station A to station B. It ignores the […].

CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop

Hunton Privacy

Key considerations of the CJEU judgement include: The GDPR permits a national supervisory authority that is not the lead SA for the relevant data processing activity to adopt a finding if that power is exercised under the GDPR’s cooperation and consistency procedures.

GDPR 67

Containers Complicate Compliance (And What To Do About It)

The Security Ledger

Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose. If you work within the security industry, compliance is seen almost as a dirty word.

Beginning Fuzz Cycle Automation: Improving Testing and Fuzz Development with Coverage Analysis

ForAllSecure

This time we’ll take a look at how to write better tests in the form of harness programs (also known as fuzz drivers, programs written to exercise specific parts of the code) that we will use for fuzz testing In my previous post , we covered using bncov to do open-ended coverage analysis tasks to inform our testing.

62