Risk Assessment and Risk Management

,

DBIR 2017 – Major Findings of Verizon Data Breach Investigations Report

Credits Pixabay

Verizon is publishing Data Breach Investigations Report (DBIR) for over 10 years. The latest release is DBIR 2017 which was published on April 27th. This year’s report contains 1935 confirmed data breaches and more than 42000 security incidents. Like always, DBIR 2017 provides great insights about how data breaches are happening, who is behind attacks, and what their motives are. Read more

,

Social Engineering Awareness Training Part 3: Reinforcement and Incentivization

Reinforcement and Incentivization

At this point in the awareness life cycle, the culture has been set. Training has been designed and conducted. At this point, we are trying to reinforce the training and provide incentives for those who thwart attacks or report “interesting” attempts or by volume. Read more

,

Social Engineering Awareness Program: PART 1

Building the Culture to Support a Social Engineering Awareness Program

Today, companies are investing more than ever before on protecting their IT infrastructure. As a response, hackers and, in turn, penetration testers are using a different vector to gain access to enterprises: the human element. Humans can be exploited using a variety of methods collectively known as social engineering. This broad category includes phishing, spear phishing, whaling, vishing, smishing, pretexting, dumpster diving, and tail gating. Read more

, ,

Disruptive Technologies Every CISO Should Know

Image Credit - Pexels

Image Credit – Pexels

Information Security is a rapidly changing field as advancements due to disruptive technologies, like SDN, IoT, NFV and others, have direct impact on security management programs. Information Security professionals, in general, are perceived to be slow in  adapting to new technologies and are many times considered a road block. This perception must change and this post is an effort in this regard. Read more