Measure your Readiness – Security Monitoring Program

targeted malware.  WITCHCOVEN is part of a large-scale effort by cyber criminals that uses web analytics and open source tools for reconnaissance. The effort has been highly successful, with vast amounts of information collected on web traffic and Internet visitors from around the world.     —Insider’s Guide to Incident Response handy guide provides expert, practical tips on how to build an incident response plan and team, and what tools and training you can use to arm those team members. Learn insider secrets like: Arming & Aiming Your Incident Response Team Incident Response Process & Procedures The Art of Triage: Types of Security Incidents     —Is Your Data Governance Program Heading Down the Wrong Path? Good data governance is as much about doing things the right way as not doing things the wrong way. Although enterprise data governance efforts have been launched at many companies, the success rate of these initiatives isn’t encouraging. There’s a lot of advice available on datagovernance best practices that should be adopted; this expert guide lists the top “worst practices” that your company needs to avoid. You’ll view both sides of the issue: How data governance done right will add value to your business – and how data governance done wrong will create more work for your company, without any of the benefits.     —Who’s Really In Charge If a Massive Cyberattack Strikes US?     —FFIEC Updates Cybersecurity Expectations for Boards     —IoT begs for Privacy | 21st Century Privacy     —Clarifying the fog of cyber security complexity – the “sweet 16” capabilities / portfolios. Functionally decompose what “cyber” is into manageable portfolios!         2  ++++++     —Security researcher warns “future is extortion” as cyber-criminals target SMEs Sitting in the F-Secure Labs in Helsinki, Sean Sullivan, security researcher at F-Secure warned that the “future is extortion”. Referring to a significant rise in ransomware attacks by organised crime gangs, he warned thatransomware operations have become ‘slick’, so much so their customer support could be viewed as ‘enterprise’ grade.     —Study: Serious Web Security Flaws Rampant on Embedded Devices The web interface is a bit like the “bacon” of the Internet of Things – every device tastes (and works) a lot better with one. But, if implemented or deployed improperly, those web interfaces can be fat targets for remote attackers. Now a survey of firmware by researchers in France and Germany finds that many of those web interfaces are, indeed, vulnerable.     —Report: Botnets Help Bump Cyberattack Attempts by 20 Percent ThreatMetrix last week reported that it had detected and prevented more than 90 million attempted cyberattacks in real time across industries from July to September. The attempted attacks covered fraudulent online payments, logins and new account registrations, and represented a 20 percent increase over the previous quarter, according to ThreatMetrix Cybercrime Report: Q3 2015.    —Decryption Tool Foils Linux Server Ransomware Attacks Bitdefender on Monday released a free decryption tool designed to wrest data from the grip of a rare type of ransomware that’s been plaguing Linux servers. Details for performing the decryption are available on the company’s website. Essentially, the solution takes advantage of a flaw in the ransomware, which Bitdefender discovered through reverse-engineering.     —U.S. and U.K. Test Response to Major Financial Cyberattack Britain and the United States carried out a planned drill with leading global firms on Thursday to see how they would respond to a cyber incident in the financial sector. The test focused on how the world’s two biggest financial centers, New York and London, would cope with a cyberattack in terms of sharing information, communicating with the public and handling an incident.     —The Lingering Mess from Default Insecurity The Internet of Things is fast turning into the Internet-of-Things-We-Can’t-Afford. Almostdaily now we are hearing about virtual shakedowns wherein attackers demand payment in Bitcoin virtual currency from a bank, e-retailer or online service. Those who don’t pay the ransom see their sites knocked offline in coordinated cyberattacks. This story examines one contributor to the problem, and asks whether we should demand better security from ISPs, software and hardware makers.     —Gmail to Warn When Messages Take Unencrypted Routes Google plans to ramp up security at its free email service by letting users know when messages arrive via unencrypted connections that could be prone to snooping or tampering.     —The Secret Pentagon Push for Lethal Cyber Weapons – Defense One With nearly $500 million allotted, military contractors are competing for funds to develop the next big thing: computer code capable of killing.     —Federal Legislation Targets “Swatting” Hoaxes A bill introduced in the U.S. House of Representatives on Wednesday targets “swatting,” an increasingly commonand costly hoax in which perpetrators spoof a communication to authorities about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force.     —Heat map identifies need for cybersecurity professionals The US National Institute of Standards and Technology (NIST) is creating “a heat map visualization tool that will show where cybersecurity jobs are open across the country”, enabling employers and job seekers to harmonize.     —IT professionals reveal top challenges in web security A new report from CYREN describes the challenges to web security that IT professionals face..     —DISA director: ‘We expect a cyberattack as a prelude to war’     —CES Announces the Most Innovative Tech Products for 2016     —Why The Java Deserialization Bug Is A Big Deal Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.     —GCHQ chief (UK) claims that