10 Top Paying IT Certifications In 2017

10 Top Paying IT Certifications In 2017

10 Top Paying IT Certifications, CRISC, CISM, CISSP, PMP, CISA, ITIL

According with Forbes, the highest-paying certifications this year are from latest research on the salary levels and market conditions for IT certifications.  But what’s the next up-and-coming certification? Here are the 10 Top Paying IT Certifications:

  1. Certified in Risk and Information Systems Control (CRISC)
  2. Certified Information Security Manager (CISM)
  3. AWS Certified Solutions Architect – Associate
  4. Certified Information Systems Security Professional (CISSP)
  5. Project Management Professional (PMP®)
  6. Certified Information Systems Auditor (CISA)
  7. Citrix Certified Professional – Virtualization (CCP-V)
  8. ITIL® Foundation
  9. VMware Certified Professional 5 – Data Center Virtualization
  10. Citrix Certified Associate – Networking

How CIOs are shaping the future of work

How CIOs are shaping the future of workCIOs are shaping the future, CXO, CIO, Chief information officer

IT leaders are poised to make radical changes in the workplace, but boardrooms are holding back progress by continuing to place too much emphasis on reducing costs and keeping the lights on.

IT job profile: So you want be a CISO

IT job profile: So you want be a CISOWant be a CISO, CISO, CISSP, CCISO, CISM, CISA, ISO 27001, Information security, Risk Management

Want be a CISO? Chief Information Security Officer (CISO) is a coveted position in many IT organizations. The high demand for qualified CISOs leads to tremendous competition for capable candidates and correspondingly high salaries. But what’s the real deal behind the scenes? Do you have what it takes to serve in a CISO role? If not, what qualifications do you need before you can join the information security big leagues?

Sitting in an organization’s senior-most security chair requires a unique mixture of professional experience and educational background. The CISO position is a career capstone for some and a way station to the CIO chair for others. Either way, arriving at this destination requires careful career planning. Most CISOs don’t get there by accident.

The 5 Biggest Barriers Faced by Women in Tech

The 5 Biggest Barriers Faced by Women in Tech

women in tech, ISACA, leadership and management, workplace issues

Wage inequality compared to male colleagues, workplace gender bias and a shortage of female role models are among the main barriers faced by women working in the technology field, according to a survey by technology association ISACA.

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Include Cybersecurity and Privacy in Product Reviews, cybersecurity, privacy, cybersecurity standards, data security, password

Consumer publication Consumer Reports will soon begin considering cybersecurity and privacy safeguards when scoring products.

The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.

Why the Security of Confidential Documents is a Problem for Enterprises

Why the Security of Confidential Documents is a Problem for Enterprises

Confidential documents, Cybersecurity, security education, Security of Confidential Documents

There is a widespread and growing need to improve security practices surrounding confidential documents in most organizations today, according to a new study by the Business Performance Innovation (BPI) Network.  In a global survey of managers and information workers, 6 out of every 10 respondents said they or someone they know have accidently sent out a document they shouldn’t have.

It’s Time to Change Your Perception of the Cybersecurity Professional

It's Time to Change Your Perception of the Cybersecurity Professional

Cybersecurity professional, cybersecurity careers, security education, security leadership, security talent gap, threat mitigation

To borrow from the Nobel Prize winning songwriter, the (security) times, they are a-changin’. When the commercial Internet was young – say in 1995 – IT structure was relatively simple. It consisted of just three layers: server, network and client. Each had its own security component.

Ah, the good old days. Growing complexity is one of today’s IT’s biggest security challenges. The more complex the system, the greater the attack surface (in general). It is much easier now to hide multi-pronged canattacks in different layers and parts of the IT infrastructure.

NIST CRIED: The Four Steps of Incident Mitigation

NIST CRIED: The Four Steps of Incident Mitigation

cyber security education, cybersecurity response, incident mitigation, NIST cyber security framework, risk mitigation

Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs?  Enter the NIST Framework category titled Mitigation.

Faced with an actual intrusion, companies would do well to focus on executing four immediate incident response steps.  Taken together, their initials form the acronym CRIED:

Cybersecurity Protection Begins with the User

Cybersecurity Protection Begins with the User

cybersecurity Protection, cyber security education, cybersecurity awareness, intellectual property security, workstation security
The internet is a dangerous place, right? Not only is the internet full of hackers trying to steal your corporate information, but they’re also targeting your website and company database to steal credit cards, private health information and other sensitive data to resell on the Dark Web.

This is partially true. But do people really appreciate what the attack surface looks like right now? Internet threats are not just SQL injection attacks or attackers targeting Joomla or WordPress. We tend to hear things about phishing and social engineering, but do people really appreciate the impact these things have on their world?

GDPR – Its here, and its causing a storm inside organizations… but not everything can be solve by technology!

GDPR - Its here, and its causing a storm inside organizations… but not everything can be solve by technology!By António Relvas on 15 February 2017

GDPR, data privacy, data protection, gdpr, general data protection regulation, dpo, data protection officer
It was being prepared for years, and its here, and the date of may 25th 2018 is feels like to be a game-changing in several ways:

– Companies needs (should) to do a full approach in security, this means that from the implementation of an adequate corporate culture to the change of IT systems design and implementation, everything needs to be address. Article 30 of the GDPR sets out the security requirements that businesses are expected to satisfy. It requires that businesses must implement “appropriate” technical and organisational measures to secure personal data, taking account of the risk presented to individuals if the security of that data were to be breached. So even physical security needs to be address in a way to prevent inappropriate access to information.

Measuring the Impact of Cyberattacks: Lost Revenue, Reputation & Customers

Measuring the Impact of Cyberattacks: Lost Revenue, Reputation & Customers

CISOs are feeling the pressure when it comes to cybersecurity management, but new data from Cisco’s annual report may help in getting them the buy-in they need.
impact of cyberattacks, cyber attacks, cybersecurity costs, cybersecurity leadership, data breach costs, data breach response, phishing scams
The Cisco 2017 Annual Cybersecurity Report, released 1/31/17, outlines some of the major trends and risks facing enterprises, compiling data from surveys of approximately 3,000 CISOs.

According to Cisco CISO Steve Martino, enterprises are realizing that losses from data breaches and cybersecurity vulnerabilities have tangible repercussions for the business. As a result of public breaches, 29 percent of security professionals surveyed say their organizations experienced a loss of revenue, and 38 percent of that group said revenue loss was 20 percent or higher. Security professionals also cite rising losses of opportunity and customers after cyberattacks.

The Future Of Privacy And Customer Experience

The Future Of Privacy And Customer Experience

When a grocer offers loyal customers special deals those customers are happy – but when those same customers realize an insurance provider tapped into deeply personal information found in their private online conversations and social media, those customers are furious. Data privacy is a fluid concept according to the Economist. A recent survey from EY shows half of digitally savvy customers were happy to share more data with their bank if they got something back but it depends on context.

Another study from the Annenberg School for Communication at the University of Pennsylvania tells a different story – that most people are strongly opposed to the idea of trading personal data for more personalized experiences. The report, titled The Tradeoff Fallacy: How Marketers Are Misrepresenting American Consumers And Opening Them Up to Exploitation suggests that most people are strongly opposed to the idea of trading personal data for more personalized experiences.

Data Privacy for Small Businesses

Data Privacy for Small Businesses

A recent study by IDC found that consumers are overwhelmingly concerned about their data privacy. Eighty-four percent of the 2,500 U.S. consumers polled by the research group said they were worried about the security of their personally identifiable information (PII). Seventy percent said their concerns have heightened over the past few years.
data privacy, Data Privacy for Small Businesses
As more of their business lives and personal behaviors are being tracked, people are beginning to feel the effects of a hyperconnected world. Seeking greater anonymity, consumers may turn against companies that play fast and loose with their private data.

Data Privacy: Play Privacy As A Team Sport

Play Privacy As A Team Sport

Protecting digital privacy is a job no one can do alone. While there are many steps you can take to protect your own privacy, the real protection comes when we recognize that privacy is a team sport. So just don’t just change your tools and behavior to protect your own privacy—encourage your friends, family, and colleagues to take action, too.
data protection, data privacy

Don’t just install an end-to-end encrypted messaging app like Signal or WhatsApp. Encourage others to join you, too, so that you can all communicate securely. Beyond protecting just your communications, you’re building up a user base that can protect others who use encrypted, secure services and give them the shield of plausible deniability. Use of a small secure messaging app made for activists, for example, may be seen as a signal that someone is engaged in sensitive communications that require end-to-end encryption. But as a service’s user base gets larger and more diverse, it’s less likely that simply downloading and using it will indicate anything about a particular user’s activities.

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Sophisticated cybersecurity defenses are increasingly in high demand as a cybersecurity attack is now viewed as an inevitability. However, a majority of surveyed organizational leaders fear they are ill-equipped to address these threats head-on.
cyber security, Cybersecurity Skills, cybersecurity, security training, security gap

According to a new cybersecurity workforce study by ISACA’s Cybersecurity Nexus (CSX), only 59 percent of surveyed organizations say they receive at least five applications for each cybersecurity opening, and only 13 percent receive 20 or more. In contrast, studies show most corporate job openings result in 60 to 250 applicants. Compounding the problem, ISACA’s State of Cyber Security 2017 found that 37 percent of respondents say fewer than 1 in 4 candidates have the qualifications employers need to keep companies secure.

The 6 Highest-Paying IT Certifications

The 7 Highest-Paying IT Certifications

If you’re thinking of launching a career in information technology (IT) or of getting certified for something you’re already doing in IT, then there are a host of certifications available that you should consider pursuing. Whether you’re interested in networking, security, or systems administration, you’ll be able to find an IT certification that can help launch or enhance your career.

But let’s be honest: You’re after the big bucks. With that in mind, this article lists the top seven highest-paying IT certifications, what each job pays, and what the work entails.

Can You Measure Your Building’s Penetration Risk?

Can You Measure Your Building’s Penetration Risk

How can you measure your risk of unauthorized entry? Until now, it’s been virtually impossible. When it comes to security entrances, new analytics technologies (e.g. PSIM, IoT, etc.) are emerging, and it’s becoming possible to use technology, combined with people, to tap into security entrance metrics as part of an overall physical security strategy.
Risk, risk management, access management, security management

Measuring penetration risk is about prediction, and to accurately predict requires a reliable tailgating prevention strategy, otherwise any PSIM or other available analytical tool will fall short. In this article, we’ll talk about the challenges security professionals face related to penetration risk measurement; later, in a second article, we’ll demonstrate how a tailgating prevention strategy actually works and the metrics that can help predict your risk of penetration.

43% of Organizations Grade Their Cybersecurity “C” or Worse

43% of Organizations Grade Their Cybersecurity “C” or Worse

More than one in four organizations have been breached in the past 12 months, while 23 percent aren’t sure if they have been breached or not.
cyber security, cybersecurity, IT security, security training

When asked to grade their organization’s cybersecurity program, 43 percent of survey respondents gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

That’s according to the 2017 Cybersecurity Report Card by DomainTools, which also found that one-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.

After a terrible year for cybersecurity, will 2017 be any better?

After a terrible year for cybersecurity, will 2017 be any better?By Help NET Security on 9 January 2017
cyber security, cybersecurity

From a cybersecurity perspective, 2016 was a very devastating year for companies, schools, government agencies, organizations and even presidential campaigns. What we’ve learned from a record year for breaches, hacks, phishing, malware, and ransomware is what we’ve known all along: cyber criminals are clever and they are not bound by any rules or real strategy.

We also learned that no company, government agency, or organization is safe if they are in the bullseye of those determined to breach their networks. Hackers really have a single goal: to steal data or financial assets, crippling organizations in the process. Stolen data, such as passwords, social security numbers, personal information and possibly bank account credentials, is generally sold on the black market. This was the case in the first big U.S. hack of 2016.

CSOs and CISO are under pressure

CSOs and CISO are under pressureBy Security Magazine on 7 January 2017
CISO, CSO, cyber security, cybersecurity

Under pressure!  No, not the 1982 hit song by Queen that was used in the 1997 American comedy crime film Grosse Pointe Blank. I am describing the likely 2017 work environment for CSOs and CISO. If CSOs and CISOs thought they were under pressure in 2016, it is about to increase and go beyond the usual. Traditional increases in pressure were due to the growing rate of data breaches and the number, complexity and success rates of cyberattacks. All of those pressures will increase from 2016 to 2017, but wait there’s more!  There will be multiple new reasons for the increase and the impact they will have will be different. The pressure will come from as high as you can go within your organizations as well as being driven by business management. Here are just a few drivers of the increased pressure.

Cybersecurity Tips for the Break Room and Boardroom

Cybersecurity Tips for the Break Room and BoardroomBy Security Magazine on 5 January 2017
c-suite security metrics, cyber security education, cybersecurity awareness, cybersecurity leadership, security training, cybersecurity

Every day we are updated about the latest cybersecurity breaches – whether it’s Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine.

Vermont Electric Company Finds Russian Malware on Computer

Vermont Electric Company Finds Russian Malware on ComputerBy Security Magazine on 2 January 2017
cybersecurity, grid security, malware, utility security
Burlington Electric, which serves 19,600 customers in Vermont, said it found malicious software on company laptop, and it’s blaming the Russians.

Burlington Electric noted that the malicious software on a computer was not connected to its grid control systems.

Both the Department of Homeland Security and the utility said there are no indications that the electric grid was breached, reported CNN.

Burlington Electric General Manager Neale Lunderville told CNN that the utility found an Internet address that was associated with recent malicious cyber activity, and that IP address was communicating with a company computer.

What is next in cloud and data security for 2017?

What is next in cloud and data security for 2017?By Cloud Buzz on 29 December 2016
Big Data, Cloud Computing, Contributors, Digital Transformation, Security, data security
It has been a tumultuous year in data privacy to say the least – we’ve had a huge increase in data breaches, including some of the largest in history; an uncertain future when it comes to cybersecurity policies; new European regulations that have major implications for U.S. companies; and yet, business carries on. Despite all the challenges and risks, businesses will continue to move forward on digital transformation, cloud adoption and mobile adoption, all with an eye on cybersecurity.

These are the biggest trends that I see carrying us into 2017:

Infographic: IoT Internet of Things Cyber Security Concerns

Internet of Things Cyber SecurityBy Cloud Buzz on 29 December 2016
Cloud Computing, Infographic, Internet of Things, Security
Technology is moving forward at a rate we have never seen before. While the internet was something we once needed a computer to access, it can now be accessed on an endless number of remote devices thanks to Cloud technology and a relatively new term called the “Internet of Things “. However, there are also concerns about a world that connects technology in such a way as seen with the recent attacks. More devices connected via the cloud mean more opportunities for hackers to access and/or steal your data.

When Prevention Isn’t Enough: Security Best Practices for During and After a Breach

When Prevention Isn't Enough: Security Best Practices for During and After a BreachBy Biz Tech Magazine on 23 December 2016
Security Best Practices
Even if they have strong defenses in place, IT leaders must know how to respond quickly and effectively to attacks.


Cybersecurity threats pose challenges to organizations of all sizes, across every industry. Cyberattackers, phishing attempts, network eavesdropping, malware and many other threats jeopardize the confidentiality, integrity and availability of IT resources on a daily basis. IT leaders must clearly understand these threats and develop security controls that allow them to remain vigilant as these threats evolve in sophistication and targeting.

Network Security Requires More than Technology

Network Security Requires More than TechnologyBy Biz Tech Magazine on 28 December 2016
security, threat prevention, network management
The latest technology keeps pace with malicious attacks, but empowering employees remains the first line of defense.

Whether you’re working within a small practice or a large hospital system with 10,000 users, you need to worry about cybersecurity.

The “bad guys” — the people trying to break into your system — are getting more sophisticated every year. No one can stop every break-in. Instead, IT must keep an eye on how best to reduce the number of breaches and minimize the damage of successful hacks.

Solutions include a combination of available technology, but also point to the need to truly address the human factor in network security.

A 4-Phased Approach to Improving Data Center Security

A 4-Phased Approach to Improving Data Center SecurityBy Biz Tech Magazine on 1 January 2017
Data Center Security
Security threats are increasing, but this high-level roadmap can help organizations better defend the data center.

Enterprises employ a wide variety of data center architectures. Some opt to run a private, single-organization facility with dedicated physical servers for each application. Others choose a public cloud facility that hosts virtual servers for hundreds or thousands of customers. All of these data centers have something in common: the need to protect the security of their applications and data from a growing number of sophisticated threats.

2017: The Imperative of Innovation and Change

2017: The Imperative of Innovation and ChangeBy Secure Magazine on 1 January 2017
Security enterprise services, security leadership and management, security leaders, security planning, security roadmap, security technology, Innovation and Change

Like many of you, I have been highly focused on end-of-year budgeting and planning leading into January 2017. One of our core values is to hold a Strategic Action Planning (SAP) team meeting every year. I choose the leaders who will be at the table by determining their influence on our culture. Title is not as important as adherence to our values and our core operating processes that ultimately fulfill the expectation of value to our partners and clients.

4 Components of an Effective IoT Security Strategy

Internet of Things SecurityBy BizTech on 19 December 2016

IoT Security, information security, threat prevention
Recent breaches have shown the vulnerability of the Internet of Things, but IT departments can defend against hackers with a multifaceted approach to security.

While driving a Jeep Cherokee through downtown St. Louis in July 2015, Andy Greenberg felt a sudden blast of air from the vents. The radio mysteriously changed stations, music began blaring and the windshield wipers started. The situation went from perplexing to frightening when Greenberg stepped on the gas pedal but couldn’t accelerate as he watched an 18-wheeler approach in his rearview mirror.

Mitigating internal risk: Three steps to educate employees

Risk ManagementBy Help Net Security on 20 December 2016

cyber risk, risk management, security awareness
IT security is usually focused on how to prevent outsiders with malicious intent from causing harm to your IT systems and data. While this is a valid concern, people within organizations who simply do not understand the consequences of their everyday habits and behavior on company computers pose an equivalent if not greater risk.

Every person within a company that has access to information is a gateway for data exfiltration. This is why education for ALL employees that encourages following best practices for IT security safety is extremely important to implement within organizations. So where should you start? Take 3 easy steps.

5 Tips for improving enterprise cloud success in 2017

Enterprise CloudBy Cloud Tweaks on 19 December 2016

cloud computing, cloud security

Improving Enterprise Cloud

There has been an increase in the adoption rate of cloud technology to help businesses keep capital investment and maintenance costs down while benefiting from flexibility and rapid up and down-scaling as needs dictate. However, to maximize the benefits of cloud, companies have to overcome a number of challenges and mitigate various risks. As plans are drawn up for 2017, it is worth considering these tips for improving cloud success in the enterprise.

Is Big Data becoming an important and possibly expensive form of currency ?

Big DataBy Cloud Tweaks on 19 December 2016

Big Data, Cloud Computing
When we think about currency in the world, we often go the pieces of paper money we all keep in our wallets or the numbers on the screen when we look at our bank accounts online. While this is the case for most people, anything that can hold value can be seen as a form of currency.

And in the “ever-evolving” world of technology, data is quickly becoming the next important and expensive currency in the world. Data is critical for almost anything from marketing a new product, helping a business run smoothly and much more.

How Well Do You Understand Today’s Threats to Data Center Security?

A Day in the Life of a Security ConsultantBy Biz Tech Magazine on 16 December 2016

Data Center Security, cloud, firewalls, threat prevention

Yesterday’s security approaches won’t necessarily work today.

The original model for data center security was based on the assumption that threats were external. The security architecture to defend these facilities focused on establishing a network perimeter between the data center and the outside world. The basis of this perimeter was a firewall, which would examine all north-south traffic, which flowed between the data center and the internet. The firewall looked for violations of security policies and other indications of suspicious activity in this data traffic. It then took actions such as blocking traffic, logging additional information and notifying human administrators.

The difficult path to cyber resilience

A Day in the Life of a Security ConsultantBy Help Net Security on 19 December 2016

cyber resilience

Global organizations are more confident than ever that they can predict and resist a sophisticated cyber attack, but are falling short of investments and plans to recover from a breach in today’s expanding threat landscape.

A Day in the Life of a Security Consultant

A Day in the Life of a Security ConsultantBy Security Magazine on 13 December 2016

risk assessment, risk mitigation, security career, security consultant, security inspections

A lack of skilled staff remains the top security concern for organizations, according to the State of Security Operations Report. One way organizations can mitigate this challenge is to hire security consultants. These professionals work closely with their clients to help solve issues, implement best practices, and provide guidance. While there are no two days that are alike, here’s my typical day in the life as a professional security consultant:

The High Cost of Not Doing Enough to Prevent Cyber Attacks

The High Cost of Not Doing Enough to Prevent Cyber AttacksBy Security Magazine on 13 December 2016

cyber attacks, cyber security, cybersecurity

Organizations are in a difficult place when it comes to protecting themselves against the current cybersecurity threat environment. Many companies believe that they’re too small to be a hacker’s target. However, given the wide range of businesses and organizations being hit on a daily basis, this couldn’t be farther from the truth. If your organization has data, and every business does, you are a worthy and potentially lucrative target for cyber criminals.

12 tips for implementing secure business practices

12 tips for implementing secure business practicesBy Help NET Security on 12 December 2016

backup, CXO, insider threat, Internet of Things, passwords, phishing, PoS, strategy, tips

Security experts prepared a list of a dozen tips for implementing secure business practices during the 2016 holiday season.


1. Limit temporary worker privileges

Many organizations employ temporary workers during the holidays to address increased demand for their products or services, and backfill employees on vacation. Criminal organizations know this and seek to take advantage of the potential “insider threat,” specifically that temporary workers may be less familiar with corporate policies and practices. Organizations should limit temporary employees’ access to corporate systems based on those individuals’ needs to do their jobs. Therefore, if a criminal successfully social engineers a temporary worker in order to carry out an attack on the organization, the fraudster’s access to sensitive company data will be kept to a minimum.

The new CISO imperative: Solving the information management paradox

The new CISO imperative: Solving the information management paradoxBy Help NET Security on 13 December 2016

information management, information security, cxo

According to Cybersecurity Ventures’ Cybersecurity Market Report, worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021. However, in the drive to become more cyber resilient in 2017, organizations are extending risk management that is traditionally based on parametric measures (i.e., data loss prevention and firewalls) towards information stewardship – the proper identification, categorization and deletion of their own content, regardless of where it is saved.

Never stop learning – the need for a risk-based approach to cyber-security

Never stop learning - the need for a risk-based approach to cyber-securityBy Security Magazine on 1 December 2016


It probably comes as no surprise to IT security professionals that cyber-attacks are now becoming more sophisticated and more commonplace. For years, cyber-experts have been warning that we are entering the “age of the cyber-attack,” predicting that a digital attack will now bring about the end of civilisation rather than a nuclear war. While this is clearly an extreme example, what is surprising is how ubiquitous and effective cyber-attacks have become, despite vendors and experts warning about their risks for over a decade. However, even if an organisation has a robust cyber-security policy in place, this alone is not enough to protect it from cyber-attacks. Trust us, we know because we’ve been there.

Hackers are holding San Francisco’s light-rail system for ransom

Hackers are holding light-rail systemBy The Verge on 27 November 2016


San Francisco Municipal Railway riders got an unexpected surprise this weekend after the system’s computerized fare systems were apparently hacked. According to the San Francisco Examiner, the MUNI system had been attacked on Friday afternoon.

MUNI riders were greeted with printed “Out of Service” and “Metro Free” signs on ticket machines on late on Friday and Saturday. MUNI first became aware of the intrusion on Friday, according to the Examiner.

How security collaboration will prove vital in 2017

By Help Net Security on 22 November 2016

The escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July’s Democratic National Committee email leak and its ripple effect through American politics. The group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet’s security.

Was your data breach an inside job?

By Help Net Security on 22 November 2016


Kaspersky Lab revealed the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.

5 Cybersecurity Priorities for Every SMB in 2017

By BizTech Magazine on 18 November 2016


Follow this checklist of the most-urgent cybersecurity items — including phishing scams, password protection, malware and ransomware — to keep your company secure in the year ahead.

One security advantage small and medium-sized businesses had for years was simply being small.

Given a low profile, most SMBs could fly under the radar when it came to information security, hoping they were obscure enough not to catch anyone’s attention. That advantage is gone.

7 Strategies to Defend Against Supply Chain Risks in the Digital Era

By Security Magazine on 8 November 2016

With the rise of digital and cloud technologies, business models have evolved greatly. In recent years, we’ve seen an increasing number of businesses that are essentially “born in the cloud,” with infrastructure that is fully supported by cloud services. For example, Amazon Web Services (AWS) makes it affordable and easy to start an online company that can scale to compete with larger, well-funded rivals. Similarly, YouTube makes it easy to create and distribute promotional videos, while other social media channels, such as Facebook and Twitter, enable company messaging and marketing campaigns to reach millions around the world. The internet and the cloud are the great equalizers – allowing startups to effectively compete with established companies of any size.

More than 75% of Europeans click on links or open malicious attachments

By SC Magazine UK on 16 November 2016

More than 54 million Europeans have been victimised by online crime in the past year as hackers take advantage of consumer complacency.

New research from Norton shows that despite spending $8.7 billion (£6.9 billion) and an average of 12.7 hours per victim dealing with the consequences, Europeans affected by cyber-crime in the past year are the most likely to continue engaging in risky online behaviour. Nearly 21,000 consumers worldwide, including more than 6,000 from six European countries, were surveyed.

The Challenge of the CISA Exam

By Maria do Carmo Couto a 17 Novembro de 2016

The Certified Information Systems Auditor (CISA) is a globally recognised certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance and has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance.

It’s well known that the employers are requesting for new candidates to have this certification for IS audit, Control and Security vacancies. Having this certification will make you go far up the job ladder!

The 10 Easiest Passwords to Hack

By Security Magazine on 7 November 2016

A new research paper has listed the top-ten least-secure passwords currently in use online.

Published by Lancaster University in collaboration with China’s Fujian Normal University and Peking University, the study is based on a leaked Yahoo database of personal information.

Preparing for the holiday shopping season? Cybercriminals are getting ready as well

By Help Net Security on 15 November 2016

The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday. Retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.

Compromised: 339 million AdultFriendFinder users

By Help Net Security on 14 November 2016

Friend Finder Networks, the company that operates sites like Adultfriendfinder.com (“World’s largest sex & swinger community”), and Cams.com (“Where adults meet models for sex chat live through webcams”) has been breached – again!

In May 2015, the number of affected users was around 3.5 million, and the leaked information contained information like marital status and sexual preferences.

Taking information security management to another level with a new standard for specific market sectors

By ISO on 15 August 2016

With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that the ISO and IEC standard for information security, ISO/IEC 27001, has become so widely used. A new standard just published will take that a step further, helping to apply the requirements of this flagship standard to specific sectors.

Organizational Resilience – the big concept these days

by António Relvas on October 27, 2016

What is Resilience in an organization? The definition that is widely accepted is that “organizational resilience” is the “ability of an organization to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.

Ok, the above definition is a great one, but how to achieve resilience in an organization? This is the tricky part, and there are two ways (that can work).

Good Risk Management Practices. Are you at risk?

Risk Management

Risk management is about managing threats and opportunities. When is effective it is often unnoticed, but when it fails, the consequences can be dramatic, and this applies to everyone.

You are a risk manager and you may not know it, but we all make decisions and risk arise as a consequence of decisions we make. So, if you think about it for a moment, it becomes clear to you that when you make a decision, you anticipate and visualize the possible consequences of that decision in (near) future, and then you rethink the decision and decide.

Why you should consider implementing ISO 27001?

implementing ISO 27001

Many senior executives associate ISO 27001 with IT, but take this out of your mind. ISO 27001 is about information. Is about managing the security risks and threats that can affects integrity, confidentially and availability, and guess what, it is applicable to all organizations.

So, why should you consider implementing ISO 27001?

Cybercrime is more active than ever. And what are you going to do about it?


The pressure is on, regardless the security maturity level of any organization.

After an incredibly year for security incidents, intrusions and data loss, it is obvious that cybercrime have advantage. Hackers are operating with different requirements and motivations, and employing increasingly sophisticated techniques.

According to Cyber Threat Report Yearbook, the number of successful cyber-attacks on business of all sizes, during the four-year period between 2010 and 2014, increased by 144% and the cost of cyber crime per company increased by 95%.

New course Implementing the NIST Cybersecurity Framework using COBIT®5

NIST Cybersecurity Framework using COBIT 5

It’s official: The NEW Course and certification exam Implementing the NIST Cybersecurity Framework using COBIT®5 was released today.


As an ISACA COBIT® 5 Licensed Training Provider and as APMG ATO, Behaviour Group is proud to announce that the new offical course and exam from ISACA, Implementing the NIST Cybersecurity Framework using COBIT®5, is already included on our training catalogue and the 1st event date is open to candidates registration.

This course and exam allows the professionals to achieve an enhanced level of certification that was created by ISACA in response to the need for integrating the worldwide recognized framework COBIT®5 and the recently (Fev 2014) launched Cybersecurity Framework (CSF), developed by NIST in

Implement ISO 22301 Management System

Implement ISO 22301 Management System

ISO 22301 – Business Continuity Management Systems – help organizations, regardless of their size, location or activity, to be better prepared and more confident to deal with any disruptive incident.


Disruptive incidents can impact the normal operations of an organization at any time. Implement ISO 22301 Management System helps organizations to be better prepared to manage this disruptive events and to achieve an high level of resilience in a way that can continue to operate during and/or after this events occurs.

Ready for ITIL, better prepared for ISO 20000 Audit

Ready for ITIL, better prepared for ISO 20000 Audit

ISO/IEC 20000 was design to align with ITIL® Best Practices and describes an integrated set of management processes for the effective delivery of IT services to the business and customers.

The adoption of ITIL® processes over the last decade has undoubtedly transformed the quality, relevance and timeliness of IT service delivery and it has enabled the creation of customer and business focussed services and improved the cost/ value equation.

The power of COBIT® 5


COBIT® is an unusual or strange-sounding word for many, however is an acronym that is becoming increasingly recognized by auditors, IT professionals, and many enterprise managers.

COBIT® is an important internal control framework and an important support tool for documenting and understanding internal controls and recognizing the value of IT assets in enterprise. A general or working knowledge of COBIT® should be an IT auditor requirement.

If you have IT challenges to manage in your enterprise, such us Cloud Computing, Information Security, Big Data, Data Privacy, know that you do not

In 2015 you have a chance to become victim of cybercrime

According to Microsoft, cybercrime is a booming business for organized crime groups all over the world. Those groups of cybercrime aim to profit, from any security lapse they can find: identities, passwords and money. Not protecting your organization these days is equivalent to leaving the doors and windows of your house unlocked.

So when it comes to cybersecurity, there is a lot of work to do to persuade individuals, small businesses, enterprises and government institutions to change their behaviour. 

ISO 28000: Best Practices for Supply Chain Security

When suppliers are unable to deliver, or customers are unable to purchase, the ability of an organization is compromised. ISO 28000 is the answer to promote resilience at every step of the supply chain.

Designed to protect people, goods, infrastructure and equipment, ISO 28000 will help your company to better assess security risks in supply chain and to implement appropriate controls to manage potential security threats.

Apply the four steps method of implementation proposed on training and make the transition to ISO 28000 in your company. Do not complicate what is simple! Discover all ISO 28000 courses

The next generation of information security leaders

The CISSP course will assist all the participants who attend it to keep up to date their knowledge in the top 10 information systems security domains.

All activities in this course will enhance and increase participants’ knowledge in the area of information systems security, providing them the needed knowledge for the development of their professional careers.

The growing demand of people who are able to manage and drive the strategy for information security within organizations makes the CISSP course a reference for professionals in the field.

The Goal of the Risk Manager

Risk management is the understanding, assessment (including prioritization) and treatment of risks, from highest to lowest, taking into account factors such as: the impact of a risk event may have; the likelihood of this risk event happens; and of course, the means involved for dealing with this risks.

The prioritization of risk management activities is essential, instantly identifying the risks with higher or lower impact and the likelihood of happen and of having impact on the business.

Often, a decision on risk management involves making choices between what we thought that may happen, based on past events (if possible), and what we

To risk or not, ISO 27001:2013 is the answer

The idea of the new ISO 27001:2013 is to provide a more flexible approach to lead to more effective risk management, regardless of the standards that have already been implemented or intended to implement. ISO 27001:2013 will help your company to manage and protect information, by helping you to identify the inherent risks and to put in place the appropriate controls to help you to reduce those risks.

Apply the four steps method of ISO 27001 implementation, proposed on training, and implement ISO 27001 in your company. Do not complicate what is simple! Discover all ISO 27001 courses

ISO 27001 for all businesses

Small businesses are also a target of ISO 27001. It is misleading to think that information security is a concern of large companies.

Whether you decide to implement the standard in order to benefit from the best practices it contains, or you choose to get your company certified to gain more trust in the market, ISO 27001 will help your company to manage and protect information, by helping you to identify the inherent risks and to put in place the appropriate controls to help you to reduce those risks. Risks are not only in large companies, are in all companies.

ISO 22301 can save your business

The implementation of ISO 22301 is the answer to ensure that operations continue, that products and services are delivered in pre-defined levels, the activities of creating value are protected, and that the reputation and interests of stakeholders are safeguarded whenever disruptive incidents occur.

So when a company is faced with the threat of sudden interruption of its operations, with ISO 22301 implemented that company will be prepared to respond quickly and effectively, for reducing the impact on the failure of services.

Apply the four steps method of ISO 22301 implementation, proposed on training, and implement ISO 22301 in your company. Do not complicate what is

ISO 20000 and ISO 27001 can improve your experience with Cloud Services

The model of Cloud computing products and services bring great benefits to users and companies in the terms of IT agility, flexibility, scalability, and cost reductions. However, in the costumer view, migrating to the cloud raises concerns particularity about how secure is the information and applications storage.

Implementing and become certified on ISO 20000 and ISO 27001 will improve processes, performance, global quality, services and security management.

These standards will improve company levels of business continuity planning, by identify and manage the increasing level of threats, vulnerabilities and risks that may impact the business to ensure availability of service and support functions.

BEHAVIOUR® launches training on the new standard ISO 55001 – Asset Management

BEHAVIOUR® released the new training and qualification programs on ISO 55001:2014 standard. These programs have three levels and are intended to all professionals who are wanting to acquire skills in the area of ​​asset management.

These courses, ISO 55001 Foundation, ISO 55001 Lead Implementer and ISO 55001 Lead Auditor, aim to provide and qualify professionals with the skills needed for implementation and audit of an Asset Management System in an organization.

The challenge of defining ISO/IEC 27001 ISMS Roles and Responsibilities

Define the needed roles and responsibilities required for ISMS, based on ISO/IEC 27001:2013, is not always an easy task.

A common approach is starting defining the CISO (Chief Information Security Officer) role or the ISMS manager role.  Ensuring that ISMS is in conformity with requirements of the standard and clear responsibilities on reporting performance of the ISMS to the top management are critical for ensuring conformity with clause 5.3 of ISO/IEC 27001:2013.

Behaviour is always bringing value to you

Every company is interested in helping their clients to achieve their goals, not simply making sales. 

This is important too, of course, but doing our job with passion, putting our efforts to deliver an excellent service, improving ourselves everyday as professionals and as persons, creating a good delivering environment, with good tools, excellent professionals that are committed to learn more, to know more, just to deliver better, to support clients better, or to better serve clients, at the end this is what, definitely, really matters and this is what guarantees the sales.


When we talk about training, we say that training is not just training. A course is not a program, a room, a trainer and a training manual. A training course is not the same in every place. If it was, everyone could

Facing the Challenge of the CISA® Exam

By Editor em 7 de Maio de 2014

The Certified Information Systems Auditor (CISA®) designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases audit experience, skills and knowledge, and demonstrate capability to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

With a growing demand for individuals possessing IS audit, control and security skills, CISA® has become a preferred certification program by individuals and organizations around the world.

Business Continuity, a plan is not enough!

By Joaquim Pereira on April 23, 2014

Any organization needs a strategy for business continuity. No matter if it is an SME or a Large Enterprise, with one or more physical locations or if it operates on one or more business areas. For sure, some organizations develop more critical activities than others. In some cases, some of these activities may even be directly related with the core business or if not, at least support the major processes that make the chain of value of the business, and drives the organization forward.

Ensuring continuity of the business, if a major disaster occurs, it is not an option, is a need that every organization has to fulfill.

Go further in the management of network security

By Joaquim Pereira on April 9, 2014

Network security it is one of the biggest challenges in nowadays for IT Administrators and Information Security Managers. There are too many tools, too many technologies, too many approaches and too many IT Providers setting the “standard” on how doing it.

Network Security Management it is one of the many concerns of CISO’s, CTO’s and Information Security Managers. Some select the technical solutions, that hardware and software providers wish to sell and which, according to them, are the best ones. Other providers, the “big fishes”, provide even guidance and, recently, start to include some best practices on their tools, providing additional value to their customers.

The risk to manage information security risks

By Joaquim Pereira on March 27, 2014

There are risks and risks. Risks related to the information security are just a few of which we will have to manage and treat daily. Other risks are the risks inherent to selection of the methodology and to the approach that we will follow to manage the information security risks.

Any expert in these matters will say that the use of an approach per process and the treatment of the risks identified, according to the levels of impact measured and their respective analysed probabilities, is the best strategy. In this approach are included a number of activities to be undertaken, in which are included the review and approval of risk criteria, or even other activities that, more or least accurate, provide the respective perspective on the risks which

How can the best IT services get even better?

By Joaquim Pereira on March 11, 2014

The answer to this question is simple: through continual improvement.

On today’s business environments, technologies take an important role as being one of the key elements for the success of any business. Due the large number of technologies available, is not always easy to choose the one that fits and responds as needed by the business. Even after we choose one possible technology or product, we still need to operate it, assign a responsible for it, make changes as needed, and improve it. Also, someone needs to see far ahead and plan when this technology needs to be replaced, by which type of technologies or products will be replaced, and what all of this will improve.

The Best 2015 Information Security Certifications

Information Security Certifications

If you are seriously thinking about advancing in your career in the IT field with a specialization in security, then you need to consider to properly prepare to become certified in the 3 top Information Security Certifications and well-respect credentials: CEH, CISSP and CISM.

CEH training will help you to achieve skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial of service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls and honeypots, and more.

Transition to ISO 27001:2013

By Joaquim Pereira on February 5, 2014

ISO/IEC 27001 was released in 2005 and adopted worldwide as the International reference for Information Security Management. In 2013 was launched the new version of the standard in order to align the requirements of standard to the current requirements of organizations, business and emerging technologies.

Thus the organizations certified on ISO/IEC 27001:2005 can be audited and can re-certified on this version until October 1, 2015. After this date, all organizations will be audited and re-certified in the new version of the standard.

Behaviour now accepts PayPal for online registrations purchase

Behaviour is offering to its customers a new way of pay through the online registration process for applications done directly on the website: PayPal. Now, it is possible to enroll in a course and ensure your seat in the course you pretend to participate. This innovative virtual method allows you to send and receive payments through the Internet, in a simple, convenient and safe way for several countries in the world.

Business Continuity, a strategy inherent in our daily life

by Joaquim Pereira on March 22, 2013

It is common in our daily life and in our nature adopt strategies that allow us to prevent or even mitigate the result of common situations inherent in our daily lives.

In our house we adopt strategies for prevention, detection or response, for example through the installation of an alarm – which aims to deter, detect and guarantee a response by the authorities in case of attempted robbery – the installation of an armored door, a lock reinforced, or even the insurance cover for filling the same. These strategies allow even prevent or mitigate the impact of certain inherent threats, human or environmental, such as theft, fire, flood,

Publication of ISO 22301, the new international standard for business continuity management

Lisbon, PORTUGAL (May 16, 2012) – ISO has officially launched ISO 22301, “Societal security – Business continuity management systems – Requirements”, the new international standard for business continuity management. This standard will replace the current British standard BS25999. Continued operations in the event of a disruption, due to a major disaster, are a fundamental requirement for any organization. ISO 22301, the world’s first international standard for business continuity management (BCM), has been developed to
help organization minimize the risk of such disruptions.

Guaranteed Dates Program

All courses have guaranteed dates, so all public dates presented on the site are guaranteed to occur. You can schedule and plan ahead.

Behaviour launches program Guaranteed Dates in all training offer. This program provides the opportunity to acquire knowledge and skills without, professionals and companies, have to wait for other professionals and companies to have the same training needs for the course to start.

This program Guaranteed Dates focuses its action in the specific needs of a individual or