The 3 Main Ways Ransomware Spreads in 2017

The 3 Main Ways Ransomware Spreads in 2017

Ransomware, Cyberattack, cybersecurity, information security, cyber risk, cyber security
Email is still the primary distribution mechanism for ransomware attacks, but “malvertising” is also a growing threat.

Ransomware is now on everyone’s mind, thanks to the recent “Petya” or ”Nyetya” global malware attack and the earlier WannaCry attack. Ransomware — malware designed to encrypt files and only decrypt them if the victim pays a ransom, usually in the digital currency bitcoin — is being spread in numerous ways, some of which are hard to defend against.

How to write an Information Security Architect job description

How to write an information security architect job descriptionInformation Security Architect

A good information security architect straddles the business and technical worlds. Writing a solid, clear job description ensures that both sides understand the role.

Whatever the role, good communication regarding the duties and expectations of a security professional is key to that person’s success. That communication starts with a solid, thorough job description. It will be an important benchmark when hiring for the role, and a touch point for performance once the candidate is on board. The job description is also a baseline that helps security team managers keep pace as many roles evolve.

The Chief Information Security Officer. The New CFO of Information Security

The Chief Information Security OfficerChief Information Security Officer, CISO

Traditionally, CPAs have considered the chief financial officer (CFO) as the guardian of a business’s organizational data. It was and remains the CFO’s responsibility to maintain a system of internal controls that provides reliance for the accuracy and integrity needed to prepare and attest to the financial statements. These statements and the accompanying opinion continue to be relied on by stakeholders when making financial decisions. The increasing use of rapidly developing technology, software obsolescence, and the change in user preference from desktop to mobile computing platforms have created the need for a new type of data guardian responsible for protecting all types of information in a digital world. The chief information security officer (CISO) is the person performing this role in many organizations and has become an important consideration for CPAs, both in traditional auditing and advisory services.

Risk Management: How to Prevent Costly Supply Chain Incidents

Risk Management: How to Prevent Costly Supply Chain Incidents

risk management, iso 27005 risk manager, iso 31000 risk manager, supply chain security
Preventable corporate scandals, as seen by headline events related to Pepsi, Wells Fargo, Volkswagen, Chipotle and Wendy’s, result from a variety of risk management failures across a variety of industries. Notable scandals include cybersecurity failures at retail organizations and restaurants, quality control issues at manufacturers, and ineffective asset management and access rights at financial institutions.

How to create an effective business continuity plan

effective business continuity plan

business continuity plan, Disaster Recovery, Backup and Recovery
A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here’s how to create one that gives your business the best chance of surviving such an event.

The Lifecycle of Data Protection Is Evolving. Here’s What You Need To Know.

data protection

Lifecycle of Data Protection, data security regulations, privacy management, data regulation
In this age of widespread ransomware attacks and rampant data breaches, enterprises are reimagining their data protection strategies. It is no longer adequate to worry about a disk crashing. Nowadays, you must worry about all of your data assets being stolen and held for ransom. Your team must adopt a proactive, lifecycle-based approach where data assets are discovered and documented, and controls are adopted to protect these assets at all times.

Big Data Collection Needs Transparency for Public Acceptance

Big Data Collection Needs Transparency for Public Acceptance

Big Data Collection, data security regulations, privacy management, data regulation
During a recent European Parliament meeting, Ana Gomes, a Portuguese member of the parliament said that while a thriving data-driven economy represents an opportunity for growth and employment, big data can also pose significant risks and challenges, particularly as regards fundamental rights, including privacy and data protection. “Some people actually pretend big data is just about statistics based on huge databases. But this is not traditional statistics because at the basis of these databases are individual data that need protection.”

The use of big data is creating lucrative opportunities. By 2017, the big data market is expected to reach €50 billion ($56 billion) and create 3.75 million new jobs.

How to Change Behavior for Stronger Security System Cybersecurity

How to Change Behavior for Stronger Security System Cybersecurity

Security System Cybersecurity, Cyberattack, cybersecurity, information security, cyber risk, cyber security
How Healthy Are Your Cybersecurity Habits?

There is a world of difference between knowing the right thing to do and actually following through and doing it. Think about doctors who repeatedly remind their patients to quit smoking, or to be careful with their cholesterol, to get regular exercise and adopt healthier eating habits instead of eating bacon with every meal. We know what we should do. Quite often, though, that knowledge is not enough to actually change our behavior.

You were probably aware of some fundamental cybersecurity best practices before you started to read this article. But let’s focus on two: passwords and firmware.

Global Cyberattack Could Cost $121 Billion

Global Cyberattack Could Cost $121 Billion

Cyberattack, cybersecurity, information security, cyber risk, cyber security
Lloyd’s of London has warned that a serious cyberattack could cost the global economy more than $120 billion – as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy.

The report from Lloyd’s said the threat posed by such global attacks has spiraled and poses a huge risk to business and governments over the next decade.

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

Cryptocurrency Exchange Hacked

Cryptocurrency Exchange Hacked, Cyberattack, cybersecurity, information security, NIST cyber security framework
One of the world’s largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.

Bithumb is South Korea’s largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea’s currency, the Won.

Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world.

Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts.

3 Questions to Improve Cyber Incident Recovery

Cyber Incident Recovery

Cyber Incident Recovery, Cyberattacks, cybersecurity, information security, NIST cyber security framework
The NIST Cybersecurity Frame-work focuses twice on the concept of improvement, doing so within both the Respond and the Recover functions. For improved response, NIST recommends that organizations incorporate lessons learned into their response plans and update their response strategies. When it comes to improved recovery, NIST echoes that guidance: Companies should incorporate lessons learned into their recovery plans and update their recovery strategies. Because of these similarities, it is helpful to consider this article in the context of our May 2017 Cyber Tactics column, “Been Hacked? Let That Be a Lesson to You.”

Top 10 CISO Benefits of Participating on Customer Advisory Boards

Top 10 CISO Benefits of Participating on Customer Advisory Boards

Top 10 CISO Benefits, CISO, Information Security Officer

In their perpetual battle against external cyber threats, understanding and addressing evolving regulations and gathering resources to meet escalating security demands, Chief Information Security Officers (CISOs) are a busy, if not overburdened, bunch these days. And while focusing on their pressing jobs demands their full-time attention during the too-few hours of the day, there is one outside activity that does garner their precious attention: engaging with other CISOs. Indeed, CISOs are finding their best ally in meeting high demands is each other – to learn about new and emerging threats and best practices proven to defeat them.

Emergency Preparedness Essentials: 5 Things CSOs Should Know

Emergency Preparedness Essentials: 5 Things CSOs Should Know

Emergency Preparedness, business continuity, disaster recovery
In order to ensure the safety and security of an organization’s personnel, a Chief Security Officer (CSO) must be able to identify, assess and develop appropriate responses to a wide range of potential and actual threats as they evolve in real time. This presents a Herculean challenge since security, while recognized as critical, is also preferred to be invisible in day-to-day operations. Substantial guidance in these efforts is available from the communities of law enforcement, the private sector and emergency planners. In particular, it is worth summarizing five central insights that can assist CSOs as they work to protect their organizations.

Building a strong cybersecurity program for the long haul

Building a strong cybersecurity program for the long haul

cybersecurity program, security awareness
Patch Tuesday is approaching and there is a chance it might be a boring one. Hopefully, I didn’t jinx things by saying that, but I think most of what we’ll see is a bit of volume on the third-party side. Before we get into the forecast, though, let’s talk about the recent roller coaster we’ve all been on.

Rising volume of attacks overpowers security teams

attacks overpowers security

attacks overpowers security, cybersecurity best practices, security awareness, cyber attack
New research from IDC that shows organizations are constantly under attack and struggling to keep up. The research finds most organizations run time-consuming security investigations and often fail to effectively protect themselves.

4 Cybersecurity Best Practices for Your Organization

Cybersecurity Best Practices

cybersecurity best practices, security awareness, cyber attack
A data breach can happen to any organization, and it’s a growing concern among companies both large and small. According to this cyberattack infographic, an IBM study revealed that the average consolidated cost of a data breach is approximately $3.8 million, a 23 percent increase from 2013. According to that same graphic, the Identity Theft Resource Center found that approximately 22 percent of breaches are due to insider theft, and 12 percent are simply a matter of accidental exposure.

You can keep your company and your employees safe from these dangerous data breaches by ensuring that employees are aware of a few tried-and-true data security best practices. Here are some of the most important ones:

As GDPR deadline looms, time for compliance is running out

GDPR Deadline

GDPR deadeline, privacy management, data regulation, DPO, Data Protection Officer
GDPR is a game-changing piece of data protection legislation that goes into effect on May 25, 2018.

While the legislation includes various components related to how organizations collect, store, manage and protect customer data, the ‘right to be forgotten’ gives individuals the right to have personal data erased. If most organizations cannot locate where their customer data is stored, it will be difficult to fulfill ‘right to be forgotten’ requests (…).

How to Land the Best Jobs in Cyber Security

Best Jobs in Cyber Security

best jobs in cyber security, ransomware, malware, security awareness, cyber attack
For job seekers looking for high pay, job security and the option to work in any sector and in any state, the cyber security field is the place to be.

Cyber crime costs the global economy over $400 billion each year. [Since] 2014 some of the largest companies in the world were victims of cyber crime, including J.P. Morgan, Target and The Home Depot among others. As cyber attacks continue to increase in volume and tenacity, with ever changing tactics, the government and the private sector are raising the alarm. In response, there has been a sharp uptick in the demand for cyber security professionals across almost every sector.

Due to this shortage in a critical area of national security and following the law of supply and demand, those who work in cyber security can expect to earn top dollar. For instance, on average, chief security officers will make over $220,000 annually.

So while it is clear that a job in cyber security has many benefits, what cyber security positions are the best and how do you land them?

The wannacry ransomware is a reminder to get serious about security

Get serious about security

get serious about security, ransomware, malware, security awareness, cyber attack

Wannacry Ransomware Attack

Ransomware is the word on everyone’s lips this week, following the massive WannaCry ransomware attack which spread quickly all over the world. Security experts estimate that over 200 000 systems across 150 countries were affected by the attack, in which hackers took advantage of a weakness in Microsoft’s Windows operating system to block any access to a computer system until a ‘ransom’ is paid in order to unlock the system again.

Investigations into the massive hack are still unfolding, but current thinking is that the attack originated in North Korea and made use of a set of top secret National Security Agency tools that were stolen and sold last year.

WannaCry: Smaller businesses are at great risk

Risk Management

Smaller businesses are at great risk, ransomware, malware, security awareness

Last week saw a widespread attack with more than 10,000 organisations across 150 countries – including 48 NHS trusts in the UK – almost simultaneously hit by the ransomware strain WannaCry. With data encrypted, the impacted businesses and other institutions experienced significant downtime as they were unable to continue with normal operations. The hospitals, for example, were forced to postpone non-urgent procedures and people were asked not to visit Accident & Emergency.

3 in 5 companies expect to be breached in 2017

Companies Breached

companies expect to be breached, ransomware, malware, security awareness

New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.

Vanson Bourne interviewed 600 senior IT decision-makers at organisations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States.

How to make cyber security a priority for your managers

cyber security as a priority

cyber security, ransomware, malware, security awareness, cyber attack
Both the business and technology industry are growing and making new advancements. These new improvements, such as converged systems and cloud storage systems, while strikingly beneficial, also bring with them new risks. One of the rising risks is cyber security. With many companies taking advantage of new technology and running their business online, they have become larger targets for cyber hackers.

A guide on how to prevent ransomware

A guide on how to prevent ransomware

prevent ransomware, malware, security awareness

Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable.

At its heart, ransomware is simply another form of a computer virus, albeit a very potent one. The methods it uses to infect a computer are the same ones other computer viruses employ.

Hackers claim to have looted Pirates of the Caribbean 5

Hackers claim to have looted some treasure from Disney’s Magic Kingdom: Pirates of the Caribbean 5

Hackers, hacking, ransomware, Pirates of the Caribbean 5

At a town hall meeting in New York earlier today, Disney chief executive Bob Iger said hackers are claiming to have stolen an undisclosed new film from Disney’s upcoming slate, according to a report in The Hollywood Reporter. Needless to say, the king of Disney’s castle is refusing to pay the demanded ransom.

Instead, the company is working with federal investigators and holding their breath to see if the online pirates will release their booty into the wild, according to the report.

Citing multiple sources, The Hollywood Reporter wrote that the hackers were demanding a huge ransom in bitcoin be paid out or they’d release the film into the wild. Specifically, the hackers threatened to release the first five minutes of the film and then the rest of the film in 20-minute sections. Iger’s response? Basically… “Come at me.”

The Internet of Things Invades Physical Security

The Internets of Things Invades Physical Security

Physical Security, information security, cybersecurity, privacy

The physical security space is changing, with emerging threats, new criminal techniques, terrorism and hostile activism just of few of the drivers of change.

The implications are profound. The world of physical security systems is being invaded by multiple new and emerging technologies. Arguably, the technology currently showing the greatest potential implications have a wireless Internet connection to pass their status (data) via digital communications to other components, devices or systems. Given the growing capabilities of these emerging IoT devices, they are likely to transform electronic security systems that protect physical assets. Corporate security staff that operate, manage and monitor the electronic security systems used in the facilities they are assigned, in most cases, have not been trained on how to use the security systems equipment.

The GDPR Transformation is Already Here

The GDPR Transformation is Already Here

GDPR Transformation, privacy management, data regulation
The General Data Protection Regulation (GDPR) effective date is just about a year out, but already we can see the work companies are doing to achieve compliance having a significant impact on the privacy.

I had a great opportunity to gauge exactly how this is happening while attending the annual Global Privacy Summit hosted by the International Association of Privacy Professionals (IAPP) in Washington, D.C.

It took some time to work past the overall lament that talk of the GDPR was dominating the conference. Once I did, though, it became clear that people from across a truly wide range of organizations were using the prod of coming GDPR compliance to systematically and rigorously integrate improved data protection into the very core of their operations. Whether they were just starting on data mapping or policy creation; had ventured into the woods of data classification schemes and Privacy Impact Assessments; or were implementing a Privacy by Design model, the people I spoke to reported a higher level of engagement with privacy, and a deeper understanding of the way data flows throughout their organization, than ever before.

10 Top Paying IT Certifications In 2017

10 Top Paying IT Certifications In 2017

10 Top Paying IT Certifications, CRISC, CISM, CISSP, PMP, CISA, ITIL

According with Forbes, the highest-paying certifications this year are from latest research on the salary levels and market conditions for IT certifications.  But what’s the next up-and-coming certification? Here are the 10 Top Paying IT Certifications:

      1. Certified in Risk and Information Systems Control (CRISC)
      2. Certified Information Security Manager (CISM)
      3. AWS Certified Solutions Architect – Associate
      4. Certified Information Systems Security Professional (CISSP)
      5. Project Management Professional (PMP®)
      6. Certified Information Systems Auditor (CISA)
      7. Citrix Certified Professional – Virtualization (CCP-V)
      8. ITIL® Foundation
      9. VMware Certified Professional 5 – Data Center Virtualization
      10. Citrix Certified Associate – Networking

How CIOs are shaping the future of work

How CIOs are shaping the future of workCIOs are shaping the future, CXO, CIO, Chief information officer

IT leaders are poised to make radical changes in the workplace, but boardrooms are holding back progress by continuing to place too much emphasis on reducing costs and keeping the lights on.

IT job profile: So you want be a CISO

IT job profile: So you want be a CISOWant be a CISO, CISO, CISSP, CCISO, CISM, CISA, ISO 27001, Information security, Risk Management

Want be a CISO? Chief Information Security Officer (CISO) is a coveted position in many IT organizations. The high demand for qualified CISOs leads to tremendous competition for capable candidates and correspondingly high salaries. But what’s the real deal behind the scenes? Do you have what it takes to serve in a CISO role? If not, what qualifications do you need before you can join the information security big leagues?

Sitting in an organization’s senior-most security chair requires a unique mixture of professional experience and educational background. The CISO position is a career capstone for some and a way station to the CIO chair for others. Either way, arriving at this destination requires careful career planning. Most CISOs don’t get there by accident.

The 5 Biggest Barriers Faced by Women in Tech

The 5 Biggest Barriers Faced by Women in Tech

women in tech, ISACA, leadership and management, workplace issues

Wage inequality compared to male colleagues, workplace gender bias and a shortage of female role models are among the main barriers faced by women working in the technology field, according to a survey by technology association ISACA.

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Consumer Reports to Include Cybersecurity and Privacy in Product Reviews

Include Cybersecurity and Privacy in Product Reviews, cybersecurity, privacy, cybersecurity standards, data security, password

Consumer publication Consumer Reports will soon begin considering cybersecurity and privacy safeguards when scoring products.

The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.

Why the Security of Confidential Documents is a Problem for Enterprises

Why the Security of Confidential Documents is a Problem for Enterprises

Confidential documents, Cybersecurity, security education, Security of Confidential Documents

There is a widespread and growing need to improve security practices surrounding confidential documents in most organizations today, according to a new study by the Business Performance Innovation (BPI) Network.  In a global survey of managers and information workers, 6 out of every 10 respondents said they or someone they know have accidently sent out a document they shouldn’t have.

It’s Time to Change Your Perception of the Cybersecurity Professional

It's Time to Change Your Perception of the Cybersecurity Professional

Cybersecurity professional, cybersecurity careers, security education, security leadership, security talent gap, threat mitigation

To borrow from the Nobel Prize winning songwriter, the (security) times, they are a-changin’. When the commercial Internet was young – say in 1995 – IT structure was relatively simple. It consisted of just three layers: server, network and client. Each had its own security component.

Ah, the good old days. Growing complexity is one of today’s IT’s biggest security challenges. The more complex the system, the greater the attack surface (in general). It is much easier now to hide multi-pronged canattacks in different layers and parts of the IT infrastructure.

NIST CRIED: The Four Steps of Incident Mitigation

NIST CRIED: The Four Steps of Incident Mitigation

cyber security education, cybersecurity response, incident mitigation, NIST cyber security framework, risk mitigation

Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs?  Enter the NIST Framework category titled Mitigation.

Faced with an actual intrusion, companies would do well to focus on executing four immediate incident response steps.  Taken together, their initials form the acronym CRIED:

Cybersecurity Protection Begins with the User

Cybersecurity Protection Begins with the User

cybersecurity Protection, cyber security education, cybersecurity awareness, intellectual property security, workstation security
The internet is a dangerous place, right? Not only is the internet full of hackers trying to steal your corporate information, but they’re also targeting your website and company database to steal credit cards, private health information and other sensitive data to resell on the Dark Web.

This is partially true. But do people really appreciate what the attack surface looks like right now? Internet threats are not just SQL injection attacks or attackers targeting Joomla or WordPress. We tend to hear things about phishing and social engineering, but do people really appreciate the impact these things have on their world?

GDPR – Its here, and its causing a storm inside organizations… but not everything can be solve by technology!

GDPR - Its here, and its causing a storm inside organizations… but not everything can be solve by technology!By António Relvas on 15 February 2017

GDPR, data privacy, data protection, gdpr, general data protection regulation, dpo, data protection officer
It was being prepared for years, and its here, and the date of may 25th 2018 is feels like to be a game-changing in several ways:

– Companies needs (should) to do a full approach in security, this means that from the implementation of an adequate corporate culture to the change of IT systems design and implementation, everything needs to be address. Article 30 of the GDPR sets out the security requirements that businesses are expected to satisfy. It requires that businesses must implement “appropriate” technical and organisational measures to secure personal data, taking account of the risk presented to individuals if the security of that data were to be breached. So even physical security needs to be address in a way to prevent inappropriate access to information.

Measuring the Impact of Cyberattacks: Lost Revenue, Reputation & Customers

Measuring the Impact of Cyberattacks: Lost Revenue, Reputation & Customers

CISOs are feeling the pressure when it comes to cybersecurity management, but new data from Cisco’s annual report may help in getting them the buy-in they need.
impact of cyberattacks, cyber attacks, cybersecurity costs, cybersecurity leadership, data breach costs, data breach response, phishing scams
The Cisco 2017 Annual Cybersecurity Report, released 1/31/17, outlines some of the major trends and risks facing enterprises, compiling data from surveys of approximately 3,000 CISOs.

According to Cisco CISO Steve Martino, enterprises are realizing that losses from data breaches and cybersecurity vulnerabilities have tangible repercussions for the business. As a result of public breaches, 29 percent of security professionals surveyed say their organizations experienced a loss of revenue, and 38 percent of that group said revenue loss was 20 percent or higher. Security professionals also cite rising losses of opportunity and customers after cyberattacks.

The Future Of Privacy And Customer Experience

The Future Of Privacy And Customer Experience

When a grocer offers loyal customers special deals those customers are happy – but when those same customers realize an insurance provider tapped into deeply personal information found in their private online conversations and social media, those customers are furious. Data privacy is a fluid concept according to the Economist. A recent survey from EY shows half of digitally savvy customers were happy to share more data with their bank if they got something back but it depends on context.

Another study from the Annenberg School for Communication at the University of Pennsylvania tells a different story – that most people are strongly opposed to the idea of trading personal data for more personalized experiences. The report, titled The Tradeoff Fallacy: How Marketers Are Misrepresenting American Consumers And Opening Them Up to Exploitation suggests that most people are strongly opposed to the idea of trading personal data for more personalized experiences.

Data Privacy for Small Businesses

Data Privacy for Small Businesses

A recent study by IDC found that consumers are overwhelmingly concerned about their data privacy. Eighty-four percent of the 2,500 U.S. consumers polled by the research group said they were worried about the security of their personally identifiable information (PII). Seventy percent said their concerns have heightened over the past few years.
data privacy, Data Privacy for Small Businesses
As more of their business lives and personal behaviors are being tracked, people are beginning to feel the effects of a hyperconnected world. Seeking greater anonymity, consumers may turn against companies that play fast and loose with their private data.

Data Privacy: Play Privacy As A Team Sport

Play Privacy As A Team Sport

Protecting digital privacy is a job no one can do alone. While there are many steps you can take to protect your own privacy, the real protection comes when we recognize that privacy is a team sport. So just don’t just change your tools and behavior to protect your own privacy—encourage your friends, family, and colleagues to take action, too.
data protection, data privacy

Don’t just install an end-to-end encrypted messaging app like Signal or WhatsApp. Encourage others to join you, too, so that you can all communicate securely. Beyond protecting just your communications, you’re building up a user base that can protect others who use encrypted, secure services and give them the shield of plausible deniability. Use of a small secure messaging app made for activists, for example, may be seen as a signal that someone is engaged in sensitive communications that require end-to-end encryption. But as a service’s user base gets larger and more diverse, it’s less likely that simply downloading and using it will indicate anything about a particular user’s activities.

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Cybersecurity Skills Gap Leaves 1 in 4 Organizations Exposed for Six Months or Longer

Sophisticated cybersecurity defenses are increasingly in high demand as a cybersecurity attack is now viewed as an inevitability. However, a majority of surveyed organizational leaders fear they are ill-equipped to address these threats head-on.
cyber security, Cybersecurity Skills, cybersecurity, security training, security gap

According to a new cybersecurity workforce study by ISACA’s Cybersecurity Nexus (CSX), only 59 percent of surveyed organizations say they receive at least five applications for each cybersecurity opening, and only 13 percent receive 20 or more. In contrast, studies show most corporate job openings result in 60 to 250 applicants. Compounding the problem, ISACA’s State of Cyber Security 2017 found that 37 percent of respondents say fewer than 1 in 4 candidates have the qualifications employers need to keep companies secure.

The 6 Highest-Paying IT Certifications

The 7 Highest-Paying IT Certifications

If you’re thinking of launching a career in information technology (IT) or of getting certified for something you’re already doing in IT, then there are a host of certifications available that you should consider pursuing. Whether you’re interested in networking, security, or systems administration, you’ll be able to find an IT certification that can help launch or enhance your career.

But let’s be honest: You’re after the big bucks. With that in mind, this article lists the top seven highest-paying IT certifications, what each job pays, and what the work entails.

Can You Measure Your Building’s Penetration Risk?

Can You Measure Your Building’s Penetration Risk

How can you measure your risk of unauthorized entry? Until now, it’s been virtually impossible. When it comes to security entrances, new analytics technologies (e.g. PSIM, IoT, etc.) are emerging, and it’s becoming possible to use technology, combined with people, to tap into security entrance metrics as part of an overall physical security strategy.
Risk, risk management, access management, security management

Measuring penetration risk is about prediction, and to accurately predict requires a reliable tailgating prevention strategy, otherwise any PSIM or other available analytical tool will fall short. In this article, we’ll talk about the challenges security professionals face related to penetration risk measurement; later, in a second article, we’ll demonstrate how a tailgating prevention strategy actually works and the metrics that can help predict your risk of penetration.

43% of Organizations Grade Their Cybersecurity “C” or Worse

43% of Organizations Grade Their Cybersecurity “C” or Worse

More than one in four organizations have been breached in the past 12 months, while 23 percent aren’t sure if they have been breached or not.
cyber security, cybersecurity, IT security, security training

When asked to grade their organization’s cybersecurity program, 43 percent of survey respondents gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

That’s according to the 2017 Cybersecurity Report Card by DomainTools, which also found that one-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.

After a terrible year for cybersecurity, will 2017 be any better?

After a terrible year for cybersecurity, will 2017 be any better?By Help NET Security on 9 January 2017
cyber security, cybersecurity

From a cybersecurity perspective, 2016 was a very devastating year for companies, schools, government agencies, organizations and even presidential campaigns. What we’ve learned from a record year for breaches, hacks, phishing, malware, and ransomware is what we’ve known all along: cyber criminals are clever and they are not bound by any rules or real strategy.

We also learned that no company, government agency, or organization is safe if they are in the bullseye of those determined to breach their networks. Hackers really have a single goal: to steal data or financial assets, crippling organizations in the process. Stolen data, such as passwords, social security numbers, personal information and possibly bank account credentials, is generally sold on the black market. This was the case in the first big U.S. hack of 2016.

CSOs and CISO are under pressure

CSOs and CISO are under pressureBy Security Magazine on 7 January 2017
CISO, CSO, cyber security, cybersecurity

Under pressure!  No, not the 1982 hit song by Queen that was used in the 1997 American comedy crime film Grosse Pointe Blank. I am describing the likely 2017 work environment for CSOs and CISO. If CSOs and CISOs thought they were under pressure in 2016, it is about to increase and go beyond the usual. Traditional increases in pressure were due to the growing rate of data breaches and the number, complexity and success rates of cyberattacks. All of those pressures will increase from 2016 to 2017, but wait there’s more!  There will be multiple new reasons for the increase and the impact they will have will be different. The pressure will come from as high as you can go within your organizations as well as being driven by business management. Here are just a few drivers of the increased pressure.

Cybersecurity Tips for the Break Room and Boardroom

Cybersecurity Tips for the Break Room and BoardroomBy Security Magazine on 5 January 2017
c-suite security metrics, cyber security education, cybersecurity awareness, cybersecurity leadership, security training, cybersecurity

Every day we are updated about the latest cybersecurity breaches – whether it’s Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine.

Vermont Electric Company Finds Russian Malware on Computer

Vermont Electric Company Finds Russian Malware on ComputerBy Security Magazine on 2 January 2017
cybersecurity, grid security, malware, utility security
Burlington Electric, which serves 19,600 customers in Vermont, said it found malicious software on company laptop, and it’s blaming the Russians.

Burlington Electric noted that the malicious software on a computer was not connected to its grid control systems.

Both the Department of Homeland Security and the utility said there are no indications that the electric grid was breached, reported CNN.

Burlington Electric General Manager Neale Lunderville told CNN that the utility found an Internet address that was associated with recent malicious cyber activity, and that IP address was communicating with a company computer.

What is next in cloud and data security for 2017?

What is next in cloud and data security for 2017?By Cloud Buzz on 29 December 2016
Big Data, Cloud Computing, Contributors, Digital Transformation, Security, data security
It has been a tumultuous year in data privacy to say the least – we’ve had a huge increase in data breaches, including some of the largest in history; an uncertain future when it comes to cybersecurity policies; new European regulations that have major implications for U.S. companies; and yet, business carries on. Despite all the challenges and risks, businesses will continue to move forward on digital transformation, cloud adoption and mobile adoption, all with an eye on cybersecurity.

These are the biggest trends that I see carrying us into 2017:

Infographic: IoT Internet of Things Cyber Security Concerns

Internet of Things Cyber SecurityBy Cloud Buzz on 29 December 2016
Cloud Computing, Infographic, Internet of Things, Security
Technology is moving forward at a rate we have never seen before. While the internet was something we once needed a computer to access, it can now be accessed on an endless number of remote devices thanks to Cloud technology and a relatively new term called the “Internet of Things “. However, there are also concerns about a world that connects technology in such a way as seen with the recent attacks. More devices connected via the cloud mean more opportunities for hackers to access and/or steal your data.

When Prevention Isn’t Enough: Security Best Practices for During and After a Breach

When Prevention Isn't Enough: Security Best Practices for During and After a BreachBy Biz Tech Magazine on 23 December 2016
Security Best Practices
Even if they have strong defenses in place, IT leaders must know how to respond quickly and effectively to attacks.


Cybersecurity threats pose challenges to organizations of all sizes, across every industry. Cyberattackers, phishing attempts, network eavesdropping, malware and many other threats jeopardize the confidentiality, integrity and availability of IT resources on a daily basis. IT leaders must clearly understand these threats and develop security controls that allow them to remain vigilant as these threats evolve in sophistication and targeting.

Network Security Requires More than Technology

Network Security Requires More than TechnologyBy Biz Tech Magazine on 28 December 2016
security, threat prevention, network management
The latest technology keeps pace with malicious attacks, but empowering employees remains the first line of defense.

Whether you’re working within a small practice or a large hospital system with 10,000 users, you need to worry about cybersecurity.

The “bad guys” — the people trying to break into your system — are getting more sophisticated every year. No one can stop every break-in. Instead, IT must keep an eye on how best to reduce the number of breaches and minimize the damage of successful hacks.

Solutions include a combination of available technology, but also point to the need to truly address the human factor in network security.

A 4-Phased Approach to Improving Data Center Security

A 4-Phased Approach to Improving Data Center SecurityBy Biz Tech Magazine on 1 January 2017
Data Center Security
Security threats are increasing, but this high-level roadmap can help organizations better defend the data center.

Enterprises employ a wide variety of data center architectures. Some opt to run a private, single-organization facility with dedicated physical servers for each application. Others choose a public cloud facility that hosts virtual servers for hundreds or thousands of customers. All of these data centers have something in common: the need to protect the security of their applications and data from a growing number of sophisticated threats.

2017: The Imperative of Innovation and Change

2017: The Imperative of Innovation and ChangeBy Secure Magazine on 1 January 2017
Security enterprise services, security leadership and management, security leaders, security planning, security roadmap, security technology, Innovation and Change

Like many of you, I have been highly focused on end-of-year budgeting and planning leading into January 2017. One of our core values is to hold a Strategic Action Planning (SAP) team meeting every year. I choose the leaders who will be at the table by determining their influence on our culture. Title is not as important as adherence to our values and our core operating processes that ultimately fulfill the expectation of value to our partners and clients.

4 Components of an Effective IoT Security Strategy

Internet of Things SecurityBy BizTech on 19 December 2016

IoT Security, information security, threat prevention
Recent breaches have shown the vulnerability of the Internet of Things, but IT departments can defend against hackers with a multifaceted approach to security.

While driving a Jeep Cherokee through downtown St. Louis in July 2015, Andy Greenberg felt a sudden blast of air from the vents. The radio mysteriously changed stations, music began blaring and the windshield wipers started. The situation went from perplexing to frightening when Greenberg stepped on the gas pedal but couldn’t accelerate as he watched an 18-wheeler approach in his rearview mirror.

Mitigating internal risk: Three steps to educate employees

Risk ManagementBy Help Net Security on 20 December 2016

cyber risk, risk management, security awareness
IT security is usually focused on how to prevent outsiders with malicious intent from causing harm to your IT systems and data. While this is a valid concern, people within organizations who simply do not understand the consequences of their everyday habits and behavior on company computers pose an equivalent if not greater risk.

Every person within a company that has access to information is a gateway for data exfiltration. This is why education for ALL employees that encourages following best practices for IT security safety is extremely important to implement within organizations. So where should you start? Take 3 easy steps.

5 Tips for improving enterprise cloud success in 2017

Enterprise CloudBy Cloud Tweaks on 19 December 2016

cloud computing, cloud security

Improving Enterprise Cloud

There has been an increase in the adoption rate of cloud technology to help businesses keep capital investment and maintenance costs down while benefiting from flexibility and rapid up and down-scaling as needs dictate. However, to maximize the benefits of cloud, companies have to overcome a number of challenges and mitigate various risks. As plans are drawn up for 2017, it is worth considering these tips for improving cloud success in the enterprise.

Is Big Data becoming an important and possibly expensive form of currency ?

Big DataBy Cloud Tweaks on 19 December 2016

Big Data, Cloud Computing
When we think about currency in the world, we often go the pieces of paper money we all keep in our wallets or the numbers on the screen when we look at our bank accounts online. While this is the case for most people, anything that can hold value can be seen as a form of currency.

And in the “ever-evolving” world of technology, data is quickly becoming the next important and expensive currency in the world. Data is critical for almost anything from marketing a new product, helping a business run smoothly and much more.

How Well Do You Understand Today’s Threats to Data Center Security?

A Day in the Life of a Security ConsultantBy Biz Tech Magazine on 16 December 2016

Data Center Security, cloud, firewalls, threat prevention

Yesterday’s security approaches won’t necessarily work today.

The original model for data center security was based on the assumption that threats were external. The security architecture to defend these facilities focused on establishing a network perimeter between the data center and the outside world. The basis of this perimeter was a firewall, which would examine all north-south traffic, which flowed between the data center and the internet. The firewall looked for violations of security policies and other indications of suspicious activity in this data traffic. It then took actions such as blocking traffic, logging additional information and notifying human administrators.

The difficult path to cyber resilience

A Day in the Life of a Security ConsultantBy Help Net Security on 19 December 2016

cyber resilience

Global organizations are more confident than ever that they can predict and resist a sophisticated cyber attack, but are falling short of investments and plans to recover from a breach in today’s expanding threat landscape.

A Day in the Life of a Security Consultant

A Day in the Life of a Security ConsultantBy Security Magazine on 13 December 2016

risk assessment, risk mitigation, security career, security consultant, security inspections

A lack of skilled staff remains the top security concern for organizations, according to the State of Security Operations Report. One way organizations can mitigate this challenge is to hire security consultants. These professionals work closely with their clients to help solve issues, implement best practices, and provide guidance. While there are no two days that are alike, here’s my typical day in the life as a professional security consultant:

The High Cost of Not Doing Enough to Prevent Cyber Attacks

The High Cost of Not Doing Enough to Prevent Cyber AttacksBy Security Magazine on 13 December 2016

cyber attacks, cyber security, cybersecurity

Organizations are in a difficult place when it comes to protecting themselves against the current cybersecurity threat environment. Many companies believe that they’re too small to be a hacker’s target. However, given the wide range of businesses and organizations being hit on a daily basis, this couldn’t be farther from the truth. If your organization has data, and every business does, you are a worthy and potentially lucrative target for cyber criminals.

12 tips for implementing secure business practices

12 tips for implementing secure business practicesBy Help NET Security on 12 December 2016

backup, CXO, insider threat, Internet of Things, passwords, phishing, PoS, strategy, tips

Security experts prepared a list of a dozen tips for implementing secure business practices during the 2016 holiday season.


1. Limit temporary worker privileges

Many organizations employ temporary workers during the holidays to address increased demand for their products or services, and backfill employees on vacation. Criminal organizations know this and seek to take advantage of the potential “insider threat,” specifically that temporary workers may be less familiar with corporate policies and practices. Organizations should limit temporary employees’ access to corporate systems based on those individuals’ needs to do their jobs. Therefore, if a criminal successfully social engineers a temporary worker in order to carry out an attack on the organization, the fraudster’s access to sensitive company data will be kept to a minimum.

The new CISO imperative: Solving the information management paradox

The new CISO imperative: Solving the information management paradoxBy Help NET Security on 13 December 2016

information management, information security, cxo

According to Cybersecurity Ventures’ Cybersecurity Market Report, worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021. However, in the drive to become more cyber resilient in 2017, organizations are extending risk management that is traditionally based on parametric measures (i.e., data loss prevention and firewalls) towards information stewardship – the proper identification, categorization and deletion of their own content, regardless of where it is saved.

Never stop learning – the need for a risk-based approach to cyber-security

Never stop learning - the need for a risk-based approach to cyber-securityBy Security Magazine on 1 December 2016


It probably comes as no surprise to IT security professionals that cyber-attacks are now becoming more sophisticated and more commonplace. For years, cyber-experts have been warning that we are entering the “age of the cyber-attack,” predicting that a digital attack will now bring about the end of civilisation rather than a nuclear war. While this is clearly an extreme example, what is surprising is how ubiquitous and effective cyber-attacks have become, despite vendors and experts warning about their risks for over a decade. However, even if an organisation has a robust cyber-security policy in place, this alone is not enough to protect it from cyber-attacks. Trust us, we know because we’ve been there.

Hackers are holding San Francisco’s light-rail system for ransom

Hackers are holding light-rail systemBy The Verge on 27 November 2016


San Francisco Municipal Railway riders got an unexpected surprise this weekend after the system’s computerized fare systems were apparently hacked. According to the San Francisco Examiner, the MUNI system had been attacked on Friday afternoon.

MUNI riders were greeted with printed “Out of Service” and “Metro Free” signs on ticket machines on late on Friday and Saturday. MUNI first became aware of the intrusion on Friday, according to the Examiner.

How security collaboration will prove vital in 2017

By Help Net Security on 22 November 2016

The escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July’s Democratic National Committee email leak and its ripple effect through American politics. The group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet’s security.

Was your data breach an inside job?

By Help Net Security on 22 November 2016


Kaspersky Lab revealed the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.

5 Cybersecurity Priorities for Every SMB in 2017

By BizTech Magazine on 18 November 2016


Follow this checklist of the most-urgent cybersecurity items — including phishing scams, password protection, malware and ransomware — to keep your company secure in the year ahead.

One security advantage small and medium-sized businesses had for years was simply being small.

Given a low profile, most SMBs could fly under the radar when it came to information security, hoping they were obscure enough not to catch anyone’s attention. That advantage is gone.

7 Strategies to Defend Against Supply Chain Risks in the Digital Era

By Security Magazine on 8 November 2016

With the rise of digital and cloud technologies, business models have evolved greatly. In recent years, we’ve seen an increasing number of businesses that are essentially “born in the cloud,” with infrastructure that is fully supported by cloud services. For example, Amazon Web Services (AWS) makes it affordable and easy to start an online company that can scale to compete with larger, well-funded rivals. Similarly, YouTube makes it easy to create and distribute promotional videos, while other social media channels, such as Facebook and Twitter, enable company messaging and marketing campaigns to reach millions around the world. The internet and the cloud are the great equalizers – allowing startups to effectively compete with established companies of any size.

More than 75% of Europeans click on links or open malicious attachments

By SC Magazine UK on 16 November 2016

More than 54 million Europeans have been victimised by online crime in the past year as hackers take advantage of consumer complacency.

New research from Norton shows that despite spending $8.7 billion (£6.9 billion) and an average of 12.7 hours per victim dealing with the consequences, Europeans affected by cyber-crime in the past year are the most likely to continue engaging in risky online behaviour. Nearly 21,000 consumers worldwide, including more than 6,000 from six European countries, were surveyed.

The Challenge of the CISA Exam

By Maria do Carmo Couto a 17 Novembro de 2016

The Certified Information Systems Auditor (CISA) is a globally recognised certification in the field of audit, control and security of information systems. CISA gained worldwide acceptance and has a high degree of visibility and recognition in the fields of IT security, IT audit, IT risk management and governance.

It’s well known that the employers are requesting for new candidates to have this certification for IS audit, Control and Security vacancies. Having this certification will make you go far up the job ladder!

The 10 Easiest Passwords to Hack

By Security Magazine on 7 November 2016

A new research paper has listed the top-ten least-secure passwords currently in use online.

Published by Lancaster University in collaboration with China’s Fujian Normal University and Peking University, the study is based on a leaked Yahoo database of personal information.

Preparing for the holiday shopping season? Cybercriminals are getting ready as well

By Help Net Security on 15 November 2016

The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday. Retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.

Compromised: 339 million AdultFriendFinder users

By Help Net Security on 14 November 2016

Friend Finder Networks, the company that operates sites like (“World’s largest sex & swinger community”), and (“Where adults meet models for sex chat live through webcams”) has been breached – again!

In May 2015, the number of affected users was around 3.5 million, and the leaked information contained information like marital status and sexual preferences.

Taking information security management to another level with a new standard for specific market sectors

By ISO on 15 August 2016

With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that the ISO and IEC standard for information security, ISO/IEC 27001, has become so widely used. A new standard just published will take that a step further, helping to apply the requirements of this flagship standard to specific sectors.

Organizational Resilience – the big concept these days

by António Relvas on October 27, 2016

What is Resilience in an organization? The definition that is widely accepted is that “organizational resilience” is the “ability of an organization to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.

Ok, the above definition is a great one, but how to achieve resilience in an organization? This is the tricky part, and there are two ways (that can work).

Good Risk Management Practices. Are you at risk?

Risk Management

Risk management is about managing threats and opportunities. When is effective it is often unnoticed, but when it fails, the consequences can be dramatic, and this applies to everyone.

You are a risk manager and you may not know it, but we all make decisions and risk arise as a consequence of decisions we make. So, if you think about it for a moment, it becomes clear to you that when you make a decision, you anticipate and visualize the possible consequences of that decision in (near) future, and then you rethink the decision and decide.

Why you should consider implementing ISO 27001?

implementing ISO 27001

Many senior executives associate ISO 27001 with IT, but take this out of your mind. ISO 27001 is about information. Is about managing the security risks and threats that can affects integrity, confidentially and availability, and guess what, it is applicable to all organizations.

So, why should you consider implementing ISO 27001?

Cybercrime is more active than ever. And what are you going to do about it?


The pressure is on, regardless the security maturity level of any organization.

After an incredibly year for security incidents, intrusions and data loss, it is obvious that cybercrime have advantage. Hackers are operating with different requirements and motivations, and employing increasingly sophisticated techniques.

According to Cyber Threat Report Yearbook, the number of successful cyber-attacks on business of all sizes, during the four-year period between 2010 and 2014, increased by 144% and the cost of cyber crime per company increased by 95%.

New course Implementing the NIST Cybersecurity Framework using COBIT®5

NIST Cybersecurity Framework using COBIT 5

It’s official: The NEW Course and certification exam Implementing the NIST Cybersecurity Framework using COBIT®5 was released today.


As an ISACA COBIT® 5 Licensed Training Provider and as APMG ATO, Behaviour Group is proud to announce that the new offical course and exam from ISACA, Implementing the NIST Cybersecurity Framework using COBIT®5, is already included on our training catalogue and the 1st event date is open to candidates registration.

This course and exam allows the professionals to achieve an enhanced level of certification that was created by ISACA in response to the need for integrating the worldwide recognized framework COBIT®5 and the recently (Fev 2014) launched Cybersecurity Framework (CSF), developed by NIST in

Implement ISO 22301 Management System

Implement ISO 22301 Management System

ISO 22301 – Business Continuity Management Systems – help organizations, regardless of their size, location or activity, to be better prepared and more confident to deal with any disruptive incident.


Disruptive incidents can impact the normal operations of an organization at any time. Implement ISO 22301 Management System helps organizations to be better prepared to manage this disruptive events and to achieve an high level of resilience in a way that can continue to operate during and/or after this events occurs.

Ready for ITIL, better prepared for ISO 20000 Audit

Ready for ITIL, better prepared for ISO 20000 Audit

ISO/IEC 20000 was design to align with ITIL® Best Practices and describes an integrated set of management processes for the effective delivery of IT services to the business and customers.

The adoption of ITIL® processes over the last decade has undoubtedly transformed the quality, relevance and timeliness of IT service delivery and it has enabled the creation of customer and business focussed services and improved the cost/ value equation.

The power of COBIT® 5


COBIT® is an unusual or strange-sounding word for many, however is an acronym that is becoming increasingly recognized by auditors, IT professionals, and many enterprise managers.

COBIT® is an important internal control framework and an important support tool for documenting and understanding internal controls and recognizing the value of IT assets in enterprise. A general or working knowledge of COBIT® should be an IT auditor requirement.

If you have IT challenges to manage in your enterprise, such us Cloud Computing, Information Security, Big Data, Data Privacy, know that you do not

In 2015 you have a chance to become victim of cybercrime

According to Microsoft, cybercrime is a booming business for organized crime groups all over the world. Those groups of cybercrime aim to profit, from any security lapse they can find: identities, passwords and money. Not protecting your organization these days is equivalent to leaving the doors and windows of your house unlocked.

So when it comes to cybersecurity, there is a lot of work to do to persuade individuals, small businesses, enterprises and government institutions to change their behaviour. 

ISO 28000: Best Practices for Supply Chain Security

When suppliers are unable to deliver, or customers are unable to purchase, the ability of an organization is compromised. ISO 28000 is the answer to promote resilience at every step of the supply chain.

Designed to protect people, goods, infrastructure and equipment, ISO 28000 will help your company to better assess security risks in supply chain and to implement appropriate controls to manage potential security threats.

Apply the four steps method of implementation proposed on training and make the transition to ISO 28000 in your company. Do not complicate what is simple! Discover all ISO 28000 courses

The next generation of information security leaders

The CISSP course will assist all the participants who attend it to keep up to date their knowledge in the top 10 information systems security domains.

All activities in this course will enhance and increase participants’ knowledge in the area of information systems security, providing them the needed knowledge for the development of their professional careers.

The growing demand of people who are able to manage and drive the strategy for information security within organizations makes the CISSP course a reference for professionals in the field.

The Goal of the Risk Manager

Risk management is the understanding, assessment (including prioritization) and treatment of risks, from highest to lowest, taking into account factors such as: the impact of a risk event may have; the likelihood of this risk event happens; and of course, the means involved for dealing with this risks.

The prioritization of risk management activities is essential, instantly identifying the risks with higher or lower impact and the likelihood of happen and of having impact on the business.

Often, a decision on risk management involves making choices between what we thought that may happen, based on past events (if possible), and what we

To risk or not, ISO 27001:2013 is the answer

The idea of the new ISO 27001:2013 is to provide a more flexible approach to lead to more effective risk management, regardless of the standards that have already been implemented or intended to implement. ISO 27001:2013 will help your company to manage and protect information, by helping you to identify the inherent risks and to put in place the appropriate controls to help you to reduce those risks.

Apply the four steps method of ISO 27001 implementation, proposed on training, and implement ISO 27001 in your company. Do not complicate what is simple! Discover all ISO 27001 courses

ISO 27001 for all businesses

Small businesses are also a target of ISO 27001. It is misleading to think that information security is a concern of large companies.

Whether you decide to implement the standard in order to benefit from the best practices it contains, or you choose to get your company certified to gain more trust in the market, ISO 27001 will help your company to manage and protect information, by helping you to identify the inherent risks and to put in place the appropriate controls to help you to reduce those risks. Risks are not only in large companies, are in all companies.

ISO 22301 can save your business

The implementation of ISO 22301 is the answer to ensure that operations continue, that products and services are delivered in pre-defined levels, the activities of creating value are protected, and that the reputation and interests of stakeholders are safeguarded whenever disruptive incidents occur.

So when a company is faced with the threat of sudden interruption of its operations, with ISO 22301 implemented that company will be prepared to respond quickly and effectively, for reducing the impact on the failure of services.

Apply the four steps method of ISO 22301 implementation, proposed on training, and implement ISO 22301 in your company. Do not complicate what is

ISO 20000 and ISO 27001 can improve your experience with Cloud Services

The model of Cloud computing products and services bring great benefits to users and companies in the terms of IT agility, flexibility, scalability, and cost reductions. However, in the costumer view, migrating to the cloud raises concerns particularity about how secure is the information and applications storage.

Implementing and become certified on ISO 20000 and ISO 27001 will improve processes, performance, global quality, services and security management.

These standards will improve company levels of business continuity planning, by identify and manage the increasing level of threats, vulnerabilities and risks that may impact the business to ensure availability of service and support functions.

BEHAVIOUR® launches training on the new standard ISO 55001 – Asset Management

BEHAVIOUR® released the new training and qualification programs on ISO 55001:2014 standard. These programs have three levels and are intended to all professionals who are wanting to acquire skills in the area of ​​asset management.

These courses, ISO 55001 Foundation, ISO 55001 Lead Implementer and ISO 55001 Lead Auditor, aim to provide and qualify professionals with the skills needed for implementation and audit of an Asset Management System in an organization.

The challenge of defining ISO/IEC 27001 ISMS Roles and Responsibilities

Define the needed roles and responsibilities required for ISMS, based on ISO/IEC 27001:2013, is not always an easy task.

A common approach is starting defining the CISO (Chief Information Security Officer) role or the ISMS manager role.  Ensuring that ISMS is in conformity with requirements of the standard and clear responsibilities on reporting performance of the ISMS to the top management are critical for ensuring conformity with clause 5.3 of ISO/IEC 27001:2013.

Behaviour is always bringing value to you

Every company is interested in helping their clients to achieve their goals, not simply making sales. 

This is important too, of course, but doing our job with passion, putting our efforts to deliver an excellent service, improving ourselves everyday as professionals and as persons, creating a good delivering environment, with good tools, excellent professionals that are committed to learn more, to know more, just to deliver better, to support clients better, or to better serve clients, at the end this is what, definitely, really matters and this is what guarantees the sales.


When we talk about training, we say that training is not just training. A course is not a program, a room, a trainer and a training manual. A training course is not the same in every place. If it was, everyone could

Facing the Challenge of the CISA® Exam

By Editor em 7 de Maio de 2014

The Certified Information Systems Auditor (CISA®) designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases audit experience, skills and knowledge, and demonstrate capability to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

With a growing demand for individuals possessing IS audit, control and security skills, CISA® has become a preferred certification program by individuals and organizations around the world.

Business Continuity, a plan is not enough!

By Joaquim Pereira on April 23, 2014

Any organization needs a strategy for business continuity. No matter if it is an SME or a Large Enterprise, with one or more physical locations or if it operates on one or more business areas. For sure, some organizations develop more critical activities than others. In some cases, some of these activities may even be directly related with the core business or if not, at least support the major processes that make the chain of value of the business, and drives the organization forward.

Ensuring continuity of the business, if a major disaster occurs, it is not an option, is a need that every organization has to fulfill.

Go further in the management of network security

By Joaquim Pereira on April 9, 2014

Network security it is one of the biggest challenges in nowadays for IT Administrators and Information Security Managers. There are too many tools, too many technologies, too many approaches and too many IT Providers setting the “standard” on how doing it.

Network Security Management it is one of the many concerns of CISO’s, CTO’s and Information Security Managers. Some select the technical solutions, that hardware and software providers wish to sell and which, according to them, are the best ones. Other providers, the “big fishes”, provide even guidance and, recently, start to include some best practices on their tools, providing additional value to their customers.

The risk to manage information security risks

By Joaquim Pereira on March 27, 2014

There are risks and risks. Risks related to the information security are just a few of which we will have to manage and treat daily. Other risks are the risks inherent to selection of the methodology and to the approach that we will follow to manage the information security risks.

Any expert in these matters will say that the use of an approach per process and the treatment of the risks identified, according to the levels of impact measured and their respective analysed probabilities, is the best strategy. In this approach are included a number of activities to be undertaken, in which are included the review and approval of risk criteria, or even other activities that, more or least accurate, provide the respective perspective on the risks which

How can the best IT services get even better?

By Joaquim Pereira on March 11, 2014

The answer to this question is simple: through continual improvement.

On today’s business environments, technologies take an important role as being one of the key elements for the success of any business. Due the large number of technologies available, is not always easy to choose the one that fits and responds as needed by the business. Even after we choose one possible technology or product, we still need to operate it, assign a responsible for it, make changes as needed, and improve it. Also, someone needs to see far ahead and plan when this technology needs to be replaced, by which type of technologies or products will be replaced, and what all of this will improve.

The Best 2015 Information Security Certifications

Information Security Certifications

If you are seriously thinking about advancing in your career in the IT field with a specialization in security, then you need to consider to properly prepare to become certified in the 3 top Information Security Certifications and well-respect credentials: CEH, CISSP and CISM.

CEH training will help you to achieve skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial of service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls and honeypots, and more.

Transition to ISO 27001:2013

By Joaquim Pereira on February 5, 2014

ISO/IEC 27001 was released in 2005 and adopted worldwide as the International reference for Information Security Management. In 2013 was launched the new version of the standard in order to align the requirements of standard to the current requirements of organizations, business and emerging technologies.

Thus the organizations certified on ISO/IEC 27001:2005 can be audited and can re-certified on this version until October 1, 2015. After this date, all organizations will be audited and re-certified in the new version of the standard.

Behaviour now accepts PayPal for online registrations purchase

Behaviour is offering to its customers a new way of pay through the online registration process for applications done directly on the website: PayPal. Now, it is possible to enroll in a course and ensure your seat in the course you pretend to participate. This innovative virtual method allows you to send and receive payments through the Internet, in a simple, convenient and safe way for several countries in the world.

Business Continuity, a strategy inherent in our daily life

by Joaquim Pereira on March 22, 2013

It is common in our daily life and in our nature adopt strategies that allow us to prevent or even mitigate the result of common situations inherent in our daily lives.

In our house we adopt strategies for prevention, detection or response, for example through the installation of an alarm – which aims to deter, detect and guarantee a response by the authorities in case of attempted robbery – the installation of an armored door, a lock reinforced, or even the insurance cover for filling the same. These strategies allow even prevent or mitigate the impact of certain inherent threats, human or environmental, such as theft, fire, flood,

Publication of ISO 22301, the new international standard for business continuity management

Lisbon, PORTUGAL (May 16, 2012) – ISO has officially launched ISO 22301, “Societal security – Business continuity management systems – Requirements”, the new international standard for business continuity management. This standard will replace the current British standard BS25999. Continued operations in the event of a disruption, due to a major disaster, are a fundamental requirement for any organization. ISO 22301, the world’s first international standard for business continuity management (BCM), has been developed to
help organization minimize the risk of such disruptions.

Guaranteed Dates Program

All courses have guaranteed dates, so all public dates presented on the site are guaranteed to occur. You can schedule and plan ahead.

Behaviour launches program Guaranteed Dates in all training offer. This program provides the opportunity to acquire knowledge and skills without, professionals and companies, have to wait for other professionals and companies to have the same training needs for the course to start.

This program Guaranteed Dates focuses its action in the specific needs of a individual or