Security Education & Training What pitfalls can complicate background checks? How can you build a better whistleblower program? Learn a different skill monthly with Education & Training.
- Bowdoin College’s Office of Safety and Security earns accreditation from IACLEAon April 15, 2021 at 2:03 pm
Maine’s Bowdoin College announced that its Office of Safety and Security achieved accreditation from the International Association of Campus Law Enforcement Administrators (IACLEA).
- April’s Cybersecurity & Geopolitical podcast is up!on April 15, 2021 at 11:28 am
Episode three of the Cybersecurity and Geopolitical video podcast is up and ready for viewing! We are also now offering an audio version to listen to anytime, anywhere, including from Apple podcasts.
- The force of biometrics in post-pandemic financial services securityon April 15, 2021 at 4:00 am
Biometric technology, and specifically its most modern iteration, facial recognition, has found its way into security systems essential to everyone. We rely on it to safeguard some of our most prized belongings, including our smartphones, laptops and now, with Apple Pay, even our bank accounts and credit cards. Security experts applaud facial recognition as one of the most secure and efficient means of authentication available today. Why then, has the industry most hinged on security and identification – Banking, Financial Services and Insurance (BFSI) – been so slow to adopt this new wave of technology?
- Mike Matranga launches M6 Global to serve K-12 communities, universities, corporate environments, etc.on April 14, 2021 at 1:58 pm
A 2020 Most Influential in Security, Michael Matranga announced the launch of M6 Global, a team of the nation’s top security and emotional intelligence experts, to provide holistic plans for safe communities and workplaces.
- New England College of Optometry implements contact-tracing wearables to boost COVID-response and enable in-person learningby [email protected] (Maggie Shein) on April 13, 2021 at 3:03 pm
The New England College of Optometry (NECO) formed a COVID-19 Task Force and began exploring ideas to enable in-person learning at the school in a safe, effective and well-planned manner. One of the solutions that NECO implemented is a contact-tracing tool that allows the school to respond immediately to report of an infection, accurately and effectively, without relying on a sign-in sheet or a person’s recollection of their previous contacts.
- Touchless access control solutions look to alter the landscape of higher educationon April 13, 2021 at 4:00 am
The reality is that most institutions of higher learning have decided to open their campuses this fall regardless of the political rancor, adding the specter of a deadly pandemic to an already challenging campus security environment where campus shootings, physical violence to women and theft usually occupy the top threat metrics for college security administrators. Because college and university campuses have thousands of students and faculty traversing a wide swath of buildings all day, every day, having an access control solution that not only addresses the security aspect of this population, but now one that must also handle myriad safety and health concerns due to COVID-19 to lessen the likelihood of the virus spreading, is a top priority.
- April is National Supply Chain Integrity Monthon April 12, 2021 at 12:08 pm
In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains.
- Staying healthy & virus free digitallyon April 9, 2021 at 4:00 am
In the United States, February is often considered the last peak month of flu season. We are all accustomed to the unpleasant coughing fits and runny noses that accompany winter’s chill. However, in a turn of events, the common flu has been relatively uncommon across the country this winter. Instead, we continue to deal with the fallout from the far more contagious—and far less forgiving—SARS-CoV-2 virus.
- Vanderbilt University Public Safety creates outreach amid national incidents of violence and social unreston April 8, 2021 at 1:43 pm
The Vanderbilt University Public Safety team is reminding students and staff that it exists to keep them as safe as possible and provide a welcoming educational environment.
- 5 minutes with Jeremy Leasher – Training the cybersecurity workforceon April 8, 2021 at 1:30 pm
Meet Jeremy Leasher, Security Solutions Architect at Axellio. Leasher believes the IT security industry is undergoing a serious skills crisis, threatening to undermine the security of commercial and government organizations. Here, we talk to Leasher about the best approach to solving this skills crisis.
- Taking a DIY approach to cybersecurity is a dangerous propositionon April 8, 2021 at 4:00 am
Cybersecurity is not a one-and-done proposition. Deterring cybersecurity threats and remediating incidents is a complex and never-ending responsibility. Malicious state actors, cybercriminals and corporate espionage are just a few sources of cyberattacks. Each one uses dozens of ever-evolving techniques to overcome security safeguards.
- How women can break the cybersecurity glass ceiling – And why we need to help themon April 7, 2021 at 4:00 am
A 2019 S&P Global study found that public companies with women at the helm were more profitable compared to those with men in the CEO and CFO seats. Women are also making big inroads in other fields including science and medicine. Yet in the tech and cybersecurity industries women still lag behind. It’s certainly not because of a lack of jobs. Though the talent shortage did ease last year, the industry as a whole is struggling to fill vacancies. There are a few reasons that women aren’t filling those seats.
- What’s the failsafe alternative to FireEye and SolarWinds?on April 6, 2021 at 4:00 am
Those on the cyber threat frontlines may view the entire FireEye-SolarWinds catastrophe through a very different lens. It’s a mile-high view that proves a thesis: why data must be smart and able to protect itself from cybercriminals – no matter where it goes, where it’s stored or who has it.
- The new rules of security: How AI will transform video surveillanceon April 6, 2021 at 4:00 am
When it comes to intelligent video surveillance in particular, AI-driven products are beginning to unlock new functionality, and even change the role video surveillance plays for companies. From better sensors to higher resolution cameras to more efficient processing units, we’re seeing an unparalleled convergence of hardware and software. And that’s creating new opportunities for everything from intelligent threat detection to personalized customer experiences. We’re just at the beginning of this journey, but it’s clear that best practices are changing. Seemingly in real-time, security professionals are reimagining how they’ll build their teams, structure engagements and define their value. We’re all still building the playbook as we use it, but here are four new, unspoken “rules” for the new world of security – and how they’ll continue to evolve thanks to AI.
- CISA, NASCAR, Talladega Superspeedway and local partners conduct joint exercise to keep GEICO 500 fans safeon April 5, 2021 at 2:20 pm
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), NASCAR, the Talladega Superspeedway, state and local first responders, law enforcement officials, and local businesses recently held a tabletop exercise to test response plans around hypothetical public safety incidents on the day of the GEICO 500.
- What you need to know about the deep and dark webon April 5, 2021 at 4:00 am
Billions of searches take place on the surface web every day. Synonymous with Google, this part of the web is indexed by search engines. Try searching your name and you’ll likely be met with thousands if not millions of results, a few of which are familiar to you – your social media profiles, bio on your employer’s website, mentions in the news. The surface, or “clear” web, is only the tip of the iceberg, as vast as it may seem. In fact, it makes up only 4% of the entire World Wide Web. A much larger chunk of the web, the deep web, lies beneath the surface and is not indexed by search engines – but it is still just as important for security professionals to monitor.
- A vulnerable internet needs global standards and securityon April 2, 2021 at 4:00 am
For a loosely connected, globally distributed system with no central governing authority, the Internet is remarkably dependable. Robust enough to cope with the unexpected, it features back-up capabilities ranging from redundant network paths to virtual servers that compensate for physical hardware failures.
- Mission-critical supply chain software: A growing operational priorityon April 1, 2021 at 10:00 am
Today, open-source code is everywhere. In fact, 99% of all codebases contain open-source code, and anywhere from 85% to 97% of enterprise codebases come from open-source. What does that mean, exactly? It means that the vast majority of our applications consist of code we did not write.
- When security and resiliency converge: A CSO’s perspective on how security organizations can thriveon April 1, 2021 at 4:03 am
Implementing a converged security organization is perhaps one of the most resourceful and beneficial business decisions an organization can make when seeking to enhance security risk management. In this era of heightened consequences and sophisticated security threats, the need for integration between siloed security and risk management teams is imperative. The need for collaboration between those two teams and the business is equally imperative. Let’s look at five more specific benefits:
- Be prepared for the first 24 hours of a cyberattackon April 1, 2021 at 4:00 am
The first line of defense in cybersecurity is taking proactive measures to detect and protect the entire IT landscape. It’s critical to have the right security systems and processes in place to find known and unknown threats before they impact your business. But you also need a bulletproof plan in case your systems are breached. You need to move very quickly to limit damage, so you should have a team experienced in handling these situations ready to jump to action, bringing along tools, procedures, and a proven methodology to stop attacks and to repair and restore whatever you can. Here are five critical factors in preparing for the first 24 hours after an attack:
- Identity and securing the remote work perimeteron April 1, 2021 at 4:00 am
Securing diverse and distributed IT environments starts with the identity plane. Modern and evolving security threats are best prevented by securing identity through many layers relying on a Zero Trust model. Zero Trust, by which I mean “trust nothing, verify everything,” can serve as a foundation for the evolution of a modern security perimeter, one virtually drawn around each individual user, from anywhere they log on. By following Zero Trust principles and establishing user identity across devices, programs, and networks, modern enterprises can pursue a security program that is adaptive, contextual, and robust enough to defend against modern threats.
- Florida State University collaborates with local law enforcement for Real-Time Crime Centeron March 31, 2021 at 3:23 pm
Florida State University is creating a Real-Time Crime Center (RTCC) that will bring together the Tallahassee area’s law enforcement agencies and some of the nation’s leading criminology researchers.
- 3 signs that it’s time to reevaluate your monitoring platformon March 30, 2021 at 3:06 pm
When is the last time you assessed your monitoring platform? You may have already noticed signs indicating that your tools are not keeping up with the rapidly changing digital workforce – gathering nonessential data while failing to forewarn you about legitimate issues to your network operations. Post-2020, these systems have to handle workforces that are staying connected digitally regardless of where employees are working. Your monitoring tools should be hyper-focused on alerting you to issues from outside your network and any weakness from within it. Often, we turn out to be monitoring for too much and still missing the essential problems until it’s too late.
- Moving manufacturing back to North Americaon March 30, 2021 at 3:00 pm
China has had a tough 2020. Intellectual property rights infringement, stealing university and U.S. government-funded research, spys routed out in public, Hong-Kong takeover, Human-right abuses, Coronavirus cover-ups, supply-chain bog downs, and the list goes on. The conclusion is that China has lost its luster with businesses in the United States and abroad. These issues are not new; instead, they have reached a boiling point where the international business community is getting leary of putting too many eggs in China’s basket. The U.S. government has certainly done its share to bring many of these things to light. And while this is happening, and companies look elsewhere to move, the possibilities of increasing North America manufacturing has become more attractive than ever.
- The cybersecurity reality distortion field: Deepfakes and other manipulated dataon March 30, 2021 at 4:00 am
Deepfakes –mostly falsified videos and images combining the terms “deep learning” and “fake” – weren’t limited in 2019 to the Nixon presentation and were not uncommon before that. But today they are more numerous and realistic-looking and, most important, increasingly dangerous. And there is no better example of that than the warning this month (March 2021) by the FBI that nation-states are virtually certain to use deepfakes to help propagate increasingly misleading campaigns in the U.S. in coming weeks.
- 5 minutes with Tony Howlett – Vendor risk management needs to be a top security priority in 2021 and beyondon March 29, 2021 at 4:01 am
The recent SolarWinds breach has brought vendor risk management into the spotlight. With 59% of data breaches being traced to third-party vendors and the average enterprise having 67 vendors with privileged access, managing third party risk is no longer optional, says Tony Howlett, Chief Information Security Officer (CISO) of SecureLink. Here, we speak to Howlett about why security and risk professionals need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability.
- The evolving role of user experience in securityon March 29, 2021 at 4:00 am
When it comes to most digital initiatives, user experience is a primary focal point. Not only is user experience a critical element in the design process, it also remains pertinent as product evolution keeps pace with business scale. As online interactions have exponentially grown during the pandemic, it has become startlingly clear that seamless and secure user experiences (UX) are necessary for success.
- 5 minutes with Darren Cooper – Organizations are fighting a daily battle against data losson March 26, 2021 at 2:00 pm
Has the pandemic and remote working created an environment of heightened risk of insider data breaches? Here, Darren Cooper, Chief Technology Officer (CTO) for Egress, speaks to Security magazine about what organizations can do to prevent data loss.
- Are “disrupted” employees a new cybersecurity threat?on March 25, 2021 at 4:04 am
Another challenge is the new home office, where spouses may be working remotely, often alongside their children attending school online. Home networks lack typical protections and bifurcations of the corporate office and may be prone to attacks using lateral movement techniques. In these scenarios, after gaining initial access through an insufficiently protected device, such as a family computer, attackers move deeper into a network, searching for other devices to compromise or obtain increased privileges. This continued probing could eventually lead to the exfiltration of sensitive corporate data or high-value intellectual property.
- 5 minutes with Jay Leaf-Clark – Getting started in cybersecurityon March 24, 2021 at 4:03 am
Have you considered a career as a cybersecurity professional, but weren’t really sure if you had the right degree or skillset needed for success? Here, Jay Leaf-Clark, Head of IT at Dashlane, walks you through how to get started in cybersecurity.