Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Anny

Pages: [1]
Cyber Security / Digital Security Act draft approved, Section 57 repealed
« on: January 22, 2019, 01:16:29 PM »
Digital Security Act draft approved, Section 57 repealed

The cabinet has approved the draft of Digital Security Act 2018 while keeping the provision for jail and fines on Monday.
If the draft is passed in the parliament, sections 54, 55, 56, 57 and 66 of the Information and Communication Technology (ICT) Act will be repealed. The approval came from a cabinet meeting held at the Prime Minister's Office on Monday.
Later in the afternoon, the details were revealed to the journalists in a press meeting held in the Secretariat by Cabinet Secretary Shafiul Alam.
When questioned regarding the viability of the law, the secretary replied: “The increase in cyber crimes and the theft of Bangladesh Bank reserves have necessitated the formulation of such a law. We had no such law to fight cyber crimes. This law will now allow for the punishment of committing these crimes.”

He added: “The law also includes the definition of 'digital', the creation of digital forensic labs and an emergency response team and the introduction of an 11 member digital security council chaired by the prime minister. Sections 17 to 38 detail the punishments for different crimes.”
He also said: “If someone changes or destroys the source code of someone's computer, he/she will be charged with three years in jail or Tk3 lakh fine or both.”
The cabinet secretary denied any allegations that the section 57 of the ICT Act has returned as the section 32 of Digital Security Act.
Section 62 says that sections 54, 55, 56, 57 and 66 of the ICT Act have been eradicated completely.
[caption id="attachment_243503" align="aligncenter" width="800"]

Prime Minister Sheikh Hasina and members of the Cabinet discuss the Digital Security Act during a weekly meeting on Monday; January 29. 2018 Focus Bangla[/caption]
When asked about the definition of “religious sentiments”, Shafiul Alam said, “The definition provided in the penal code will be implemented here.”
In section 54 (1), it has been said that the crimes falling under sections 17, 19, 21, 22, 23, 24, 26, 27, 28, 30, 31, 32 and 34 are non-bailable offenses.
But the section 54 (2) says that the crimes falling under sections 20, 25, 29 and 48 are bailable offenses.
The cabinet secretary assured that the Digital Security Act is not designed to target journalists.
Meanwhile, the proceedings concerning the cases that are still active under Section 57 will continue accordingly. However, the verdict provided by the court will be the final verdict as there will be no law to adhere to.



Cyber Security / The Future of Cybersecurity Jobs
« on: January 22, 2019, 12:46:10 PM »
The Future of Cybersecurity Jobs
--Kelly O'Hara--

Cybersecurity jobs are in high demand and it doesn’t seem like the need for more security professionals is going anywhere in the foreseeable future. Cyber attacks are only becoming more common and more harmful, and even though we tend to only hear about the attacks of high-profile entities, no company -- or individual for that matter -- with an online presence is immune to attacks.
According to the Bureau of Labor Statistics, the rate of growth for jobs in information security is projected at 37% from 2012–2022—that’s much faster than the average for all other occupations.

Computer science roles are already in high demand as it is; adding in the element of security makes these roles even more critical and sought after.

The Current State of Cybersecurity Training

With so many jobs available, and the need to fill them so dire, more colleges are offering degrees in cybersecurity, though it has yet to become a staple in undergraduate coursework for students majoring in related fields.

For many professionals currently in the cybersecurity field, they learned the necessary skills through certificate programs and in-the-field training versus degree programs. “They didn’t always teach security in college,” explained Dave Lemaire, Senior Director of Technical Operations at Dyn. “It’s one of those things that you stumble into…or get forced into."

I spoke with Diana Burley, a professor at George Washington University who was named 2014 Cybersecurity Educator of the Year, about the state of cybersecurity programs in schools. While degree programs may not be as widespread as they should be for the level of demand for cybersecurity roles, they are in fact increasing.

She explained that in 1998, the National Security Agency, in response to the President’s National Strategy to Secure Cyberspace, developed the National Centers of Academic Excellence in Information program, which sparked the increase in programs.

“In the coming years, we will see an expansion of cybersecurity content across the curriculum as all students represent entry points into the broadly defined cybersecurity workforce,” Diana stated. “Continuous professional development is critical in the field of cybersecurity because the nature of the threat continuously evolves. Many options exist for current professionals to augment their skill set; including certificates from technical training companies, additional degrees through university study, or stand-alone hands-on courses to develop specific skills. The right decision depends on specific knowledge or skill required. There is no one-size fits all.”

So as for those who are already in the field and want additional training, Dave explained that Cisco and Microsoft security training certificate programs are common among all professionals looking for certification. Further collegiate education is also an option, but with relatively few schools offering programs, with a high percentage located on the east coast or DC area, it might not be easy for professionals to find a program nearby that offers what they need.

Common Cybersecurity Positions

While cybersecurity is a common job function, it is actually not as common to see the term in a job title. When cybersecurity is within a title, most commonly it is for Cybersecurity Engineer, Specialist, Analyst, or Architect.

Jobs that require cybersecurity know-how will usually have a range of titles. The most common titles, according to the SANS Institute Cybersecurity Professional Trends survey, are Security Analyst, Security Engineer or Architect, Security/IT Director or Manager, CISO/CSO, Systems Administrator, Network Architect or Engineer, Forensics Investigator, Auditor, Systems Engineer or Integrator, among quite a few other roles. Search Monster's listing of technology jobs to find job openings with any of these cybersecurity titles.

Common skills required for cybersecurity job roles are incident handling and response, audit and compliance, firewall/IDS/IPS skills, intrusion detection, analytics and intelligence, SIEM management, access/identity management, application security development, advanced malware prevention, and cloud computing/virtualization. While these are the most common skills, most cybersecurity roles require a handful of these skills plus others.

Based on the SANS survey, the top five industries for cybersecurity professionals are Banking/Finance/Insurance, Information Technology/Management, Government (Defense), Government (Nondefense), and Consulting/Professional Services. Not surprisingly, these top industries all deal with sensitive information, which is commonly targeted by attackers.

Knowing these top industries, it is no wonder why the top locations for cybersecurity jobs are in the Washington metropolitan area, New York, and the San Francisco-San Jose metro area.

Just the Beginning

While we’ve already seen a large boom in these jobs and skill sets, it is safe to say that it is only just the beginning for the rise in cybersecurity roles. Not only will current professionals be able to easily broaden their skill sets with more security training, if colleges continue to expand their offerings, more young talent will continue to fill these roles.


4 Reasons Why You Should Consider Cybersecurity as a Profession

Cybercrime is constantly on the rise, ranging from email scams and phishing to identity theft and ransomware––all of which is planned by major crime organizations. The years 2013-2017 alone reported over 9 billion data records that were lost or stolen, of which nearly 61% was due to a malicious outside cyber-attack and 13% due to a malicious insider attack.

This increase in the prevalence of cybercrime attacks on business organizations, government infrastructures, and individuals has emphasized the importance of cyber security.

Due to the rise in cybercrime, and our reliance on the digital world, the demand for a cybersecurity workforce is expected to rise over the next few years, leading to 1.8 million unfilled cybersecurity jobs by 2022.

Choosing a career path (a decision that impacts your whole future) is not an easy choice and no one can make that decision for you. However, here are a few important pointers to help you make the right decision.

Here are a few reasons why you should pursue cybersecurity as a profession.

1. The Demand is Extremely High

Cybersecurity is an evolving professional field that has a consistent need for advanced professionals to ensure the safety of cyberspace. There has been over a 100% rise in cybersecurity vacancies in the UK alone, placing it in the “Top 5 Jobs in Demand in the UK”; it continues to rise at a steady pace. On the whole, cybersecurity analysts are expected to see a 37% growth in the job market globally.

As Alec Ross, Senior Advisor for Innovation to Secretary of State Hillary Clinton, said: “If any college student asked me what career would most assure 30 years of steady, well-paying employment, I would respond, ‘cybersecurity.’”

Apart from the fact that there are 1 million job openings in the global cybersecurity workforce, it is important to remember that a cybersecurity expert deals with more than just cables and wires in the basement.

Cybersecurity professional job openings range from entry-level personnel to CEOs of a company. There is also a wide variety of skills that you can pursue and specialize in.

A few of the job roles that you can pursue with a cybersecurity degree include:
  • Chief Information Security Officer
  • Forensic Computer Analyst
  • Information Security Analyst
  • Penetration Tester
  • Security Architect

It is also important to remember that cybersecurity experts are required in just about ANY field that you can imagine––banking, hospitality, government, corporate, education, and many more.

However, keep in mind that all companies are searching for Qualified Cybersecurity Professionals; thus having a certification or degree in cybersecurity will definitely work to your advantage.

2. Job Fulfillment is its Motto
Cybersecurity as a profession does not deal with just one segment, but branches out into various fields like ethical hacking, digital forensics, penetration testing, information security, social engineering, and many more––much like how a doctor can specialize in neurology or cardiology. These specializations provide security through various forms, each as important as the next, resulting in all-around job satisfaction.

3.The Remuneration is as Good as the Job Itself

As mentioned earlier, the unemployment level in the cybersecurity field is zero. This is a clear indication that the demand level is higher than supply, which only leads to a major rise in the price level (in this case, a rise in income).

The current pay scale of a Cybersecurity Engineer in the U.S. is an average salary of over $90,000 per year*. Due to the lack of qualified cybersecurity professionals, it is estimated to rise in the years to come.

4. You Possess a Special Knack for the Digital Nation

When talking about having a knack for the digital nation, it does not necessarily mean that you are a computer wizard or that you frequently picture yourself as “Neo” from “The Matrix.”

On the bright side, possessing a few cybersecurity skills––such as coding, understanding web applications and system administration, or the knack to detect a cyber intrusion––could be a sign that you should consider working in the cybersecurity field.
A few other indubitable signs that you should be a cybersecurity professional are:
  • You have an eye for detail – This will help you read and analyze data with ease.
  • You love a challenge – New threats appear every day, resulting in a very challenging atmosphere.
  • You are organized – Security professionals must be extremely methodological.
  • You are curious – Curiosity to explore and learn new things shows your personal interest in the field, ensuring that you can achieve great job satisfaction.

With a large skill gap in the cybersecurity field, it is the perfect time to jump-start your career by choosing a profession that is sure to provide you with immense opportunities.

*The salaries depicted, are taken from various sources (mentioned below). Salaries and employment status may differ from country to country and state to state. Individual research is deeply encouraged.



6 Cybersecurity Tools You’ll Need to Know About in 2019

Gabrielle Sadeh

It doesn’t take such a deep dive into 2018’s most important tech trends to understand how vital cybersecurity will be in the coming year. With the idea of cybersecurity taking a central role in US electoral politics and the world’s most sophisticated platforms demonstrating their inability to thwart savvy hackers, 2019 and the plethora of events scheduled for the year are in a precarious position.

Whether it’s maintaining transparent and reliable voting systems, combatting DDoS attacks at the G20 summit and WTO conference, or even protecting a corporation’s new batch of smart contracts, proactive solutions are necessary in an era when cybercrime seems to reach a new all-time high every few months.

In this vein, smart IT experts and even regular users would be wise to keep an eye on these up-and-comers in the sector. A place on this list means that the company has identified a crucial area of vulnerability in the status quo and develops a unique, airtight solution.
1. Safeblocks
Virtually every industry is working on incorporating blockchain, which has a penchant for creating more cost-efficient services hosted in a decentralized fashion, or at least using decentralized elements. Applications built on blockchain are known as dApps, and Safeblocks is helping to make them more secure.Generally, dApps are built on smart contracts, which are essentially if/then statements that use the trustless ledger to automate business flows. These are usually audited for potential loopholes or exploits before they go live. However, just because a smart contract has been audited doesn’t mean it’s hack-proof.Safeblocks’s Firewall offers real-time protection for smart contract users as well, adding another layer of protection on top of the smart contract. This essentially stops the flow of unauthorized “traffic” — or, in this case, transactions. With this solution, smart contract owners can enjoy greater control with policies and exceptions that they build and manage even after the smart contract is deployed. Safeblocks will continuously validate transactions based on rules you dynamically set. What results is a more cost-effective and efficient smart contract defense apparatus.

2. Incapsula
Incapsula is another leading cybersecurity company offering a truly impressive array of cloud-based security and website acceleration services. With a small adjustment to your DNS — no hardware or software required — you can access the entirety of Imperva’s solution including DDoS protection, website security, content delivery, and load balancing services.]Over 3 million clients trust Imperva Incapsula for their comprehensive and lightweight suite of web services, and especially the ability to create custom application delivery processes that reduce overhead significantly.The near universal applicability of Incapsula’s solution is reinforced by industry recognition of the company, and it has now led the Gartner Magic Quadrant Web Application Firewall contest for five years in a row.

3. HoxHunt
Though new viruses and bugs are a big part of the threat facing our digital universe in 2019, hackers are also targeting employees and negligent (or simply unaware) retail PC users with convincing social engineering tricks that are only getting more sophisticated. HoxHunt recognizes that the vast majority (over 90%) of breaches are due to human error, and acts as an additional security team member by constantly measuring employee awareness and behavior to its simulated threats — phishing emails, prompts to install potentially viral software and more.
Employees are rewarded for identifying components of real and simulated attacks via HoxHunt, creating a gamified user experience that helps detect gaps in personal threat response as well as company-wide vulnerabilities. The platform learns the preferences of individuals (hobbies, interests, relevant dates, etc.) and helps them learn to defend against breaches that target them directly. Administered via a lightweight browser extension, HoxHunt’s platform for positive reinforcement and nurturing defense-minded behavior is uniquely effective.

4. PerimeterX
AI and automation are near and dear to the tech ecosystem, but unfortunately, hackers and fraudsters can also employ the services of bot networks for their own purposes.Automated attacks are like the seafloor trawling nets used by commercial fishermen to pick the ocean’s “lowest-hanging fruit” and have a surprising success rate even though they don’t tailor their attacks to specific targets. PerimeterX is the answer to the growing sophistication of these bot attacks, with a system that uses machine learning to identify behavior that is least likely to represent human action.
Attacks that don’t trigger security mechanisms are some of the most malicious and filtering them out with PerimeterX is crucial for companies like Puma, Wix and Zillow. These include account abuse, checkout abuse (limited run item scalping), content scraping bots and more.

5. WhiteSource
For a company that seeks to use open-source software for its own purposes, the process of picking a harmonizing array of software and maintaining it requires significant efforts.
Open-source installations are amalgamations of several complementary pieces and require tracking, management, and reporting at the very least. WhiteSource automates these processes, but also makes open-source component selection, real-time alerts on vulnerable points and bottlenecks, and policy enforcement entirely automatic.High-profile companies around the world rely on White Source to nurture them through every step of the software development life cycle and reinforce their software stacks onwards behind the scenes. The increasing push towards open-source solutions in recent years will only continue into 2019, and enterprises need a way to effectively juggle their open-source components with as little effort as possible.

6. Cloud Management Suite
With its “patch everything” mantra, Cloud Management Suite (CMS) uses automated and pre-built patch queries to the most common software to significantly reduces the administrative burden of systems management.Users are able to effortlessly control every aspect of their IT infrastructure, including connected devices, threat monitoring, compliance management, power management and two-factor authentication.Hosted entirely in the cloud, CMS can be deployed instantly and used remotely, so that anyone can effortlessly keep all the devices and software used by their business up-to-date.

Upgrade Your Protection
As fraudsters become more creative, the cybersecurity sector must keep pace or risk a dire outcome. Thankfully, companies like those on this list have designed groundbreaking solutions that seek to head off cyber threats before they manifest. In 2019 and beyond, watch for these names to rise above the rest as the battle for a safer web rages on.

Cyber Security / Why we need more women in cybersecurity
« on: January 22, 2019, 12:05:55 PM »
Why we need more women in cyber security

It has been estimated that more than 1 million security jobs worldwide are unfilled. Further, (ISC)2 reports that of the currently employed cyber security professionals, women represent only 11 percent of the workforce. The unfilled cyber security jobs aren’t just a staffing issue; they’re a matter of national security, and women can help us solve the problem quickly.

Our current need for women in cyber security is no different from when we needed women to work in what were then considered to be stereo typically male roles during WWII, a topic I wrote about and have been speaking on this past year. In fact, I feel so strongly about this subject that in 2015 I founded the not-for-profit #brain babe, where our mission is to empower more women and men to join the cyber security profession by raising awareness about behaviors that are holding us back and by providing a training framework for entry-level cyber security roles for liberal arts graduates.

We are again in a time of war—this time cyber war—and our adversaries know we are understaffed. We have to solve this talent shortage as fast as possible. Our best option is to dramatically increase the amount of women we recruit into the technology and cyber security fields immediately. Here is my thinking on how and why.

Better messaging
So how do we do this? The answer lies in better marketing. We are doing a poor job of marketing and selling these roles to young women. We need to educate youth—particularly female youth—about the fact that cybersecurity jobs cover a vast and diverse amount of positions. It’s true there are some jobs in cybersecurity that require computer science skills and computer programming or networking engineering skills. But employment in a position with those requirements does not mean you have to wear a hoodie and code all day or be stuck with wires and cables. Today, cybersecurity is chic in the real world, while in media it’s still depicted as dark and weird. We need to change that for our young women and men, because the negative stereotypes and miscommunications are hurting everyone.
[ Webinar:Get Started with Seamless App Sec in a Single Day(Jan. 23) ]

Rethink the job requirements list
Additionally, and more importantly, there’s the fact that a great number of cybersecurity jobs require more interpersonal skills than technical ones. They require analytical thinking, teamwork skills, communication skills, and leadership skills, all of which can be learned in fields other than technology. In my experience as a leader in staffing, these are the types of jobs at which women excel, and so we must promote these jobs in detail. They’re sexy, fun, high-income jobs that don’t all require software-coding skills. Today roles such as C-suite, director, manager, cloud robotics, analyst, GRC, compliance, privacy, finance, product management, and many others can all be found in the cybersecurity field.

I discussed this in my 2016 RSA Conference talk, “From Pigtails, to Prom, to a Cyber Career: What About Your Daughter?” Many of the open positions we will need to fill in 10 years are roles we don’t even have names for yet because of how fast the Internet of Things (IoT) is changing technology. Alec Ross, the former advisor to the secretary of state, discusses this in his book The Future of Work and has also discussed this on CNN.

Giving back: Lessons from my career
As someone who majored in liberal arts, I can speak firsthand about how wonderful being in the technology and cybersecurity fields over the last 21 years has been. I lucked out when I stumbled upon two serial entrepreneurs who believed that I and many others with nontechnical backgrounds could be trained to understand technology and cybersecurity. As a 22-year-old college graduate with a double degree in sociology and criminal justice, I was quickly trained to be successful in technology and cybersecurity, and my career has been amazing. I have traveled the US and the world, lived in great cities such as Boston and Los Angeles, built strong relationships with people, and added value to major initiatives that created jobs and wealth for individuals.

To spend my late 30s as the CEO of a technology company and then my 40s as the founder and CEO of a cybersecurity software and services company has been an incredibly positive experience. Women with the same type of drive, smarts, and talent are out there right now waiting for the cybersecurity community to find them.

Cybersecurity needs you!
We can’t leave the security of this great country to chance. We need a major shift in how we market cybersecurity jobs, and we need a massive commitment to training within our organizations. Our schools are slow to push these careers, so it’s up to all of us in the technology and cybersecurity communities to get the word out while they catch up.


« on: January 22, 2019, 11:55:49 AM »

Educating yourself about cyber security cannot be stressed enough, because the more you know and understand about the subject, the better your chances of staying protected are. Your cyber IQ is essential to your safety and privacy on the Internet. Cyber security is two-fold. Obviously, you need Internet security software, but it can’t protect you from 100% of the threats on the landscape. Knowledge of the threats that antivirus can’t catch, coupled with best practices of safeguarding your information online can be just as crucial as software.


As previously mentioned, there are threats online that are impossible for security software to detect. Becoming educated about threats and the best practices against them will make it immensely harder for a cybercriminal to access your data.

Antivirus on your computer can’t protect accounts that are online, so in this instance, you are the first defense in security. Use a combination of uppercase and lowercase letters, symbols and numbers and make sure they are at least eight characters long. The more characters and symbols your passwords contain, the more difficult they are for cybercriminals to try to crack. Never, ever reuse the same password on multiple sites.

The first step in defense against data breaches is being aware. Monitor your financial accounts on a regular basis, change your password semi-annually and educate yourself about all of the implications of a data breach and what can be done in the event that you fall victim to one. They say that the best defense is a good offence, so instead of thinking in the terms of if, think when. That way when disaster strikes, you’ll know exactly what to do.

Performing software updates as soon as they become available is key to a good offence. They are available for both our operating system and individual software programs. Hackers love exploiting weaknesses, or “holes” in popular software programs. Performing these updates will fix security holes that have been discovered.

Internet security software can’t intercept social engineering. Cybercriminals use human-to-human interaction in order try to trick users into divulging sensitive information. It’s part scare-tactics, and part manipulation of people. Social engineering uses a wide variety of tactics to try to lure its victims in. Phishing via email, instant messages, social media scams, even phone calls are just a few varieties of attacks scammers use. The end goal is to try to trick the user into downloading malware or clicking a link leading to a compromised website that hosts malware.

It is also important to remember to implement these defenses in your work life and even device usage, as everything is vulnerable to being compromised.

Hackers are people too, and they’re constantly trying to come up with new ways of trying to get to your data. They depend on users being uneducated, because those are the easiest targets. But you have the ability to defend yourself against these threats.


Cyber Security / Five reasons cyber security is more important than ever
« on: January 22, 2019, 11:36:54 AM »
Five reasons cyber security is more important than ever

The threat of cybercrime to businesses is rising fast. According to one estimate, by McAfee, the damages associated with cybercrime now stands at over $400 billion, up from $250 billion two years ago, with the costs incurred by UK business also running in the billions. In a bid to stave off e-criminals, organisations are increasingly investing in ramping up their digital frontiers and security protocols, however, many are still put off by the costs, or by the bewildering range of tools and services available. Five reasons why investing in cyber security is a sensible decision to make.

1. The rising cost of breaches
The fact is that cyberattacks can be extremely expensive for businesses to endure. Recent statistics have suggested that the average cost of a data breach at a larger firm is £20,000. But this actually underestimates the real expense of an attack against a company. It is not just the financial damage suffered by the business or the cost of remediation; a data breach can also inflict untold reputational damage.

Suffering a cyberattack can cause customers to lose trust in a business and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new contracts.

2. Increasingly sophisticated hackers
Almost every business has a website and externally exposed systems that could provide criminals with entry points into internal networks. Hackers have a lot to gain from successful data breaches, and there are countless examples of well-funded and coordinated cyber-attacks against some of the largest companies in the UK. Ironically, even Deloitte, the globe’s largest cybersecurity consultant, was itself rocked by an attack in October last year.

With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and implement controls that help them to detect and respond to malicious activity before it causes damage and disruption.

3. Widely available hacking tools
While well-funded and highly skilled hackers pose a significant risk to your business, the wide availability of hacking tools and programmes on the internet also means there is also a growing threat from less skilled individuals. The commercialisation of cybercrime has made it easy for anyone to obtain the resources they need to launch damaging attacks, such as ransomware and cryptomining.

4. A proliferation of IoT devices
More smart devices than ever are connected to the internet. These are known as Internet of Things, or IoT, devices and are increasingly common in homes and offices. On the surface, these devices can simplify and speed up tasks, as well as offer greater levels of control and accessibility. There proliferation, however, presents a problem.

If not managed properly, each IoT device that is connected to the internet could provide cyber criminals with a way into a business. IT services giant Cisco estimates there will be 27.1 billion connected devices globally by 2021 – so this problem will only worsen with time. With use of IoT devices potentially introducing a wide range of security weaknesses, it is wise to conduct regular vulnerability assessments to help identify and address risks presented by these assets.

5. Tighter regulations
It is not just criminal attacks that mean businesses need to be more invested in cyber security than ever before. The introduction of regulations such as the GDPR means that organisations need to take security more seriously than ever, or face heavy fines.

The GDPR has been introduced by the EU to force organisations into to taking better care of the personal data they hold. Among the requirements of the GDPR is the need for organisations to implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report breaches.

About the author: Portsmouth-based Annie Button English is a Literature graduate and writes for various online publications, specialising in business and career development.


Pages: [1]