Alert Logic Cloud Security Report 2017
In the last few years the IT industry has crossed the chasm and cloud adoption no longer looks like an exotic proposition. This is as profound a paradigm shift as the Internet transformation appeared to be two decades ago, and it is driving an equally powerful change in the way we must evaluate the threat landscape. In 2017, we see a consolidation of threats in the very topmost layers of the computing model. The shift suggests that new approaches and fresh thinking will be required for businesses looking to increase their security posture and manage risk in cloud and hybrid environments.
After years of refinement, cloud service providers (CSPs) are expert at securing the lower (physical, logical, network) layers of the stack. Even attacks a bit higher, at the OS level, are on the decline – or stymied by the speed at which CSPs can apply patches and updates.
(This document is an ISPA Member's Only Resource. To gain access to the full document as an ISPA member, please login to the Member's Only Section of the website. If you are not a member and wish to join ISPA to gain access to Member Only information, click JOIN and complete the online application.)
7 Steps to Automating Cyber Threat Detection and Analysis
Why are so many breaches continuing to occur without let up after several years of headlines? Are the attackers that smart, or are businesses not putting the proper focus on the problem? Perhaps the best way to answer is to start with the bottom line and defining the concept of risk:
Step 1: Determining Value
Intellectual property for certain industry verticals can be extremely valuable. For these companies, it is fairly easy to look at market valuations and attribute a reasonable percentage to that value. Client and patient records are also highly valuable – for healthcare providers and insurers, HIPPA violations have fines for data loss that range up to hundreds of dollars per record. While not all industry verticals have well-established values, most organizations have the means to determine the value of such information. It often comes down to valuating data loss, in real, as well as, opportunity costs.
Read full article here... (Printed in The Security Magazine June 14, 2016)
Active Shooter Preparedness
The Department of Homeland Security (DHS) aims to enhance preparedness through a ”whole community” approach by providing training, products, and resources to a broad range of stakeholders on issues such as active shooter awareness, incident response, and workplace violence. In many cases, there is no pattern or method to the selection of victims by an active shooter, and these situations are by their very nature are unpredictable and evolve quickly. DHS offers free courses, materials, and workshops to better prepare you to deal with an active shooter situation and to raise awareness of behaviors that represent pre-incident indicators and characteristics of active shooters.
On this page:
- Active Shooter Resources for Law Enforcement and Trainers: The National Summit on Multiple casualty Shootings, Progress Report on the President’s Executive Actions to Help Reduce Gun Violence, The Countering Violent Extremism (CVE) and Active Shooter Web Portal
- Active Shooter Training Provided by the Federal Law Enforcement Training Centers (FLETC)
- Active Shooter: What You Can Do Course
- Active Shooter Webinar
- Active Shooter Workshop Series
- Active Shooter: How to Respond Resource Materials
- Options for Consideration Active Shooter Preparedness Video
- Conducting Security Assessments: A Guide for Schools and Houses of Worship Webinar
- U.S. Secret Service (USSS) Active Shooter Related Research
Decoding New Cyber Regs for Midsized Businesses
True to the discussion in our last Middle Market Growth article, “A New Year for Cybersecurity: What to Expect in 2016,” new federal regulations governing cybersecurity are already taking shape. The Cybersecurity Act of 2015 was passed in late December as part of the 2016 omnibus spending package; it signals the government’s intent to crack down on cybercrime. We’ll take a look at some of the areas where this law will impact small and midsize U.S. businesses.
First, we should stipulate that no one knows with certainty the consequences of the new regulations because the details of implementation and enforcement have yet to be tested in the field, including in the government and private sectors, and eventually, the courts.
Is Cybercrime Just a Cost of Doing Business
Is cybercrime, once an annoyance, now an ever-present threat, next just a cost of doing business?
The evolution of malicious code, attacker motivations, and technical capabilities has taken us past malware and suspicious files into a much more complex and threatening environment. The threat is no longer malware and and suspicious files. It is about protecting memory, system registries, and lateral moves through virtual machines. Businesses are being held hostage by ransomware, hardware vulnerabilities are being exploited to slip under traditional security defenses, and advanced code techniques can sleep to evade sandbox traps and morph continually to defy signature-based detection. Will we reach a state where security breaches and data theft are just factored into the cost of operations?
Security and Life Safety Commercial Office Building Protective Measures
A civil unrest type of situation can take multiple forms, but usually end up as a protest or demonstration outside a building’s property line or entrance(s). In worst case scenarios, the protesting group can enter a building’s perimeter (i.e. entrances) and disrupt operations for the property and its tenants. In many cases, proper planning and a sound emergency response plan can help eliminate these disruptions and maintain normal business operations. With many protests, there is usually some type of pre-event indicators, which give the property advanced warning of a pending demonstration. With this information, properties have the opportunity to increase their security measures, such as police involvement, additional officer placement, lockdown of entrances and / or communications with tenants.
10 Things an HR Director Needs to Know About Domestic Violence and Stalking in the Workplace
Historically, executives of human resources (HR) and security executives were largely unprepared for violent or harassing behavior in the workplace, and exhibited reluctance to being proactive in creating and implementing policies and procedures dedicated to preventing such behavior. The usual HR mentality was just to “wait” and hope for the best. However, notwithstanding their lack of concrete actions, HR executives were often aware of the potential for episodes of violence or harassment in their workplaces, including domestic violence. Credence for this belief can be ascertained in reviewing the National Safe Workplace Institute survey that cites 78% of H.R. professionals who consider domestic violence a workplace issue while 94% of corporate security directors rank partner violence as a high security concern.
Security for Building Occupants and Assets
The 2001 terrorist attacks at New York City's World Trade Center and the Pentagon, the 1995 bombing of Oklahoma City's Alfred P. Murrah Federal Office Building, and the 1996 bombing at Atlanta's Centennial Park, and more recently the bombing at the Boston Marathon, shook the nation, and made Americans aware of the need for better ways to protect occupants, assets, and buildings from human aggressors (e.g. disgruntled employees, criminals, vandals, lone active shooter, and terrorists). The 2001 terrorist attacks demonstrated the country's vulnerability to a wider range of threats and heightened public concern for the safety of workers and occupants in all Building Types.
Here are links to other resources that are available.
The Illinois Security Professionals Association owes a great deal of its success to the extensive list of relationships and partnerships that have been developed with a wide array of allied associations and organizations since the inception of the organization back in 1961. Throughout the years, we have established excellent working relationships with the FBI, US Secret Service, Department of Homeland Security, Illinois State Police, Chicago Police Department, Chicago Fire Department and other first responders throughout the state of Illinois.
The Speakers Bureau of the Illinois Security Professionals Association features private security, law enforcement and public safety professionals who are available to speak on a wide variety of topics. If you are looking for a speaker, please look through the speakers listed below and contact a potential speaker directly. It is best to negotiate speaker honorariums directly with the speaker.
Biographical and contact information is listed when you click on "View full bio and contact information."