CyberTalk Issue 7

Practitioners’’ Event Special Edition

%* Exploit Breach Malware

3rd Party Discovery

Zero Day

Reputation

Heartbleed Exposure ConďŹ dentiality

Cybercrime

Shellshock

76 Vulnerability Attack Vector Hackers

Hacktivists

Complete vulnerability intelligence and management for your non-Microsoft applications

Find out more at http://bit.ly/1EAgty1 *In 2013, nearly 76% of vulnerabilities affected third-party applications

12

46

cybertalkmagazine @CyberTalkUK

='8 ┬К┬З┬З 8'68'9'2;!ржз ='9 (831 3='821'2;T 2&<9;8@ !2& &<$!ржз 32

assemble to share current and emerging trends in research, curricula and course-ware in the following areas:

STRATEGIC DEVELOPMENTS TRENDS AND VISION FOR THE DISCIPLINE AND PROFESSION STANDARDS AND GUIDELINES GOVERNANCE AND CONTROL ICT SUPPLY CHAIR RISK MGMT.

ASSESSMENT & ACCREDITATION AWARENESS COMPETITIONS SOCIAL IMPACT AND ETHICS ╙З { ╙И W NOVEL RESEARCH IN THE FIELD

19TH COLLOQUIUM JUNE 15TH TO 17TH

JW MARRIOTT RESORT

LAS VEGAS, NEVADA

DAY 1

DAY 2

GOVERNMENT

EDUCATION

INDUSTRY

$525

$625

$400

January 1st to April 30th

May 1st to June 17th

Valid student ID required

EARLY BIRD

DAY 3

REGULAR

STUDENT

GROUP ROOM RATE AT THE JW MARRIOTT LAS VEGAS RESORT & SPA: $129 PER NIGHT ╙З ╙И

Papers and Round Table topics are due: March 15, 2015 Poster Abstracts due:

May 1, 2015

THE COLLOQUIUM FOR INFORMATION SYSTEM SECURITY EDUCATION 49004 PACKARD CT., BELLEVILLE, MI 48111

* NO COST CAREER FAIR FOR EMPLOYERS 6!-& 8'+-9;8!ржз 32 -2=-;'9 ;,' 36638;<2-;@ ;3 -2;'8=-'> ;,' 2!ржз 329 #'9; @#'89'$<8-;@ 9;<&'2;9 !2& (!$<┬г;@

WWW.CISSE.INFO

6

Assess Risk

Prioritise Improvements

Analyse Intelligence

Analyse performance of defences; loging and monitoring; response capabilites

Identify Attack Scenarios

Test Target Systems Against Simulated Attack Scenarios

7

Ian Bryant & Jasvinder Mahhra

8

Risks Not Known / Knowable: Treatment Not Possible Overall Tolerance

Involuntary Tolerance

As Low As Physically Possible (ALAPP) Treatment Not Practical As Low As Reasonably Possible (ALARP)

Appetite / Voluntary Tolerance (Willingness to Accept - WTA) Maximum Tolerable Risk

Discretionary Balance

Treatment Could Be Done As Low As Reasonably Acceptable (ALARA) (or Baseline Protection Objective (BPO))

Willingness to Pay – WTP

Discretionary Range

Within Discretion

Manageable Range

Treatment Should Be Done

Within Appetite

Exceeds Discretion

Baseline Protection Limit (BPL) Treatment Must Be Done

Exceeds Limits

© NIAF

So it seems that the Cyber Risk challenge is actually an example of what in mathematics is referred to as an Optimal Stopping Problem – choosing when to give up.

In partnership with: McAfee is now part of Intel Security.

Are you completely protected? Cybercriminals pose such diverse threats to your business that it’s simply not enough to protect only your endpoints. 7KH 0F$IHH 6HFXULW\ &RQQHFWHG IUDPHZRUN RÎ?HUV D FRPSUHKHQVLYH LQWHJUDWHG VROXWLRQ ZKLFK LV DÎ?RUGDEOH DQG VLPSOH WR PDQDJH

Protect your business with McAfee Security Connected

Complete integrated security solution

Powerful protection for your intellectual property and customer data

Increased network performance

Enhanced business continuity

Stay up to date! Don’t forget – the ever-changing nature of the threat landscape makes it imperative to keep all your security products up to date. Contact SBL now to discuss adding or renewing McAfee security products. For more information on Security Connected

www.mcafee.com/uk/enterprise/security-connected/index

How can the McAfee Common Security Platform for 'LJLWDO *RYHUQPHQW %HQHČ´W <RX" Intel Security has been the leading security solutions provider to the UK *RYHUQPHQW IRU PDQ\ \HDUV 6LQFH WKH 8. *RYHUQPHQW KDG LQYHVWHG approximately ÂŁ100m in Intel Security solutions in areas including Endpoint 6HFXULW\ 1HWZRUN 6HFXULW\ DQG 6HFXULW\ 0DQDJHPHQW 'HVSLWH WKLV OHYHO RI LQYHVWPHQW WKH SURFXUHPHQWV KDYH EHHQ PDGH DQG DUH VWLOO EHLQJ PDGH RQ D SHU GHSDUWPHQW EDVLV ZLWK QR SUH GHČ´QHG SXUFKDVLQJ PHWKRGV RU GLVFRXQWLQJ frameworks in place. As a major supplier of security solutions to the UK Public 6HFWRU ΖQWHO 6HFXULW\ LV XQLTXHO\ SODFHG WR SLRQHHU ERWK D FRPPHUFLDO RÎ?HULQJ and a platform that will enable HM Government to provide a Common Security 3ODWIRUP IRU DQ\ JRYHUQPHQW GHSDUWPHQW GLJLWDO VHUYLFH RU VKDUHG VHUYLFHV business center. Whilst underpinning the Government’s strategy to further HQKDQFH LWV VHFXULW\ SRVWXUH DJDLQVW F\EHU DWWDFN ΖQWHO 6HFXULW\ EHOLHYHV WKDW ZH FDQ DOVR GHOLYHU VLJQLČ´FDQW VDYLQJV WKURXJK WHFKQRORJ\ FRQVROLGDWLRQ UHGXFHG V\VWHP LQWHJUDWLRQ WUDLQLQJ DQG PDQSRZHU FRVWV DQG UHGXFHG LQFLGHQW UHVSRQVH through integrated real time security intelligence. The Common Security Platform is McAfee’s Security Connected solution for Digital Government. It is an adaptable security framework that enables the necessary foundation level of security across digital government and extendable platform WR PHHW VHFXULW\ UHTXLUHPHQWV RI ERWK OHJDF\ DQG IXWXUH GLJLWDO V\VWHPV 7KLV Common Security Platform will: Č? 6WUHDPOLQH VHFXULW\ VHUYLFHV DQG FRPSOLDQFH DFURVV GLJLWDO JRYHUQPHQW Č? 5HGXFH WKH ULVN RI GLJLWDO VHUYLFH GHSOR\PHQWV Č? (PSRZHU 6PDOO DQG 0HGLXP (QWHUSULVHV Common Security Platform for Digital Government Common Security Integration Services Protective Monitoring

Intelligence

Common Shared Services

Risk Assessment

Digital Service Infrastructure

Data Analytics

Partner Services

Common Desktop Security Services

Common 1HWZRUN 6HFXULW\ Services

Common Application Security Services

Common Server Security Services

Extended Security Services

AntiMalware

Data Protection

Data Protection

AntiMalware

Privilege Control

Data Protection

Intrusion Prevention

Access Control

Access Control

Data Marking

Learn more about how McAfee’s Security Connected solution can EHQHȴW \RXU RUJDQLVDWLRQ www.mcafee.com/uk/enterprise/security-connected/index

Visit our stand at the IA Practitioners event and speak to Mo in person. <RUN 5DFHFRXUVH UG WK 0DUFK . Mo will also VSHDN DW WKH 1HWZRUNLQJ 'LQQHU RQ UG 0DUFK

Meet the Author: Maurice Cashman, Director - Enterprise Architects, EMEA, will be at IAP Practitioners 3rd - 4th March 2015 Mo is an experienced cyber security professional with over 15 years RI OHDGHUVKLS RSHUDWLRQDO DQG advisory roles in global government enterprise environments. Mo learned cyber security from the JURXQG XS ZRUNLQJ LQ WKH 8QLWHG 6WDWHV $UP\ȇV ȴUVW &RPSXWHU (PHUJHQF\ 5HVSRQVH 7HDP DV DQ LQFLGHQW DQG QHWZRUN DQDO\VW deploying and monitoring sensor solutions to detect sophisticated cyber espionage campaigns threatening military operations. After successful roles in technical VDOHV QHWZRUN VHFXULW\ DQG information assurance policy GHYHORSPHQW 0R ZDV VHOHFWHG WR lead the Security Operations and Intelligence Center for the US Army LQ (XURSH 6LQFH MRLQLQJ 0F$IHH Mo has served successfully as an enterprise architect for large security projects and advisor to the US European Command on F\EHU VHFXULW\ WKH ȴUVW HYHU IRU WKH FRPSDQ\ 0RUH UHFHQWO\ KH VHUYHG as Chief Security Advisor to the *OREDO 3XEOLF 6HFWRU H[HFXWLYH WHDP traveling worldwide to establish McAfee as a security leader for global governments.

In partnership with: McAfee is now part of Intel Security.

...my clients ask me to find the threads that bind information together, and mend them when they break.

12

13

14

15

ADVERTORIAL Gavin McAuley SBL

David Bird

...on a grand scale before smuggling the data off site for whistle-blowing purposes. The consequences of his actions are profound.

18

According to FireEye reports, detected Advanced and Persistent Threats (APT) incursions remained constant at around 25% of global organisations surveyed over a six-month period while 96% of their systems had sustained some kind of external attack.

References 1 D.Maughan, 2012, Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S Financial Services Sector, Software Engineering Institute. 2 M.Hosenball&W.Strobel, 2013, Snowden persuaded other NSA Workers to give up passwords, Reuters. 3 Professor T.Watson, 2013, What is the future of protection for CNI, Director of Cyber Security De Montford University. 4 Insider Data Collection Study, 2013, Report of Main Findings, CPNI. 5 PwC, 2008-2014, Information Security Breaches, BIS. 6 Clearswift, 2013, The Enemy With Research 2013, www.clearswift.com/about-us/pr/pressreleases/enemy-within-research-2013 7 FireEye&Mandiant, 2014, CyberSecurity’s Maginot Line: A Real-World Assessment of the Defense-inDepth Model, FireEye. 8 Special Report, 2015, Maginot Revisited: More Real-World Results from Real-World Tests, FireEye. 9 K.Jarvis, 2013, Cryptolocker Ransomware, www.secureworks.com/cyber-threat-intelligence/ threats/cryptolocker-ransomware/ 10 Trendmicro, 2014, Employees may be a company’s biggest cybersecurity risk:The threat of social engineering, blog.trendmicro.com. 11 E.Nakashima, 2015, FBI director offers new evidence to back North Korea hacked Sony, http://www.washingtonpost.com/world/national-security/fbi-director-offers-new-evidence-toback-claim-north-korea-hacked-sony/2015/01/07/ce667980-969a-11e4-8005-1924ede3e54a_ story.html 12 K.Zetter, 2013, Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, Wired. 13 Horizon, 2012, Defeating the Hackers, BBC. 14 P.Muncaster, 2014, Malware Alert: E-Cigarettes Could be Bad for Computer Health, www.infosecurity-magazine.com 15 Ponemon&HP Enterprise Security, 2013, Cost of Cyber Crime Study: France, Ponemon Insitute. 16 D.Raywood, 2013, An inside job: the danger that lurks within, SC Magazine UK. 17 L.Donato, 2014, 4VS½ PMRK ']FIV 3JJIRHIVW CyberTalk Issue 4. 18 J.Nurse et al, 2014, Understanding Insider Threat: Framework for Characterising Attacks, IEEE Computer 2014 Security & Privacy Workshop. 19 M.Celenk et al, 2010, Predictive Network Anomaly Detection and Visualisation, IEEE. 20 C.Milling et al, 2012, Network Forensics: Random Infection vs Spreading Epidemic, Sigmetrics ’12. 21 N.Mcdonald et al, 2014, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, Gartner. 22 K.McCaney, 2015, 9WIVW FIGSQMRK LEGOIVW´ JEZSVMXI TEXL MRXS RIX[SVOW WYVZI] ½ RHW http://defensesystems.com/articles/2015/01/20/cisco-security-report-targeting-users.aspx?m=1

20

Visit Us at OurUs Stand Visit at

Our Stand

The World’s Leader in Public Sector Mobility Management Container

BYOD

Devices

Apps

Content

Email

Browsing

Multiuser

Attend Our Workshop: How to Build Secure Solutions Tuesday, 3 March 2015: 15:45 – 15:55 Wednesday, 4 March 2015: 09:30 – 10:30, 11:00 – 12:00, 13:00 – 14:00, 15:15 – 15:25

+44.1908.557.700 | sales@air-watch.com | air-watch.com

Productivity increases. Not the attacks. The only security platform that prevents cyber attacks. Our multi-layered defense system protects against the broadest range of threats. Free your ® teams to increase productivity with Palo Alto Networks . To learn more, visit go.paloaltonetworks.com/prevent

WE SET THE STANDARDS WHEN IT’S MISSION CRITICAL CESG Certified Professional Scheme.

bcs.org/ia BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no. 292786) 2015

BC1056/LD/AD/0115

Independent assessment and verification for information assurance professionals.

ONE UNIFIED DEFENSE AGAINST CYBER ATTACKERS 7RGD\èV F\EHU DWWDFNV DUH WDUJHWHG VRSKLVWLFDWHG DQG IRFXVHG RQ DFTXLULQJ \RXU PRVW VHQVLWLYH LQIRUPDWLRQ 7KH\ DOVR JR XQGHWHFWHG E\ WUDGLWLRQDO VHFXULW\ WHFKQRORJ\ 2UJDQL]DWLRQV QHHG WR UHLPDJLQH VHFXULW\ DQG DGRSW D &RQWLQXRXV 7KUHDW 3URWHFWLRQ PRGHO 7KLV PHDQV KDYLQJ WKH DELOLW\ WR GHWHFW WKUHDWV LQ UHDO WLPH DQG UHGXFH WLPH WR UHVSRQG WKHUHE\ SUHYHQWLQJ RU PLQLPL]LQJ EXVLQHVV LPSDFW 7KH )LUH(\H 3ODWIRUP SURYLGHV D PXOWL IDFHWHG DSSURDFK WR VHFXULW\ Ã¥ GHWHFW SUHYHQW DQDO\]H UHVSRQG DETECT 6LJQDWXUH OHVV DQG PXOWL ćRZ YLUWXDO PDFKLQH EDVHG DSSURDFK WKDW OHYHUDJHV VXSHULRU WKUHDW LQWHOOLJHQFH

PREVENT 0XOWL YHFWRU LQOLQH NQRZQ DQG XQNQRZQ WKUHDW SUHYHQWLRQ

ANALYZE &RQWDLQPHQW IRUHQVLFV LQYHVWLJDWLRQ DQG NLOO FKDLQ UHFRQVWUXFWLRQ

RESPOND 5HPHGLDWLRQ VXSSRUW DQG WKUHDW LQWHOOLJHQFH WR UHFRYHU DQG LPSURYH ULVN SRVWXUH

www.FireEye.com © 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names may be trademarks or service marks of their respective owners.

Dr. Char Sample

when traffic is re-routed or a name request is hijacked the user remains unaware of the activity.

24

tVolution Mini

0845 838 2050 marketing.becrypt.com/tvmini Assu

Low Risk

J. Mark Bishop

“What is it, my darling?” “Now there’s money at stake, she’s summoned me to court.” “Why?” “To prove I’m Theseus.” “And so this love deceives ..”

26

- astronomically ferocious - exposing the three colleagues to fatal radiation...

27

Four years ago, with my body lifeless in coma, Hippolyta reclaimed my father’s frozen brain from the Mars One mortuary...

28

20 - 22 October 2015 | IET London: Savoy Place Call for Papers deadline: 24 April 2015

CONFERENCE

System Safety and Cyber Security 2015 This is your chance to contribute to the programme of the largest conference for system safety and cyber security specialists held in the UK. Successful authors receive a presentation slot at the conference, plus extensive publication opportunities including submission for indexing on IET Inspec and IEEE Xplore. New for 2015 - we are pleased to introduce a guest theme, and welcome your abstracts in Safety and Security of Automated and Autonomous Systems.

The technical scope includes: System Safety

Cyber Security

Defining measurable safety requirements Safety and systems engineering Hazard identification Independent safety auditing Safety and security

Adoption of security approaches Securing systems against adaptive persistent adversaries Taking a systems engineering approach to security and risk of systems Security guidance and emerging standards Supply chain threats and hazards

Submit your abstract by 24 April 2015 at www.theiet.org/system-safety Exhibitor

Supported by

Supporting conference

Media partners

#IETsafety The Institution of Engineering and Technology is registered as a Charity in England and Wales (No. 211014) and Scotland (No. SC038698). The Institution of Engineering and Technology, Michael Faraday House, Six Hills Way, Stevenage, Herts, SG1 2AY.

Andy Cole SBL

30

Lindsey Cowen SBL

010110110

Visit Lumension to learn how to better protect your systems from malware and advanced targeted attacks Improve Resilience with industry-leading patch management capabilities to reduce the attack surface

Improve Security with whitelisting and blacklisting capabilities to eliminate unwanted programs

Improve Data Protection with data encryption and device / port control capabilities to decrease insider risk

Ask SBL about our new SCCM patching plug-in and in-process CESG CPA Certification for our whitelisting solutions.

www.lumension.com

Noel K. Hannan

33

34

A cyber attack can use many attack vectors and be very simple (an email, a Twitter feed or a news item from a ‘trusted source’ which induces a desired effect, such as panic buying of food or fuel) or very complex (a multilevel penetration of a computer network system from an Internetconnected machine through to an industrial control system managing an item of critical machinery, such as the cooling system of a power station).

35

"3& :06 -00,*/( '03 " '6563& 1300' (07&3/.&/5 4&$63& 70*$& 40-65*0/ As the government continues to invest in IP networks, L-3 TRL has developed a solution to help you secure your VOIP communications up to TOP SECRET (TS) using our CAPS approved CATAPAN IP encryption devices and a standard COTS IP phone. This will help you meet your three main drivers: t t t

3FEVDUJPO JO ZPVS CVEHFUT -PX USBJOJOH PWFSIFBE UISPVHI UIF VTF PG B TUBOEBSE $054 EFTL QIPOF " TBGF SPBENBQ UP USBOTJUJPO UP *1 XJUI JOUFSPQFSBCJMJUZ XJUI MFHBDZ SFBM FTUBUF VTJOH PVS #3&/5 HBUFXBZ TFSWJDFT

At the heart of this solutions is Lite-CATAPAN - the only PRIME certiďŹ ed Government Grade VoIP solution available on the market. Operating at 18Mbps, Lite-CATAPAN allows TS voice, data and video over any IP network and features unique Power over Ethernet capabilities for exibility of usage and simplicity of network conďŹ guration. Where continuous secure connectivity is vital to mission success in deployed situations, LiteCATAPAN is fully interoperable with our range of ‘bearer of opportunity’ solutions, providing seamless TS communications using 3G, 4G, Wi-Fi, ADSL and Satellite connectivity worldwide. Lite-CATAPAN device forms part of the wider CATAPAN family of solutions which include the high-speed Enterprise-CATAPAN for strategic scenarios and the Mini-CATAPAN for tactical operations. Implementing Lite-CATAPAN into your existing network creates minimal interruption to existing operations, ensuring no loss of functionality. In order to ensure business continuity, L-3 TRL provides a customised implementation plan which increases the capability of your existing infrastructure whilst still operating within individual budgets, resulting in a fully interoperable PRIME enabled secure network solution which can deliver incremental improvements whilst exing to future needs.

'PS NPSF JOGPSNBUJPO PO $"5"1"/ TFDVSF WPJDF TPMVUJPOT WJTJU VT BU *" 1SBDUJUJPOFST PS TFF PVS XFCTJUF XXX - DPN DPN 53-

David Evans Corpress LLP

37

38

References 1 Marsh UK; UK & Ireland 2014 Cyber Risk Survey Report 2 National and International Cyber Security Exercises, Survey, Analysis and Recommendations, October 20112

David Evans is a specialist in crisis and continuity and lead author of BS11200 (crisis management), David has run some of the worlds largest commercial simulation exercises for testing organisations and helping embed knowledge of vulnerability, risk and response. He is a founding partner of Corpress LLP, providing support to clients in developing their capability for managing and responding to threats and disruption.

39

The best mobility experience. The strongest network security. LEARN MORE VISIT

www.arubanetworks.com @ArubaNetworksEU

Don’t switch off Cyber security is everyone’s responsibility Effective cyber security is not just an IT issue. It is a business necessity. "1.( *OUFSOBUJPOBMnT $ZCFS 4FDVSJUZ DFSUJå DBUJPO USBJOJOH BOE WVMOFSBCJMJUZ BTTFTTNFOU UPPMT IFMQ ZPV NBOBHF UIF SJTLT UP ZPVS PSHBOJTBUJPOnT JOGPSNBUJPO "1.( JT BQQSPWFE CZ $&4( UP DFSUJGZ DZCFS TFDVSJUZ QSPGFTTJPOBMT BOE USBJOJOH DPVSTFT %POnU MFU DZCFS TFDVSJUZ CFDPNF UIF BHFOEB r QVU JU PO UIF BHFOEB www.apmg-international.com

Download our brochure here

Benjamin Jackson SBL

References 1 http://www.ons.gov.uk/ons/rel/rdit2/internet-access---householdsand-individuals/2014/index.html. 2 http://www.ons.gov.uk/ons/rel/rdit2/internet-access---householdsand-individuals/2014/index.html 3 http://www.ons.gov.uk/ons/rel/rdit2/e-commerce-and-internet-use/ecommerce-and-internet-use--2013/sty-ecom-2013.html 4 http://www.theguardian.com/business/2014/aug/24/medical-implantsdrive-3d-printer-growth 5 LXXT [[[ GRIX GSQ RI[W [SVPHW ½ VWX H TVMRXIH ETEVXQIRX building-constructed-in-china/

41

42

Our aim is to ensure that future generations embrace new technology and use it creatively, productively, and safely; Civics for the cyber-citizenry.

References i http://www.statista.com/statistics/270821/smartphone-user-in-the-united-kingdom-uk/ ii http://weareapps.com/MobileInsightsReport.pdf iii http://www.statista.com/statistics/274845/number-of-computers-in-households-in-greatbritain-since-2005/ iv This line, from Auguste Villiers de l’Isle-Adam’s 1890 play Axël, can be translated as “Live? We’ve got servants to do that for us” v Cf Mike Davis, Buda’s Wagon: A Brief History of the Car Bomb (2007) and Ralph Nader’s Unsafe At Any Speed (1965) and draw the comparisons for yourself. vi Yes, the European Computer Driving Licence exists (http://www.ecdl.org/), but it is a voluntary scheme, and concerned with an individual’s ability to operate software, rather than to consider issues of security and ethics. vii http://www.wired.co.uk/magazine/archive/2009/10/start/thunderbirds-will-grow-a-generationof-mad-engineers

43

44

45

Colin Williams SBL

47

48

49

4Secure Strategic Information Assurance (IA) and Cyber Security Capabilities For more than a decade 4Secure have provided specialist IA and Cyber capabilities across the public and private sector, delivering professional and tailored services to meet the evolving needs of our customers.

Providing next-gen Cyber Security for enterprise and tactical environments; 4 4 4 4

Through our highly skilled, qualified and experienced team of consultants, some of whom are recognised by CESG as part of the CESG Listed Advisor Scheme (CLAS) and possess UK government security clearance, we are able to tailor services to support the delivery of your business priorities and objectives, against the backdrop of an evolving cyber threat.

Hardware enforced security Protocol break Multiple concurrent connections (TCP/IP, UDP, File) Range of form factors

4Secure Drive Erazer, providing cost effective, reliable, fast and secure disk erasure 4 4 4 4

Standalone Field deployable Simple to use Efficient

Standalone Digital Forensics tools that allow effective and reliable; 4 4 4 4 4

OUR NEW

4Securerase

Write blocking Imaging Cloning Encrypting GPS and vehicle media investigation

4Secure prides itself on its agile and responsive operating model, delivering consistent, timely and high quality specialist cloud services in the following areas: 4 4 4 4 4 4

Strategic Information Assurance Risk Management & Accreditation Technical Security Information Assurance Compliance and Assessment Cyber Security Training Digital Forensics

E:

T: 0800 043 0101 enquiries@4-secure.com W: www.4-secure.com

The new computers were instantly assimilated to this world as machines for information; International Business Machines (IBM) in every sense.

52

53

Dan Shoemaker & Anne Kohnke

54

We are successfully guarding one door while the bad guys are coming and going through another.

We are successfully guarding one door while the bad guys are coming and going through another.

55

The second domain entails the electronic countermeasures. Those three are Network Security, Computer Security, and Cryptology.

A single employee can make your whole business vulnerable to a cyber attack Make security training your priority. Contact QA. MSc in Cyber Security | &HUWLȴFDWLRQV | 7HFKQLFDO YHQGRU VSHFLȴF HQG XVHU Ζ$ PDQDJHPHQW SROLF\ DQG JRYHUQPHQW VWDQGDUGV FRXUVHV | %HVSRNH RQ VLWH WUDLQLQJ SURJUDPPHV | H/HDUQLQJ

QA.com/IAcybersecurity

cybersecurity@qa.com

Achieve a self-sealing network with Trustwave Trustwave helps the public sector create an effective security strategy to analyse and secure each area of the business with useful tools: È’ /RJ PDQDJHPHQW È’ 'DWD ORVV SUHYHQWLRQ È’ 1HWZRUN DFFHVV FRQWURO È’ 5HSRUWLQJ DQG HYHQW PDQDJHPHQW 6,(0 È’ 6HFXUH ZHE JDWHZD\ WR EORFN PDOZDUH 7UXVWZDYH KDV EXLOW D VHDPOHVV LQWHJUDWLRQ RI NH\ WHFKQRORJLHV ZKLFK LV YLWDO LQ VXSSRUWLQJ D VHOI VHDOLQJ QHWZRUN JLYLQJ FXVWRPHUV D VLQJOH SDQH RI JODVV ZLWK FHQWUDO DXGLW DQG HQIRUFHPHQW FDSDELOLWLHV IRU PRELOH XVHUV DQG DFWLYLWLHV

Protect data. Reduce risk. Visit Trustwave’s stand to speak to a security specialist to find out more.

Peter Fagan

58

References 1 R.P. Reece, B.C. Stahl, The professionalisation of information security: Perspectives of UK Practitioners, Computers & Security,Volume 48, February 2015, Pages 182-195 2 Or ‘Nudge’ by Thaler and Sunstein, if you’re in a hurry. 3 Or ‘The Contract Scorecard’ by Sara Cullen, if you have more time.

Bil Hallaq, Monica Lagazio & Tim Nissen, University of Warwick

60

...the likely annual cost to the global economy from cybercrime is more than $445 billion, including both the gains to criminals and the costs to companies for recovery and defence.

privilege management

application control

sandboxing

ence i e and servers

ecto.c 62

Emma Coates

64

There’s a lot of progress bars over there. That’s a lot of people who can walk and run again thanks to this program. Sure, they’re walking around in someone else’s body, but if you were paralyzed or blind or deaf of whatever...

65

EVENTS

AofEvents lmanac march

april

2/

1/

Online

In Print CyberTalk produce and distribute over 15,000 printed copies each year across the UK, Europe and America

Over 90,000 CyberTalk readers from more than 25 differ‡nt countries access the magazine digitally each year at softbox.co.uk/cybertalk

4/

3/

SBL

Social Media

CyberTalk is published by SBL, a Value Added IT Reseller widely recognised as the market leader in Information Security. SBL offers a comprehensive portfolio of software, hardware, services and training, with an in-house professional services team enabling the delivery of a

Follow us on Facebook, Twitter, YouTube and Pinterest to join the debate

comprehensive and innovative range of IT solutions.

5/

Partnerships CyberTalk is proud to be supported by The National Museum of Computing, and to have been recognised by the UK Home Office Cyber Streetwise campaign and the US Dept.of Homeland Security

6/

Events To date, CyberTalk has been present at over 125 events in 2014 and this number looks set to grow significantly in 2015.

THE

UNIVERSE

7/

Cyber Narratives CyberTalk supports and promotes the best cyber narrative writing from around the world. As part of this we are delighted to have established the CyberTalk Flash Fiction Prize for Science Fiction.

cybertalkmagazine

@CyberTalkUK