KERBEROS by EOEX - Cyber Chicks Rule !

Page 1

KERBEROS The EOEX Cyber Security Magazine

MAY 2020

Issue #5

CYBER CHICKS RULE

Roadmap

Did You Know?

Ask a Techie!

The modern threat landscape is vast, complex, and constantly evolving. The idea that businesses can be fully secured against ... Read More

Even though men outnumber women in cybersecurity by three to one, more women are joining the field... Read More

The increasing reliance of our information-age economies and governments on cyber (computer-based) infrastructure... Read More


2

Living the Dream


3 Extraordinary Experiences


The EOEX Cyber Security Magazine

CONTENTS THE UNSUNG HEROES We Celebrate Women’s contribution to Computer Advances and Cyber Security

12 Roadmap The modern threat landscape is vast, complex, and constantly evolving. The idea that businesses can be fully secured against any and all potential threats has become untenable... Read More

28 Micro Learning Social, economic and technological everyday changes trigger new concepts and strategies which support learning. Education needs transformations in an appropriate way in which we live... Read More

4


Issue #5 - May 2020

10 COVID-19 This guideline is for individuals who have tested positive for COVID-19 but have mild or no symptoms. Mild symptoms include low fever, mild fatigue, coughing, but without pneumonia symptoms and... Read More

20 Did You Know? Even though men outnumber women in cybersecurity by three to one, more women are joining the field... Read More

36 Ask a Techie! The increasing reliance of our information-age economies and governments on cyber (computer-based) infrastructure makes them progressively more vulnerable to cyber attacks... Read More

5


The EOEX Cyber Security Magazine

EDITOR’S LETTER

SOSTHENE GROSSET-JANIN Editor in Chief

K

erberos takes its inspiration from the many books, magazines and other related literature that I have read over years, even before I decided to embark on a career in Cyber Security. This challenging field, however is not new and for those in the know, ever since the discovery of the first computer “but“ which was actually a real life worm stuck inside one of the legacy mainframes of the 1970s (true story), there have been people out there who have sought to exploit the vulnerability of binary systems for their own personal and often criminal gains. y initiation in the world of computing took place at the tender age of 7 years old (back in 1984, a year with mythical blocbuster movies such as TRON and just about the time of the AMSTRAD, ATARI and MS-DOS 3.11 system. ust like most kids of my age, I was discoverying computer games,

and just like any other kid, whenever I could not pass a game level, I decided to change the rules of the games and started to learn how to “hack” my own computer. eedless to say that this early success (changing a few variables by looking into the hexadecimal values of the source code of my game) gave me the confidence to one day become a “Guru” of computer science. ... Many years passed in between

N . I

t was only in 1996 when I enrolled in an undergraduate course in Computational Chemistry at the University of Reading, thanks to much help into c++ programming from my friends Lee Benfield and Ilya Klinstov that I was presented with the FORTRAN-77, MODULA-2 and OpenGL llanguages, that I really started to appreciate the importanceof computer Science and later Cyber Security in my adult life.

M J

6


Issue #5 - May 2020

7


8

KERBEROS

LATEST CYBERNEWS DOWNLOAD: The Definitive Corona Cyber Security for Management PPT

‘Coronavirus Cyber Security for Management’ Template for CISOs The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations’ management. As a result, CIOs and CISOs face a double challenge on the cyber risk front – apart from the new risks that the mass transfer of employees working remotely brings, capturing the management mindshare for further investments in security becomes harder than ever... Read More

Employees working from personal devices at home are vulnerable to malware and phishing attempts.

For CIOs & CISOs The intuitive connection CISOs make between, for example, malicious remote login and critical business risk is not something

executive management typically make, nor the relationship between the resources it takes to proactively address this risk and

the ones required to overcome the possible – or probable – breach that would stem from this unattended exposure. So, together with identifying the new risks, it’s imperative for the CISO to communicate them to the executive management in a way that would make it crystal clear that the subject is... Read More


9

STEALING DATA FROM AIR-GAPPED DEVICES

Cybersecurity researcher Mordechai Guri from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices. MALWARE FOR AIR-GAPPED DEVICES Dubbed ‘POWER-SUPPLaY,’ the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers. “Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities,” Dr. Guri outlined in a paper published today and shared with The Hacker News. “The malicious code manipulates the internal switching frequency of the power supply and hence controls the sound waveforms generated from its capacitors and transformers.” “We show that our technique works with various types of systems: PC workstations and servers, as well as embedded systems and IoT devices that have no audio hardware. Binary data can be modulated and transmitted out via the acoustic signals.” Air-gapped systems are considered a necessity in environments where sensitive data is involved in an attempt to reduce the risk of

Using Power Supply as an Out-of-Band Speaker data leakage. The devices typically have their audio hardware disabled so as to prevent adversaries from leveraging the built-in speakers and microphones to pilfer information via sonic and ultrasonic waves. It also necessitates that both the transmitting and receiving machines be lo-

cated in close physical proximity to one another and that they are infected with the appropriate malware to establish the communication link, such as through social engineering campaigns that exploit the target device’s vulnerabilities... Read More

UNDERSTANDING INFORMATION SECURITY

FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure The Forum of Incident Response and Security Teams (FIRST) has released... Read More

Hackers Breach 3.5 Million MobiFriends Dating App Credentials The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up... Read More

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework... Read More


The EOEX Cyber Security Magazine

COVID-19

Guidelines for SelfIsolation Chen Shen and Yaneer Bar-Yam New England Complex Systems Institute March 15, 2020

symptoms progress. Have key contacts in speed dial. Set up check-in (at least daily) with a family member/friends. Inform them of all the emergency contact information, as well as any information needed to get into your home in case you are incapacitated. Take care of your health with sufficient hydration, eat a balanced diet, and sleep regular hours. Maintain or develop fun or educational activities including reading, solitary or online games, or other online interactions. Wash your hands frequently, with soap / hand sanitizer for no less than 20 seconds each time. Regular ventilation of the living area is crucial. Wash bed sheets, towels and clothing frequently. Separate yours from others. Avoid contact with your pet and other animals. If not pos- sible, ensure you wear mask and wash hands before/ after interacting with pets. Isolate yourself from any physical contact with others, but stay in touch with family and friends by text, phone, video chats, or other electronic means. This is important for many reasons including maintaining a positive outlook. If news about the development of the outbreak gives you anxieties, try not to focus too much on it to avoid further mental health burden... Read more

This guideline is for individuals who have tested positive for COVID-19 but have mild or no symptoms. Mild symptoms include low fever, mild fatigue, coughing, but without pneu- monia symptoms and with no accompanying chronic illness. Where local medical resources are strained and cannot hos- pitalize individuals with moderate or even worse symptoms, this document can also provide guidance. Please keep in mind that advice provided here is designed for mild/no symptom individuals. Once symptoms develop, including difficulties in breathing, high fever, seek medical care immediately. Recognize that most cases resolve with a full return to health. The quarantine is a temporary necessity, typically for 14 days. It is strongly advised to live alone, at least in a separate room. IF YOU ARE LIVING ALONE Keep close track of your health condition. Keep a health log with clear handwriting in an obvious place. The log should include: record date & time, heart rate, blood oxygen saturation (taken by oximeter), any symptoms, meals, medicine taken and dosage. Keep abreast of local information on what to do when

10


Issue #5 - May 2020

Everyday Life and COVID-19

O

ver the last few months, our lives have changed in many profound ways. A pick-up basketball game, a trip to the grocery store, even walking through the lobby of our apartment building to the elevator are all fraught with potential dangers—the possibility that the forward on the other team, the last customer to squeeze the same orange, or your neighbor that pushed the elevator button are unknowingly COVID-19 positive and passing the virus onto us. This holds for everything they touch and every breath they make in the spaces we share, even momentarily.

APARTMENT BUILDINGS

instructions available to make your own.

Homes with shared entrances expose us to everyone else in our building, in the common areas, entryways, hallways, laundry rooms, sometimes even the air we breathe through a common ventilation system.

Once you get to your apartment, wash your hands well before touching anything else (with soap for at least 20 seconds). Carry hand sanitizer with you to clean your hands when you are going out.

Spend as little time as possible in entryways and common areas, even when they are not crowded. The coronavirus sticks around on surfaces and in the air.

See setting up a receiving area for packages (below).

Assume any surface—your mailbox, the doorknob, ele-vator buttons—is contaminated and can transmit COVID-19. Put something disposable between you and the sur-face, gloves, a piece of cloth, or even a piece of paper. Be creative. When possible, wear a mask , scarf or bandana when walking in shared spaces. Reusable, washable masks are available, and there are simple

Keep windows in your apartment open when weather allows. A HEPA air purifier in your apartment will help with central ventilation systems, or when windows can’t be open. Assume elevators are contaminated, as there may be many people per day sharing that small space. Avoid sharing elevators with other people. When possible, use the stairs, it’s great exercise, to boot, though still not as fun as that pick-up basketball game.

Obtaining and providing essentials at a time of crisis re-quires extraordinary attention. Many grocery stores are now offering a number of ways to keep shopping safe for staff and customers. Find and use the stores in your area that take safety seriously and offer some or all of these things. Hand sanitizer and sanitizing wipes at the entrance, throughout the store and at check out for cashiers and baggers, as well as customers. Staff who remind shoppers to keep safe distance apart. Staff who use a no-contact digital IR thermometer to check external body temperature, to make sure anybody who enters the store doesn’t have symptoms. Ordering online to be picked up at curbside, parking lot or home delivery with no contact... Read More

11


The EOEX Cyber Security Magazine

01 ROADMAP Threat Intelligence done right is a window into the world of your adversary.

T

The modern threat landscape is vast, complex, and constantly evolving. The idea that businesses can be fully secured against any and all potential threats has become untenable. Threat intelligence done right is a window into the world of your adversary. Vendors and service providers are aiming to empower organizations by alerting them to the specific threat vectors and attacks they face, as well as how they should be prioritized for protection and prevention. Gartner defines threat intelligence as, “evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that men-

12

ace or hazard. This definition highlights the three factors that distinguish threat intelligence from mere data and information. If any of these requirements are missing, more processing is required before information can be considered threat intelligence. As you begin the process of selecting a threat intelligence solution, you’ll want to be sure you’ve clearly defined your needs, as well as have a good understanding of vendor capabilities. This short guide will pose 11 key questions and their implications to help inform your decision on selecting a solution that delivers intelligence-driven security. Threat intelligence comes in many different “flavors” and categories, and deciding which is best for your organization largely depends on your intended use cases. To help you identify your area of need, we subdivide threat intelligence into four categories and their targeted use cases: Operational Threat Intelligence — This is related to specific, impending attacks, and is often consumed by senior security staff. This is what comes to mind most commonly when people think of threat intelligence; the ability to identify when and where attacks will come in advance.


Issue #5 - May 2020

13


The EOEX Cyber Security Magazine

OUR HEROES OF THE MONTH Kerberos Magazine is dedicating this issue not just to great women of our time, but to courageous women who have braved the many professional barriers and glass ceilings of many generations while contributing immensely to the major advances in Cyber Security.

Cyber Security Research Exec

Cyber Security Sales Director

Cyber Security Specialist

Charlotte Whittington

Ema Rimeike

Kirsten Fury

Recruitment Consultant specialising in Information Security, Application Security, Network Security, Technology Risk, Digital / Cyber Forensics, Read More

My speciality is choosing pioneering Cyber security startups that bring disruptive technology to help improve business processes... Read More

Experienced Account Manager, self-starter and highly motivated to succeed – in depth knowledge of Cyber Security... Read More

Cyber Security Client Director

Cyber Security Executive

Cyber Security Manager

Shannon Pitchford

Cristina Cabera Navarro

Mollie Chard

Symantec’s mission is to make the world a safer place by delivering unmatched visibility and insights to customers and partners, and by adopting a holistic security approach to security... Read More

Darktrace’s self-learning AI is modeled on the human immune system and used by over 3,000 organizations to protect against threats to the cloud, email, IoT, networks and... Read More

Highly driven CISSP, SSCP and CEH certified cyber security professional with experience in security management and security assurance in large organisations, across both public and private sector... Read More

14


Issue #5 - May 2020

NOT JUST A PRETTY FACE

15


16

NOTABLE LEADERS

Claudia Bruce-Quartey

This month we have decided to pay triubute to the valuable contributions of three remarkable professionals who have left their mark. From life coach, Seasoned SaaS Sales Account Manager to Startup Entrepreneur, our leadership pick goes out to them with a big:

THANK YOU !


17 Mani Masshafi

Paying it Forward...

Leesha Austin-Buehlmann


The EOEX Cyber Security Magazine

18


Issue #5 - May 2020

Master en Ciberseguridad y Hacking Etico (a tu ritmo) Todas las secciones de nuestro máster streaming están grabadas, dándote la posibilidad de realizarlo a tu ritmo, visualizando las clases las veces que quieras, los días que puedas.

U

n estudio llevado a cabo por el Centro para la Ciberseguridad y Educación (ISC)² sobre la Fuerza de Trabajo Global en Seguridad de la Información (GISWS) de 2017, revela que faltarán más de 1,8 millones de trabajadores en ciberseguridad en 2022. Esto es debido a que los ciberataques constituyen ya uno de los principales riesgos dentro de la economía mundial y esto ha hecho que las empresas inviertan cada vez más en protegerse ante este tipo de ataques. Debido a esta gran demanda de técnicos en Ciberseguridad, Comunix ha creado este Máster en Ciberseguridad y Hacking Ético totalmente práctico, de la mano de mejores profesionales y docentes especializados en cada temática. Los alumnos del máster tendrán la posibilidad de realizar prácticas en empresas del sector. Estas prácticas, tienen un alto porcentaje de incorporación a la empresa tras su finalización.

¿

A QUIÉN VA DIRIGIDO? Para todos aquellos con ganas de iniciarse desde cero en el mundo de la Ciberseguridad. Ingenieros Informáticos y

19

de Telecomunicaciones. Técnicos que deseen ampliar sus conocimientos. Miembros de las Fuerzas y Cuerpos de Seguridad del Estado. Administradores que deseen ampliar sus conocimientos en temas de securización de la infraestructura de redes... Read More


The EOEX Cyber Security Magazine

02

DID YOU KNOW ?

Women in Cybersecurity! Young,

Educated

and

Ready to Take Charge

E

ven though men outnumber women in cybersecurity by three to one, more women are joining the field – and they are gunning for leadership positions. Buoyed by higher levels of education and more certifications than their male counterparts, women cybersecurity workers are asserting themselves in the profession. Compared to men, higher percentages of women cybersecurity professionals are reaching positions such as chief technology officer (7% of women vs. 2% of men), vice president of IT (9% vs. 5%), IT director (18% vs. 14%) and C-level/ executive (28% vs. 19%), based on findings in the 2018 (ISC)2 Cybersecurity Workforce Study. The figures show that women are forging a path to management. hey are generally more educated and younger. While 44% of men in cybersecurity hold a post-graduate degree,

20

the number of women is 52%. Nearly half of women cybersecurity professionals surveyed are millennials – 45% compared to 33% of men. By contrast, Generation X men make up a bigger percentage of the workforce (44%) than women (25%). According to the survey, women working in cybersecurity currently account for about one quarter (24%) of the overall workforce. This is a significantly higher finding than from 2017, when only 11% of study respondents where women. It should be noted that this study used a revised research methodology, which likely accounts for the larger representation of women. Past iterations of the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) found the number of women in cybersecurity was a mere 11%. However, with the most recent study, we have taken a more holistic look at who is truly doing the work of cybersecurity. We talked to certified cybersecurity professionals in official cybersecurity functions as well as IT/ ICT professionals who spend at least 25% of their time working on cybersecurity responsibilities. Through this new approach to defining the cyber-


Issue #5 - May 2020

security workforce, our goal is to get a more accurate picture of the people doing the work – which, in turn, will provide more insight into the challenges we are facing and help us find solutions. One of the most significant differences we found, through this improved, more inclusive methodology, is that the number of women with cybersecurity responsibilities who responded to our survey is now up to 24%. Previous methodologies focused heavily on traditional cybersecurity roles and sectors in which many cybersecurity practices and functions originated, like the U.S. federal government. By broadening the scope of our research to encompass the men and woman doing the work in organizations of all sizes across public and private sectors, and around the globe, we found a significant increase in the number of women in the cybersecurity workforce. Our research suggests women cybersecurity professionals still face an uphill climb in some areas, specifically in compensation. When asked about their previous year’s salaries, 17% of women said they earned

U.S. $50,000 to $99,999, a full 12 percentage points less than men (29%). Women are somewhat closer in representation within the $100,000+ range (16% vs. 20% of men) but of course that still means proportionally fewer women earn that level of compensation. Some of this inequity may be explained by age and tenure. If women cybersecurity professionals as a group are younger than men, fewer have worked in the field as long as most male counterparts, so that may be a cause for some discrepancy. But this doesn’t erase the reality revealed in previous research that women in cybersecurity managerial positions earn about $5,000 less than men, indicating there is still an issue that needs to be addressed. he inequity may also explain what compels women to proportionally earn more degrees and certifications than men. Women place more value than men (28% vs. 20%) on cybersecurity or related college graduate degrees, according to the Cybersecurity Workforce Study. On average, women also earn more cybersecurity certifications.

21


22

PERRIGO PRODUCES HAND SANITIZER; WILL DONATE AT LEAST $500,000 WORTH TO LOCAL HOSPITALS AND FIRST RESPONDERS FACING URGENT SHORTAGES

Mairead Killeen Associate Director - Global Indirect Procurement at Perrigo Company plc

Allegan, Michigan and Bronx, New York – April 14, 2020 – Perrigo Company plc is responding to the urgent needs of hospital, medical and first responder personnel who are running dangerously low on medical supplies. Over the next few months, the Company will donate at least 500,000 bottles of hand sanitizer to local hospitals and first responders facing urgent shortages of this essential product. Once Perrigo learned about the shortage, the Company’s team quickly mobilized to formulate, produce and ship hand sanitizer within only a few weeks’ time. Perrigo is manufacturing the hand sanitizer at its New York facility and the product is being delivered to hospitals and healthcare providers in West Michigan, including Allegan General Hospital and Spectrum Health Hospitals, and the greater New York City area (New York/New Jersey/Connecticut) through the ‘Mayor’s Fund to Advance New York City,’ which determines the agencies most in need of the product. The Michigan State Police will also receive hand sanitizer donations to aid first responders in their work with the general public... Read More


23

CÓMO EVITAR QUE EL NOVATO EN LA EMPRESA SE DÉ A LA FUGA Muchos de los recién llegados a una empresa se marchan antes de cumplir el primer año. La poca capacidad de retención es un problema para los trabajadores, pero también para las empresas. Incapaces de frenar la deserción, asisten al drama de perder al mejor candidato reclutado, el tiempo y recursos invertidos en el proceso de selección y, lo que es peor, el salto a la competencia del novato a la fuga. Como apunta Javier Cantera, presidente de la consultora Auren BLC, “las compañías deben ahondar en sus políticas de adaptación porque hay mucho esfuerzo en la selección de personas, así como una inversión media del 12% de la retribución bruta del puesto”. El consultor califica de “abanderadas y líderes” en este campo a las empresas tecnológicas, de telecomunicaciones y a las farmacéuticas, “que lo hacen muy bien”, y sitúa a las firmas de telemarketing en el extremo opuesto... Read More

Muchas de las nuevas incorporaciones abandonan las empresas durante el primer año. Hay poco seguimiento de su trabajo por parte de las organizaciones

Paloma Guijarro Montojo Gerente Recursos Humanos en Educaria


The EOEX Cyber Security Magazine

24


Issue #5 - May 2020

SKIP THE QUEUE SEE A DOCTOR ONLINE

HealthSteer.co.uk Instant Online GP Consultations.

your team and your company’s wellbeing.

Innovative Healthcare through Technology-Online GP Consultations. We help: GP surgeries, Hospitals, Businesses and patients. GP Surgeries and Hospitals. With the Coronavirus Pandemic it appears doctors are now finding it difficult and in some areas impossible to provide patients adequate healthcare. This also increases pressures on our NHS. To help GP Practices and hospitals reduce the pressures on the NHS we provide online video consultations for patients. Confidentiality is maintained, footfall is reduced and DNA’s decline. All while keeping helping the clinician to reduce admin. As well as maintaining social distancing and significantly reducing the spread of COVID19 through less interaction and spread of the coronavirus. Businesses Connecting CEO’s, MD’s, HR Directors and employees with instant access to healthcare via face to face On-line GP consultations. On: Mobile, Tablet and Laptop. A healthy team means a healthy company. We are here for you,

Patients/ Employees

25

This allows individuals to receive the best immediate healthcare advice, access prescriptions, fit notes and referrals to a specialist straight away. We are Regulated by the CQC (Care Quality Commission)... Read More

Head of Sales Jonathon Nimmons


26

VENDOR CHOICE

CyberArk

CyberArk: Secure Privileged Access. Stop Cyber Attacks. CyberArk is a publicly traded information security company offering Privileged Account Security. The company’s technology is utilized primarily in the financial services, energy, retail, healthcare and government markets. Read More


27 FireEye

FireEye: Cyber Security Experts & Solution Providers FireEye is a publicly traded cybersecurity company headquartered in Milpitas, California. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. FireEye was founded in 2004. Read More


The EOEX Cyber Security Magazine

03 MICRO LEARNING

responded to a question after reading each of the 16 chapters; the second group answered four questions after reading each group of four chapters; group number three received eight questions after each half of the original text. Passing through this first stage, in the second stage students have supported the same test of multiple choice items covering the whole course material. Results demonstrated that smaller slices content helped participants to better retain rst group

Social, economic and technological everyday changes trigger new concepts and strategies which support learning. Education needs transformations in an appropriate way in which we live, work and learn. Recent studies indicate that a short content may increase information retention by 20 %. Researchers at Dresden University of Technology in Germany have launched a study to examine this issue. It is well known that most e-learning materials format is a piece of content, followed by an evaluation question. The study’s goal was to see if students respond better to these questions when they watched several small pieces of content answering many appropriate questions, or when they watched large amounts of content with fewer evaluation sections. So, the e-learning material was sixteen chapters of content and the students were divided into three groups, as following: the first group

information and better perform in each of the two stages: • the first group took 28 % less time to answer their assessment questions than the third group, and did 20 % better; • the first group performed 8 % better on the comprehensive test than the second; • students in the third group had to read again more than three times the number of sections than the first group did; • in the second stage of the study, the first group accomplished 22.2 % better than the third group and 8.4 % better than the second group. Giving students a long content at once leads to very little interaction between information and the learner. This way, the content may exceed the capacity of working memory and drives to uncertainty in the learning environment. Another facet of the problem is that, knowing what is expected with introduced information is crucial in an easier retention... Read More

28


Issue #5 - May 2020

Micro Learning: A Modernized Education

L

earning is an understanding of how the human brain is wired to learning rather than to an approach or a system. It is one of the best and most frequent approaches for the 21st century learners. Micro learning is more interesting due to its way of teaching and learning the content in a small, very specific burst. Here the learners decide what and when to learn.

The impact of Information and Communication Technology (ICT) is becoming increasingly effective in teaching and learning at all the levels of education. Micro-learning: it’s learning in tiny chunks and short bursts of time. Great way to learn in the small. Goes well with mobile. Will only get bigger in the future. Micro learning is enjoying a rapid growth and importance among the changing management and learning professionals. Micro learning is the most suitable method for the latest learning system. The search for the right technology has been the core concept of micro learning1. On the other hand micro learning is a new way of responding to the necessity of work-based learning, lifelong learning, personal learning, and much more. It is more successful due to its perfect combination of small chunks of learning content along with the

flexibility of technology. Micro learning has become more popular due to its features such as learner centric, affordable, interactive, and well designed. Section I will discuss about micro learning and its advantages, while section II will discuss about micro content. Section III and IV will state about the methodology, and the collected data will be analyzed, and the final section, V, will conclude with discussions. Micro learning Micro-learning (from the Greek word “micro” meaning small) is all about getting your eLearning in small doses, as tiny bursts of training material that you can comprehend in a short time (http://www.efrontlearning.net dated on 10/10/2015). It goes along with traditional eLearning, but in smaller segments. In micro learning instructional design techniques are used to acquire knowledge, skills, and abilities which happen on a daily basis.

29

Microcontent The microcontent is a small unit of digital information. It has very limited and important information compared to a regular content (because of the size of the screen and the complexity of the interface). Microcontents are always remixable and reusable based on the mind of the user, on the processing method of an application, and on the screen of the device. The contents are always free to be separated, and can form any new pattern (Sánchez-Alonso et al., 2006). Microcontents are clearly distinguished from macrocontents because they are formal, as well as semantic. Microcontents are very attractive because they are also individually addressed and referred to by sets of formal metadata. The metaweb itself is formed of microcontent.


The EOEX Cyber Security Magazine

30


Issue #5 - May 2020

HOW WE LEARN Microlearning has become a popular way of training employees in the flow of work. Over the next few weeks and months, we will be doing a micro-series on microlearning; delivering short, micro-content on the what, why, and the how-to guide to microlearning.At the end of this blog series, we will publish a downloadable guide to microlearning.

The first thing we need to understand, even if only at a high level, is how we as people process information and learn new things. We don’t need a degree in neuroscience here to understand a few important concepts. First, information comes at us and we process it first through an encoding process in our short-term memory, which has a limited capacity. In fact, the cognitive load theory states that we can only process 5 to 9 bits at a time. Some bits of information stay in our short-term memory and others are quickly forgotten. Consolidation is another key learning process, where scientists believe the brain replays OR rehearses the new information, looking for connections to existing information or a context in which to keep or make information meaningful. This process of consolidation help us to retain more of the important stuff or stuff that is closely related to other important information.

Millennials are more educated than any generation, but their financial well-being is complicated (25). The Great Recession of 2008 had interesting implications for Millennials. Although Millennials are more educated, their median debt was nearly 50% greater ($19,000) than for Gen X debt holders when they were young ($12,800). While young adults in general do not have much-accumulated wealth, Millennials have slightly less wealth than Boomers did at the same age. This modest difference in wealth can be partly attributed to differences in debt by generation (25). Compared with earlier generations, more Millennials have outstanding student debt, and the amount of it they owe tends to be greater (25). It is likely that the complex financial situation for many Millennials and younger generations, is a driving force in their pursuit of learning and development, in order to grow personally, professionally, and financially.

Another key learning process is retrieval. Researchers believe that forced retrieval is most effective after time has passed after the initial learning and some forgetting has occurred (some call this “reconsolidation” – others spaced retrieval). The bottom line here is our brain needs to work to “secure” the learning for easier retrieval later. Encoding Short-term memory, observations, memory traces and what we’ve seen (limited capacity) Consolidation Time scientists believe the brain replays or rehearses the learning, new knowledge next to neural markers Retrieval Forced retrieval is most effective after time intervals and some forgetting has occurred.

31


32

JOB BOARD THE LATEST VACANCIES IN CYBER SECURITY

(JUNIOR) CYBER SECURITY CONSULTANT Atos - Amstelveen, NL

Cyber Security Business Development Lead Lawrence Harvey - London, UK

Vendor Management - Cyber Security Ingram Micro - Mississauga, CA (USA)

Cyber & Safety Security Leader ABB - Abu Dhabi, AE

Cyber Security Specialist Ultimo South - London, GB

Cyber Security Consultant IT Networks Thales - Reading, GB


33 Cyber Security Specialist Boeing - Williamtown, AU

Cyber Security Specialist UBS - Zurich, CH

Cyber Security Specialist Sogeti - Espoo, Finland

Cyber Security Specialist Future Track - Barcelona, Spain

Regional Safety And Security Manager Red Hat - Farnborough, GB

Sales Specialist, Cyber Security Solutions VMware - Reading, GB

FROM AROUND THE WORLD

Cyber Security Sales Executive Leap29 - Melbourne, AU

Country Cyber Security Officer Huawei - Stockholm, Sweden

Cybersecurity Solutions Specialist Micro Focus - London, GB


The EOEX Cyber Security Magazine

34


Issue #5 - May 2020

SMART WORKING Work flexibility without constraints

The outbreak of coronavirus has led to a huge increase in ‘smart working’ across the world, but little is known about the economic effects of this mode of working. This column

The outbreak of the 2019 novel coronavirus is threatening the economy worldwide. To contain the spread of the coronavirus and curb contagion, a new organisational model of work, known as ‘smart working’, is becoming increasingly important: workers can work outside their workplace and with a flexible time schedule, thanks to the use of technology. Flexibility over where and when to work is being used to continue with work-related activities and avoid the collapse of the economy. Despite the massive increase in recent weeks, we still know very little about the economic effects of smart working in normal times. Previous research has studied the use of the traditional practice of working from home under the same wage conditions and under the control of the employer (‘telecommuting’). In an experiment with Chinese call-centre employees (a routine job), Bloom et al. (2014) show that telecommuting can be beneficial for employees’ productivity and their work-life balance, although at the cost of feeling isolated, which, in the

35

long run, may reduce the benefits and the desirability of this practice... Read More

Marta Angelici


The EOEX Cyber Security Magazine

04

ASK A TECHIE ! Discover our favourite Cyber Security Experts of the Month. Men and women with a proven track record and stories to tell.

Head of Cyber Practice

Ethical Hacker

Cyber Security Analyst

Mark Thomas

Jennifer Arcuri

Randy Quaye

We are sector and industry specialists when it comes to technology recruitment. With over 40 specialist technology consultants working in our offices... Read More

Founder of Hacker House, Inno-Tech Network, video producer, serial entrepreneur, and Cyber Security Ethical Hacker. Experienced in information security... Read More

Electronic and Computer Engineer with a strong passion for technology. Proficient in many programming languages including but not limited to JAVA,C/ C++, ... Read More

Junior Penetration Tester

Cyber Security Director

Cyber Security Manager

Hannah Potts

Ameet Patel

Tessa Bridgeman

Perform formal penetration tests on web-based applications, networks and computer systems Conduct physical security assessments of servers, systems and network devices... Read More

Ameet is an established global leader with over 23 years of experience in Information Security, Risk management, Audit, IT Assurance and Compliance. Former Global Chief Information Security Officer (CISO)... Read More

A self-motivated, hardworking individual with a passion for IT. I have previously undertaken various roles within government and market leading organisations to which I have begun... Read More

36


Issue #5 - May 2020

FREQUENTLY ASKED QUESTIONS Big Question

W

hat is a cyber attack? cyber attack: An offensive action by a malicious actor that is intended to undermine the functions of networked computers and their related resources, including unauthorized access, unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.

Little Question

W

hat is malware? malware is an umbrella term derived from “malicious software�, and refers to any software that is intrusive (unauthorized access), disruptive, or destructive to computer systems and networks. Malware may take many forms (executable code, data files) and includes, but is not limited to, computer viruses, worms, trojan horses (trojans), bots (botnets), spyware (system monitors, adware, tracking cookies), rogueware (scareware, ransom-

Great Question

W

hat is a cyber risk? cyber risk: A risk assessment that has been assigned to a cyber threat, such as DDoS attack or a data breach. A cyber risk assessment may be either qualitative or quantitative, where the latter should estimate risk (R) as a function of the magnitude of the potential loss (L) and the probability that L will occur (i.e., R = p * L).

37


The EOEX Cyber Security Magazine

38


Issue #5 - May 2020

HEAL THE WORLD OF TOMORROW WITH SCIENCE

C

oronaviruses (CoVs) are a large family of viruses belonging to the family Coronaviridae. The limited number of coronaviruses known to be circulating in humans cause mild infections and

T

hey were regarded as relatively harmless respiratory human pathogens 1. The emergence of the severe acute respiratory syndrome coronavirus (SARS-CoV) and the Middle East Respiratory Syndrome (MERS) virus revealed that coronaviruses can cause severe and sometimes fatal respiratory tract infections in humans. The first known case of SARS-CoV occurred in Foshan, China in November 2002 and new cases emerged in mainland China in February 2003. The first emergence of MERS-CoV occurred in June 2012 in Saudi Arabia 2. These events demonstrated that the threats of CoVs should not be underestimated and that it is of paramount importance to advance the knowledge on the replication of these viruses and their interactions with the hosts to develop treatments and vaccines. These successive out-

39

breaks also highlight the long-term threat of cross-species transmission events leading to outbreaks in humans and the possible re-emergence of similar virus infection that should be considered seriously 3. SARS-CoV and MERS-CoV are two major causes of severe atypical pneumonia in humans and share important features that contribute to preferential viral replication in the lower respiratory tract and viral immunopathology... Read More


The EOEX Cyber Security Magazine

MAGIC SAUCE

Data security is crucial for all small businesses. Customer and client information, payment information, personal files, bank account details - all of this information is often impossible replace if lost and dangerous in the hands of criminals. Data lost due to disasters such as a flood or fire is devastating, but losing it to hackers or a malware infection can have far greater consequences. How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners.

40


Issue #5 - May 2020

Cyber Plan Action Items What kind of data do you have in your business? A typical business will have all kinds of data, some of it more valuable and sensitive than others, but all data has value to someone. Your business data may include customer data such as account records, transaction accountability and financial information, contact and address information, purchasing history, buying habits and preferences, as well as employee information such as payroll files, direct payroll account bank information, Social Security numbers, home addresses and phone numbers, work and personal email addresses. It can also include proprietary and sensitive business information such as financial records, marketing plans, product designs, and state, local and federal tax information. How is that data handled and protected? Security experts are fond of saying that data is most at risk when it’s on the move. If all your business-related data resided on a single computer or server that is not connected to the Internet, and never left that computer, it would probably be very easy to protect. But most businesses need data to be moved and used throughout the company. To be meaningful data must be accessed and used by employees, analyzed and researched for marketing purposes, used to contact customers, and even shared with key partners. Every time data moves, it can be exposed to different dangers. As a small business owner, you should have a straightforward plan and policy – a set of guidelines, if you

41

like – about how each type of data should be handled, validated and protected based on where it is traveling and who will be using it. Who has access to that data and under what circumstances? Not every employee needs access to all of your information. Your marketing staff shouldn’t need or be allowed to view employee payroll data and your administrative staff may not need access to all your customer information. When you do an inventory of your data and you know exactly what data you have and where it’s kept, it is important to then assign access rights to that data. Doing so simply means creating a list of the specific employees, partners or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. Your business could have a variety of data, of varying value, including: Customer sales records Customer credit card transactions Customer mailing and email lists Customer support information Customer warranty information Patient health or medical records Employee payroll records Employee email lists Employee health and medical records. Business and personal financial records. Marketing plans. Business leads and enquiries. Product design and development plans. Legal, tax and financial correspondence.


The EOEX Cyber Security Magazine ARTICLE

CYBER PLAN AC TION ITEMS

CYBER PLAN ACTION ITEMS Protect against online fraud

P

rivacy is important for your Online fraud takes on Personal Health Information: Whether business and your customyou’re a healthcare provider with lots ers. Continued trust in your many guises that can of sensitive patient information or business practices, products and seyou simply manage health or medical cure handling of your clients’ unique impact everyone, ininformation for a small number of information impacts your profitabilemployees, it’s vital that you protect ity. Your privacy policy is a pledge to cluding small business- that information. A number of studies your customers that you will use and have found most consumers are very protect their information in ways that es and their employees. concerned about the privacy and prothey expect and that adhere to your tection of their medical records. They legal obligations. Your policy starts It is helpful to maintain do not want their health information with a simple and clear statement falling into the hands of hackers or describing the information you colconsistent and predict- identity thieves who might abuse it lect about your customers (physical for financial gain. But they also may addresses, email addresses, browsing able online messaging not want employees or co-workers history, etc), and what you do with prying into their personal health it. Customers, your employees and when communicating details. And they often don’t want even the business owners increasingfuture employers or insurers finding ly expect you to make their privacy with your customers out about any medical conditions a priority. There are also a growing or history. Customer information: number of regulations protecting to prevent others from This includes payment information customer and employee privacy and such as credit or debit card numbers often costly penalties for privacy impersonating your and verification codes, billing and breaches. You will be held accountshipping addresses, email addresses, able for what you claim and offer in company. phone numbers, purchasing history, your policy. That’s why it’s important buying preferences and shopping to create your privacy policy with behavior. care and post it clearly on your website. It’s also important to share your privacy policies, rules and expectations with Protect data collected on the Internet all employees and partners who may come into contact with that information. Your employees need to be familiar Your website can be a great place to collect information with your legally required privacy policy and what it – from transactions and payments to purchasing and means for their daily work routines. Your privacy policy will browsing history, and even newsletter signups, online should address the following types of data: enquiries and customer requests. This data must be protected, whether you host your own website and therefore Privacy is important for your business and your custommanage your own servers or your website and databases ers. Continued trust in your business practices, products are hosted by a third party such as a web hosting comand secure handling of your clients’ unique information pany. If you collect data through a website hosted by a impacts your profitability. Your privacy policy is a pledge third party, be sure that third party protects that data fully. to your customers that you will use and protect their inforApart from applying all the other precautions that have mation in ways that they expect and that adhere to your been described, such as classifying data and controlling legal obligations. access, you need to make sure any data collected through your website and stored by the third party is sufficiently secure.

42


Issue #5 - May 2020

T

Plan for data loss or theft

Every business has to plan for the unexpected, and that includes the loss or theft of data from your business. Not only can the loss or theft of data hurt your business, brand and customer confidence, it can also expose you to the often-costly state and federal regulations that cover data protection and privacy. Data loss can also expose businesses to significant litigation risk. That’s why it’s critical to understand exactly what data or security breach regulations affect your business and how prepared you are to respond to them. That should be the foundation of a data breach response plan that will make it easier to launch a rapid and coordinated response to any loss or theft of data. At the very least, all employees and contractors should understand that they must immediately report any loss or theft of information to the appropriate company officer. And because data privacy and breach laws can be very broad and strict, no loss should be ignored. So even if you have sensitive data that just can’t be accounted for, such as an employee who doesn’t remember where he left a backup tape, it may still constitute a data breach and you should act accordingly.

43

rain employees to recognize social engineering

Social engineering, also known as “pretexting,” is used by many criminals, both online and off, to trick unsuspecting people into giving away their personal information and/ or installing malicious software onto their computers, devices or networks. Social engineering is successful because the bad guys are doing their best to make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users. Most offline social engineering occurs over the telephone, but it frequently occurs online, as well. Information gathered from social networks or posted on websites can be enough to create a convincing ruse to trick your employees. For example, LinkedIn profiles, Facebook posts and Twitter messages can allow a criminal to assemble detailed dossiers on employees. Teaching people the risks involved in sharing personal or business details on the Internet can help you partner with your staff to prevent both personal and organizational losses. Many criminals use social engineering tactics to get individuals to voluntarily install malicious computer software such as fake antivirus, thinking they are doing something that will help make them more secure. Fake antivirus is designed to steal information by mimicking legitimate security software. Users who are tricked into loading malicious programs on their computers may be providing remote control capabilities to an attacker, unwittingly installing software that can steal financial information or simply try to sell them fake security software.


44

PUBLISHER’S PICK


45


The EOEX Cyber Security Magazine GALLERY

Penetration Testing

Forensic Computer Analyst & Cryptographer

Cyber Threat Analysis

CISO - Cyber Security Experts at the Executive Level

46


Issue #5 - May 2020

Blockchain & Crypto Currency Security

CYBER CHICKS Rule !

Embedded systems programmer

Network Systems Architect

47


The EOEX Cyber Security Magazine

COMING SOON... The journey of a thousand miles always begins with a single step, in the right direction. At Kerberos Magazine, and with the help of EOEX, we have created a unique online publishing experience which we hope will help you on your journey into the World of Cyber Security.

Issue #2 Network & Hardware Security Engineering

Issue #3

Issue #4

Outbreak

Data Security & Privacy

48


Issue #5 - May 2020

49


The EOEX Cyber Security Magazine

KERBEROS MAGAZINE


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.