K-12 Data Security Tips from PowerSchool’s Chief Information Security Officer

PowerSchool

By Rich Gay, Chief Information Security Officer & VP of Development , PowerSchool . No school or district can be 100 percent safe from cybersecurity attacks. Las t year alone, there were 122 data security incidents reported at K-12 schools, according to a recent report by the K-12 Cybersecurity Resource Center. The good news is that there are many ways to be proactive and secure your student and staff information.

Cybersecurity Q&A with Dave Elfering, VP information security at Werner Enterprises

Sailpoint

Dave Elfering, currently Vice President of information security has also witnessed a considerable amount of growth and change over his career when it comes to information security. In 1997, Elfering began working at Werner as a project manager to help the company build its online presence and secure its data. Tell us how you got interested and eventually started in information security? I started writing a lot of security policies.

Netflix Information Security: Preventing Credential Compromise in AWS

Netflix TechBlog

Today, we would like to share two additional layers of security: API enforcement and metadata protection. For more information on how the AWS services mentioned work, see the Background section at the end of this post. cloud-computing netflixsecurity security cloud-security aws

AWS 108

Q&A with John Masserini, Chief Information Security Officer at Millicom

Sailpoint

In this Q&A we spoke with John Masserini, chief information security officer at international telecommunications provider Millicom. Masserini talks with us about his interesting career path in information security, cloud security, and identity management.

Georgia bill could stifle the state’s booming cybersecurity community

The Parallax

A new bill winding its way through the Georgia state senate has cybersecurity experts on alert. As Senate Bill 315 is currently written, academics and independent security researchers alike could be subject to prosecution in Georgia alongside malicious hackers.

Why health care cybersecurity is in ‘critical condition’

The Parallax

government-sponsored Health Care Industry Cybersecurity Task Force delivered more than 100 recommendations to the Department of Homeland Security to make medical technology more resistant to hackers. READ MORE FROM ‘NO PANACEA FOR MEDICAL CYBERSECURITY’.

Triaging modern medicine’s cybersecurity issues

The Parallax

Hackers often talk about practicing good “cybersecurity hygiene” : making sure that basic standards, such as using unique passwords for each log-in, are met. ”—Jacki Monson, chief privacy and information security officer, Sutter Health. READ MORE ON MEDICAL SECURITY.

Cybersecurity Style Guide helps you write like a hacker

The Parallax

The Bishop Fox Cybersecurity Style Guide , published last week , was developed over the last year and a half to fill a vacuum, says its lead editor, Brianne Hughes. My real goal was to bridge the gap between people who are writing in security, and the people who have to read that.”.

Cybersecurity On Call: Balancing Connectivity and Cybersecurity with Paul Roberts

Cloudera

LockState learned a hard lesson around cyber and IoT security –as well as customer trust. To learn more about how the industry is balancing connectivity with cybersecurity, we have invited Paul Roberts to join us. Paul is the founder and Editor in Chief of The Security Ledger, an independent security news website that explores the intersection of cyber security with the Internet of Things.

How Should CIOs Handle More Cybersecurity Regulations?

The Accidental Successful CIO

As our companies understand the importance of information technology and acquire more and more valuable information, the bad guys keep trying to find ways to break in and steal customer credit card and personal information.

How Certifications Can Help You Land a Position | Hacking In to Cybersecurity

Linux Academy

Welcome to Hacking In to Cybersecurity, an all-new series dedicated to helping you, the reader, get a leg up on the competition when trying to break into the cybersecurity career field. The blogs will consist of introducing you to some techniques you can use to help to land a security position, as well as covering some concepts that anyone considering joining the career field should know about. How Hiring Managers Find the Best Candidates for a Cybersecurity Position.

How hackers are approaching medical cybersecurity

The Parallax

READ MORE ON MEDICAL CYBERSECURITY. Dr. Paul Pugsley’s medical cybersecurity crisis in the Emergency Room was part of a simulation at the CyberMed Summit 2018 to teach doctors about complications that can arise from cyberattacks against medical devices and hospitals.

Abandoned mobile apps, domain names raise information security risks

Kacy Zurkus - CSO Online

The apps can still contact custom domain names for arbitrary tasks like configuration changes, application updates or publishing information. The traffic from a mobile device that is still trying to connect to an old and expired domain exposes lots of personal information — contact data, text messages, pictures, GPS data and call logs all sitting at risk of an attack.

Microsegmentation – Secure Your Internal Network

CTOvision

The problem I have with these statements is that every network engineer I know segments their network more than just at the subnet level and their segmentation is not limited to just north-south traffic. This is something you can’t do with static network ACLs at layer 2.

Got 99 Problems but Your Network Ain’t One

Edgewise

Owners and employees need access to databases, payment systems, collaboration technologies, custom-built applications, and more to perform everyday work, and all of these resources reside on some network somewhere. Or multiple networks. What is on the network?

Managing Your Multi-Cloud Network

Edgewise

As a network or security operations professional, it’s your job to make certain the move goes smoothly. Therefore, before making any large-scale changes, you need to establish a sound network security model that allows for a successful migration.

Cybersecurity On Call: Goodbye 2017, Hello 2018! Top Five Tips from 2017

Cloudera

This was an amazing year for our inaugural “Cybersecurity On Call” season. It was truly an honor hosting amazing guests as we explored the world of cybersecurity. From industry thought leaders, to New York Times best sellers, to hackers, I learned a ton about the future of cybersecurity and I hope you did as well. Cybersecurity in Government with Dr. Ron Ross. Information Warfare with Bill Gertz. Securing the Fourth Platform with Peter Tran.

Cybersecurity On Call: Information War with Bill Gertz

Cloudera

With countless articles discussing the recent Equifax hack where thousands of social security numbers were compromised to organizations like Facebook, Google, and Twitter coming forward with Russian accounts that were buying ads to influence US elections. Bill has joined us to discuss his most recent book on how nation-states are using the digital front to begin information wars. He is an award-winning national security journalist and the senior editor at The Washington Free Beacon.

Cybersecurity on Call: Nation-State Cyber Operations with Patrick Tucker

Cloudera

If you enjoyed this podcast, click here to hear other cybersecurity industry influencers on their take on the latest trends. Like us on SoundCloud and follow us so you’re always up on current events in the world of cybersecurity. The post Cybersecurity on Call: Nation-State Cyber Operations with Patrick Tucker appeared first on Cloudera Blog.

Leadership in Cybersecurity

N2Growth Blog

Defining the position of the lead security person in an enterprise can be a challenging and sometimes confusing task. There are various job titles such as; Chief Security Officer (CSO), Chief Risk Officer, Chief Information Security Officer (CISO), V.P.,

Can Network Security be both Transparent and Effective?

Edgewise

It wasn’t the device’s awesome security controls that made the iPhone a tour de force. At that time, security professionals warned people at every turn about the insecurity of mobile devices. Their best recommendation: keep consumer-grade devices off the network.

30 network security Twitter feeds to follow

TechTalk

Twitter is where information is updated within seconds, especially in the information technology industry. Tech Zone email security hacking infosec malware network security network security Twitter feeds patch management

Cloud Native Security Consolidation: Palo Alto Networks Buys Twistlock, PureSec

The New Stack

” According to a statement, the co-founders of both Twistlock and PureSec will be joining Palo Alto Networks, though no mention was made of the other team members. VMware acquired Heptio, NetApp acquired StackPointCloud, Microsoft invested in Aqua Security… the list goes on.

Cisco clueless about security, apparently: Meet Thrangrycat

TechBeacon

Hundreds of Cisco products are vulnerable to a secure-enclave takeover. Dubbed Thrangrycat, it permits an attacker to hide a persistent threat inside the Trust Anchor module (TAm) of any number of Cisco networking boxes.

Chernobyl’s lessons for critical-infrastructure cybersecurity

The Parallax

The operators were not informed of this and were not aware that the test performed could have brought the reactor into an explosive condition. There were at least two other cybersecurity incidents at U.S. Layered security to stop hackers. Cybersecurity holes still remain.

Israel’s cybersecurity industry is a unicorn. Here’s why

The Parallax

Fewer attendees, perhaps, expected him to reference the Hollywood action movies of Jean-Claude van Damme, who happened to be sitting in the front row for the highest-profile speech of Israel’s largest cybersecurity conference. Cybersecurity is a true blood sport,” Netanyahu quipped.

Network Awareness Using ARPwatch | Roadmap to Securing Your Infrastructure

Linux Academy

This topic of network awareness is dear to my heart — not because of what it does but because it is network-based and I started out in the IT field as a network engineer, so networking holds a special place for me. What do I mean by “network awareness”?

Improving your security posture with "Software-First" Intent-Based Networking (Part 2)

Apstra

Core components to improving your security posture through Intent-Based Networking include a single source of truth, continuous real-time validation and the ability to swap or upgrade devices quickly. With an Intent-Based Networking system, operators never log into a device.

Finding Security Landmines in an Acquired Network

Edgewise

A large part of most M&As is the amalgamation of intellectual property, customer lists, and other proprietary company data, all of which reside inside databases or other networked technology. Zero Trust Networking

Network Security with Cloudera Altus and Apache Spot

Cloudera Engineering

In the last few years, IT security threats to enterprise systems have increased, which has necessitated installing log ingestion and analysis solutions in any enterprise network. The post Network Security with Cloudera Altus and Apache Spot appeared first on Cloudera Engineering Blog.

Abandoned mobile apps, domain names raise information security risks

Kacy Zurkus - CSO Online

The apps can still contact custom domain names for arbitrary tasks like configuration changes, application updates or publishing information. The traffic from a mobile device that is still trying to connect to an old and expired domain exposes lots of personal information — contact data, text messages, pictures, GPS data and call logs all sitting at risk of an attack.

3 Paths to Reduce the Network Attack Surface

Edgewise

With each passing year, companies’ networks grow. Consequently, the network attack surface grows proportionally. Stopping or limiting network sprawl seems impossible given today’s business requirements. To reduce risk, defenders must shrink the network attack surface.

Rise of the Machines: Cybersecurity No Longer Lives in Castles

Edgewise

In cybersecurity, the “castle and moat” analogy has served the community well. The imagery of high walls and wide moats exemplifies network security perimeter models. Data Protection application security cybersecurity zero trust segmentation

Network Segmentation Issues and Opportunities

Edgewise

Wherever the network is hosted, the fact remains that organizations must implement segmentation to manage security, compliance, performance, and more. Microsegmentation network security zero trust segmentation Firewalls

Istio Security: Zero-Trust Networking

Aqua Security

This is the second in our series of blog posts on Istio, and will focus on Istio’s security features: what they are, how they work and how they help protect your workloads and your data. service mesh Kubernetes Security