Try playing the new game

NOVA Cybersecurity Lab

Image: Courtesy of NOVA

NOVA's Cybersecurity Lab is a game designed to teach people how to keep their digital lives safe, spot phishing scams, learn the basics of coding, and defend against cyber attacks. Players assume the role of chief technology officer of a start-up social network company that is the target of increasingly sophisticated cyber attacks. In the game, players must complete challenges to strengthen their cyber defenses and thwart their attackers. The Cybersecurity Lab serves as a resource for anyone who wants to learn how to stay safe online and provides an introduction to computer science.

In the Coding Challenge, players program a robot to navigate a maze using drag- and-drop commands. In the Password Cracking Challenge, a series of “password duels” teach players the basics of how attackers might try to crack their passwords and how they can make better, more secure passwords. In the Social Engineering Challenge, players are presented with two apparently similar e-mails, Web sites, or calls and have to identify the differences between them and then select which is a scam attempting to steal information or money.

http://www.scientificamerican.com/citizen-science/nova-cybersecurity-lab/

Ten Steps to Planning an Effective Cyber-Incident Response

Here are 10 principles to guide companies in creating — and implementing — incident-response plans:

1. Assign an executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
2. Develop a taxonomy of risks, threats, and potential failure modes. Refresh them continually on the basis of changes in the threat environment.
3. Develop easily accessible quick-response guides for likely scenarios.
4. Establish processes for making major decisions, such as when to isolate compromised areas of the network.
5. Maintain relationships with key external stakeholders, such as law enforcement.
6. Maintain service-level agreements and relationships with external breach-remediation providers and experts.
7. Ensure that documentation of response plans is available to the entire organization and is routinely refreshed.
8. Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
9. Identify the individuals who are critical to incident response and ensure redundancy.
10. Train, practice, and run simulated breaches to develop response “muscle memory.” The best-prepared organizations routinely conduct war games to stress-test their plans, increasing managers’ awareness and fine-tuning their response capabilities.

An effective incident response plan ultimately relies on executive sponsorship. Given the impact of recent breaches, we expect incident response to move higher on the executive agenda. Putting the development of a robust plan on the fast track is imperative for companies. When a successful cyber attack occurs and the scale and impact of the breach comes to light, the first question customers, shareholders, and regulators will ask is, “What did this institution do to prepare?”
(Tucker Bailey, 2013)

Tucker Bailey, J. B. (2013, July 1). Ten Steps to Planning an Effective Cyber-Incident Response. Retrieved September 17, 2014, from Harvard Business Review: http://blogs.hbr.org/2013/07/ten-steps-to-planning-an-effect/

 

CYBER News

Millions of Gmail Users Victims of Latest Password Heist
September 11, 2014
About 5 million Gmail usernames and passwords have been published on a Russian bitcoin security forum as a text file. Sixty percent of the 4.93 million credentials in the file were valid, claimed the poster, who used the online handle "tvskit." The information reportedly was dumped on several Russian cybercrime forums and shared through a variety of peer-to-peer services.

Home Depot All But Confirms Doozy of a Data Breach
September 03, 2014
Home Depot may have experienced a massive security breach -- possibly on a greater scale than last year's Target breach, which affected an estimated 110 million people. Home Depot said it was investigating the possibility, following security researcher Brian Krebs' Tuesday alert. It appears the perpetrators are the same hackers responsible for the data breaches at Target and elsewhere. 

 http://www.technewsworld.com/perl/section/cyber-security/

How do you Measure Up? Take the Security Leader Assessment This assessment is designed to evaluate your current progress as a security leader, within your specific environment. As we see the security industry changing we want to get a temperature for how security leaders are doing within their environment. As follow up with this survey we will aim a lot of our energy and focus to provide resources and content that tangibly help security leaders and equip them to improve and optimize their security programs and roadmaps. Click here to take the assessment and see how you measure up. About CISOHandbook:  CISOHandbook.com was initially created in 2004 by Mike Gentile and Ron Collette as an information companion for the book “The CISO Handbook, A Practical Guide to Securing Your Company.” In the beginning, the core focus was primarily on tools that could help security managers or executives with the challenges and opportunities they faced in the performance of their daily jobs.  https://cisohandbook.com/Default.aspx?tabid=109