Category Archives: education

Informe “How boards can lead the cyber-resilient organisation” (The Economist Intelligence Unit-EIU y Willis Towers Watson)

informeticplus.com - El informe señala que, en el mundo virtual, muchos son los que sufren ataques, pero no todos son víctimas. Algunas organizaciones sobresalen como las más fuertes. Las organizaciones más ciber-resilie…


Tweeted by @JMiguelRoca https://twitter.com/JMiguelRoca/status/1029635612020801536

Campus Student Employment Office

sece.its.hawaii.edu - Job Search Keywords: Campus: UH ManoaUH HiloUH West OahuUH Maui CollegeHawaii CCHonolulu CCKapiolani CCKauai CCLeeward CCWindward CC Island: OahuHawaiiKauaiLanaiMauiMolokaiOther Category: Accounting/…


Tweeted by @UHMCareerCenter https://twitter.com/UHMCareerCenter/status/1029563352928989185

How John Clarke Shifted Gears From Driving Vans to Gamifying Incident Response

Ten years ago, in recession-hit Ireland, John Clarke was trying to make ends meet for his young family as a laborer and driver. But the money from working on building sites and driving a van just wasn’t enough — and John felt he was too old and unskilled to find something else. His wife encouraged him to go back to school, but that wasn’t simple either.

John had never finished high school, and he wasn’t sure moving to a single income was the right choice for the couple to make in the midst of a recession.

Still, he persisted. He returned to high school, wowed his teachers and was encouraged to study further. He then went to university, skipped years and worked as an intern at IBM. “I swear I was one of the oldest interns in history!” John said. When he discovered cybersecurity, John knew his academic and career development efforts had all been worthwhile.

An affable, hard-working and lively Dublin lad, John is now neck-deep in efforts to gamify incident response (IR) and security awareness training through IBM’s Cyber Ranges. He works as a cybersecurity and gamification strategist at the IBM X-Force Command Center, where he builds and develops scenarios to help train people in IR. His goal is to use gamification to engage with people outside of the classroom — and away from boring presentations and false learning environments.

Incident Response Training Is All Fun and Games

Gamification of security trades on the idea that sometimes you have to be dropped into the deep end to really learn. John and his colleagues dream up weird and wonderful games based around security ideology to educate participants about IR. They design the game, code it, build the infrastructure and set players loose.

“We build some wacky stuff,” John said. “Once, we built a mind-controlled Hungry Hungry Hippos game, all based around security.”

John’s team is behind IBM’s capture the flag (CTF) events, which gathers teams and pits them against each other to see who can solve a security breach first. The competitors are divided into two groups: The first group is tasked with attacking and compromising a system. The second group must try to protect that system from the other group. Then, they switch. Both teams get a shot at being the attackers and the defenders. This allows the groups to work creatively and share knowledge about what they learned during the simulation.

John must be one step ahead of both teams during the build stage — so he tries to guess what they’ll do and how they’ll react to ensure that the scenario is robust and bulletproof.

“These simulations offer a way to find out what people are really made of in the heat of the moment,” John said.

The Human Side of Cybersecurity

John comes to work every day and builds scenarios in which all hell breaks loose to teach people about the importance of IR and what to do when a breach inevitably occurs.

“I love what I do,” he said. “For a long time, security was an afterthought — get the tech up and running, get it so the customer loves it, then we’ll put the security in. I’ve seen a massive shift from my early days. The rate of defects that teams find now is really low, and security architects are right there at the beginning, which limits the amount of bugs the security teams find.”

John said he sees his role (and that of his fellow IR professionals) as crucial in the ongoing effort to drive cybersecurity awareness among students.

“Some colleges don’t even teach security until the final year,” John said. “It needs to start early on — and that’s why, as professionals, we go in and teach.”

For his part, John takes tools into junior schools, runs cybersecurity boot camps in the summer and makes sure the people he works with understand security before they get out into the real world.

“The problem is there’s a human aspect to it,” John said. “The human is making mistakes, opening doors for hackers. If you set up a server and leave it in default configuration, they now have access to your system. We need much more awareness much earlier.”

Giving Back to the IT Community

Cybersecurity is not just a day job for John — it’s his passion. He’s community-minded, people-centric and future-focused. He’s also passionate about giving something back and regularly speaks in schools about application security and online safety.

Why is this so important to him? “Because people invested in me at a time when I needed it,” John said.

One of those people was his mentor, Jason Flood, the chief technical officer (CTO) of security gamification and modelling at IBM, who got him involved with the Honeynet Project while John was on IBM’s Ethical Hacking Team (EHT). The Honeynet Project is a not-for-profit security research organization dedicated to investigating the latest attacks and developing open source security tools to improve internet security.

“That’s where my passion for building gamified scenarios comes from,” John said. “It was just a bunch of us lads hanging around, eating pizza and coding and chilling at 3 a.m. Most people go to clubs — we sat around, had beer and built challenges.”

“The good thing is it’s my day job now — this gamification stuff. IBM backs what we’re doing, they have a belief and see the value in terms of future hires,” John said. “When we ran an event in Boston, there were four or five people we would’ve hired instantly. As a tool to get people in a room and put them through their paces to see their technical ability, get a gauge for personality and how they respond, these gamified events are amazing. You get a feel a bit more for people as opposed to sitting in a suit in a chair at an interview and hoping you don’t mess up.”

Luckily for the next generation of cybersecurity professionals looking to get their shot at a new career track, John gave up driving a van to serve as a mentor and invent wacky cybersecurity games for the rest of us to learn from and enjoy.

Meet Machine learning researcher Irina Nicolae

The post How John Clarke Shifted Gears From Driving Vans to Gamifying Incident Response appeared first on Security Intelligence.

Una pesadilla informática imposible de parar: así son los ciberataques basados en inteligencia artificial – elEconomista.es

eleconomista.es - La inteligencia artificial ha llegado para revolucionar la informática. Hasta ahora todos los escenarios conocidos servían para mejorar la experiencia de usuarios, optimizar procesos o aliviar la car…


Tweeted by @Altosdelapedri1 https://twitter.com/Altosdelapedri1/status/1029089976854695936

Should Online Courses Film Students Taking Tests?

Recently the Palm Beach Post noted that 20% of the academic credit awarded at Florida Atlantic University is for online courses. So how can they stop cheaters? Where once it was enough for a professor to roam the aisles of a classroom, checking for cheat sheets and keeping an eye out for students signaling one another, proctoring today's tests often requires web cams and biometric IDs. A field of more than a dozen test-proctoring services has emerged in the past decade. Typically, the company gets some sort of visual on the test taker via a web cam and then asks the student to show the camera his or her ID. Other security layers can include software that recognizes faces or even keystroking patterns. The next step is to monitor the student during the test. In the online proctoring world, that is done in one of three ways: * A remote but live proctor who watches in real time. * A record-and-review method in which a proctor watches the testing session, but not in real time. * An automated system, in which the software is programmed to spot abnormalities and flag them. Honorlock -- one of the record-and-review outfits -- expected to proctor roughly 100,000 tests in the 2017-2018 school year, and promises schools that their solution also searches the web for copies of the test and automatically files takedown notices for any leaked copies, according to a link shared by Slashdot reader Presto Vivace. Besides filming students during tests, it also includes patented technology that "detects and prevents searching for test answers online from any secondary device." And it even verifies the identity of test takers using "any government issued" i.d. (like a driver's license or passport) or student ID which includes a photo. One student complained on Reddit that "This seems crazy invasive and should probably be illegal," adding "is there anything passive aggressive you want me to say into the mic?" But what do Slashdot readers think? Should professors be remotely detecting searches on handheld devices, using photo IDs to verify identities -- and filming students taking tests?

Read more of this story at Slashdot.

Inbound Marketing al alcance de todos.

inboundmanagerpro.com - Este post escrito por Miguel Florido te brinda una súper herramienta para que lleves a cabo tu estrategia de redes sociales. (Plantilla gratis) Este post está muy completo si te interesa el tema de …


Tweeted by @GiovannaDiTroia https://twitter.com/GiovannaDiTroia/status/1027485943161397248

Com sangue na boca

apublica.org - Quando assumiu o comando do Ministério da Justiça, em 2003, o criminalista Márcio Thomaz Bastos definiu a reestruturação da Polícia Federal (PF) como prioridade de sua gestão. Bastos conhecia como po…


Tweeted by @Paulimbh https://twitter.com/Paulimbh/status/1027327572852531200

IBM Veteran Training: Service Members Shine in Cyber Crisis Management Training

Training is paramount to enabling military veterans to transition successfully to civilian life, which is why many industries have implemented programs that provide veterans with the skills needed to prosper in new civilian careers. As the cybersecurity industry is challenged with a growing skills gap, IBM Citizenship, in partnership with Corporate America Supports You (CASY), is proudly helping veterans jump-start their civilian careers by offering cybersecurity training through the Veterans Accelerator program.

Veteran Training Fuels the Future of Cybersecurity

To provide veterans with the skills they need to succeed in the growing field of cybersecurity, IBM Citizenship hosted a week-long training program in July 2018 that taught veterans to use cybersecurity software. CASY also offered job support and placement assistance to veterans enrolled in the program.

The program was hosted at the IBM office in Cambridge, Massachusetts, home to the IBM X-Force Command Center cyber range simulator. This cyber range allows participants to respond to cyberattack simulations based on real-world events.

The training focused on teaching veterans to detect cybersecurity threats using IBM QRadar software. The live cyberattack simulation gave participants critically important hands-on experience to prepare them for the real world of cybersecurity, in which threats need to be identified and responded to as quickly as possible.

Training at the cyber range in Cambridge was a unique opportunity because of the simulated environment, said Stacey Cummings, program manager at CASY.

Seasoned Veterans and the IBM X-Force Command Center

In 2018, CASY has worked with IBM to bring training in i2 Analyst’s Notebook software and QRadar to more than 50 veterans around the U.S. The i2 Analyst’s Notebook is widely used across the public and private sectors to track fraud, human trafficking and other criminal activity.

“Participants successfully conducted a complex incident response to a sophisticated cyberattack,” said Benjamin Poernomo, executive security advisor at IBM Security.

“Because of the training and experience received at the event, they were able to perform just as well as seasoned security professionals,” Poernomo said. “Participants demonstrated technical proficiency in cyber investigations as well as ‘whole of organization’ response best practices. They were also exposed to the latest and greatest best practices from across the industry.”

While participants initially seemed tentative about — perhaps even awed by — the cyber range itself, they quickly acclimated with the support of Brigadier General Mark Merlino of the Massachusetts National Guard. “They were able to quickly move beyond their lack of experience with QRadar and take charge once they were thrust into the crisis situation,” Merlino said.

“This is my first time training on QRadar, and it’s been a personable and unique experience both in terms of the type of training and also interactions with the instructors and the supporters of the program,” said Jason Wilfong, a veteran who traveled from Seattle, Washington, to participate in the training.

“That has been one of the most valuable takeaways: I learned about the industry and made connections that will further my career,” said Wilfong. “I am very thankful to everyone with IBM and Corporate America Supports You for providing this training opportunity.”

IBM X-Force Command Center Training

(Source: IBM Security)

The Future of Cybersecurity

On the second day of the week-long training program, Ratunda “Rose” Carmel, lead talent acquisition partner at IBM Security, provided a lunchtime presentation for the veterans on opportunities in security. She also helped the veterans with their resumes, putting a focus on describing their military experience in a way that translates into employment opportunities in cybersecurity.

Moving forward, IBM and CASY will deliver individual resume consultations with each veteran, as well as phone screening interviews. The acquisition team is also actively exploring opportunities to advance the veterans by connecting them with hiring managers.

“We’re pleased to offer this training to veterans in Cambridge and help them in their journey to pursue careers in cybersecurity,” said Martin Laird, program manager at IBM Corporate Citizenship and Corporate Affairs.

As veterans transition from the military to the civilian workforce, cybersecurity offers them the chance to transition from national security defenders to defenders of sensitive personal, financial and corporate information — an appealing career to many, particularly because there is an urgent need for more of these experts.

Read the IBM Executive report: Addressing the Skills Gap with a New Collar Approach

The post IBM Veteran Training: Service Members Shine in Cyber Crisis Management Training appeared first on Security Intelligence.

17C Cyber Operations Specialist

nationalguard.com - REQUIREMENTS Those who wish to serve must first take the Armed Services Vocational Aptitude Battery (ASVAB), a series of tests that helps you better understand your strengths and identify which Army …


Tweeted by @NationalGuard https://twitter.com/NationalGuard/status/1026506957325250560

Vol 08 Issue 107 August 2018

 

Elder abuse by financial scammers Is this email not displaying correctly?
View it in your browser.

Vol 08 Issue 107
August 2018

In This Issue

  • Spread the Word on Elder Fraud
  • Social-Engineer News
  • Upcoming classes

As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

4-7 August, 2018 Advanced Practical Social Engineering — Las Vegas, NV

4-5 August, 2018 Advanced Open Source Intelligence for Social Engineers – Las Vegas, NV

6-7 August, 2018 Advanced Open Source Intelligence for Social Engineers – Las Vegas, NV

3-4 October, 2018 Advanced Open Source Intelligence for Social Engineers – Louisville, KY (SOLD OUT)

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


Thank you to our Sponsors for SEVillage at Def Con 26!


Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!


To contribute your ideas or writing send an email to contribute@social-engineer.org


If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.


Our good friends at CSI Tech just put their RAM ANALYSIS COURSE ONLINE – FINALLY.

The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply

Interested in this course? Enter the code SEORG and get an amazing 15% off!
http://www.csitech.co.uk/training/online-ram-analysis-for-investigators/

You can also pre-order, CSI Tech CEO, Nick Furneaux’s new book, Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence now!


The team at Social-Engineer, LLC proudly uses:


A Special Thanks to:

The EFF for supporting freedom of speech

Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

Spread the Word on Elder Fraud

Spread the word on Elder Fraud

This month, we are going to talk about social engineering scams and how they target the elderly population. I know anyone in all age groups can be a target of attackers and any age group can fall for attacks. As a professional social engineer, I see many different targets from different demographics both fall for or remain resilient to attacks we perform for our clients. I am interested in bringing to light some of the common and widely used attacks targeted at our older population and provide some useful tips on how to protect yourself or a loved one. The reason for this is, it may be very difficult or even impossible for them to recover from financial loss if they are already retired and no longer generating income. When a financial scam targets a younger person still in the work force, they may have a better chance to make up that money over time, while retirees may not. That is not true in all cases, but I think it is safe to say someone in the work force has more potential to make money than someone who has left it and is living on the previously acquired income. Some states have put together reports on elder abuse by financial scammers and the numbers they report are staggering. The US Justice Department recently released information about an elder fraud sweep in which “the charged elder fraud schemes caused losses of more than half a billion dollars.” The financial loss alone can be devastating, but the psychological effect can also have a significant impact on the target which can sometimes be worse.

What are we seeing?

As professional social engineers we employ 4 main disciplines, those of vishing, phishing, SMShing, and impersonation, all of which are used versus elderly targets.

Vishing (or voice phishing) tends to make the news much more frequently and is seen in the form of common schemes known as “Lottery Phone Scams,” “Grandparent Scams,” and “Romance Scams.” In each of these, a caller attempts to convince the target they have won something, that the attacker is a relative in need of financial assistance, or that the attacker is an admirer in need of financial assistance traveling to see them. Attackers can leverage feelings of loneliness or lack of contact with others to keep in contact and build seemingly meaningful relationships with the victims. The attackers can then use this relationship to gain the trust required to steal vast amounts of money and other resources from the targets.

Phishing and SMShing are a problem for all age groups, and seniors are no exception. They can receive emails and text messages from common institutions asking them to update or verify personal information or even pretexts related to IRS refunds that do not actually exist. This threat is further exacerbated if the recipient in not technologically fluent.

Impersonation is also reported, where attackers will go to retirement homes or common gathering locations of seniors and use pretexts related to surveys, Medicare and other health insurance representatives, and, even worse, debt collectors at funerals and cemeteries. The goal here is to collect enough personal information to file fraudulent medical claims or attempt direct access to financial accounts.

What can we do about it?

Many of the mitigations to combat these threats are taught in corporate security training programs. Unfortunately, the targets we are discussing here are mostly retired and do not have access to that training to teach them how to avoid becoming victims to these scams. It is up to those that are security-minded and aware of these attacks to inform potential targets on how to protect themselves. Here are some techniques that can be easily communicated and employed to protect ourselves, our loved ones, and our friends of any age if they are not exposed to formal training.

  • If you are being asked to provide any type of information either over the phone, in person, or on a website, verify the requester is who they say they are before disclosing anything. Ask for a company name and number that can then be called back, if necessary. Ask for a business card to schedule a follow-up meeting. Visit a known good website and seek assistance. All of these actions delay the attack and allow for critical thinking by either the target or a caregiver to ensure the request is legitimate.
  • Be aware of the information that is available online about you or your loved ones. Social media is a great place for an attacker to gain enough information to pose as a family member or friend. If you are aware of the information that is available, when that information is used as a pretext you are at least conscience of the fact that it is public knowledge.
  • Participate in public service programs for education on the risks and mitigations of elder fraud. The Department of Justice has partnered with the Corporation for National and Community Service to provide free education on the topic in more than 30,000 locations nationwide.

In addition to these points, consider putting a freeze on all the major credit reporting services if you or your loved ones are not in immediate need for credit. Brian Krebs has a very useful post, originally posted after the Equifax breach that he covered extensively, which directly addresses how to apply credit freezes and also addresses many common questions about them.

If you are aware of current and common threats, take some time to tell those you know are not as aware and you could potentially save them the long and painful “adventure” of recovering from financial scams that exist and are frequently used.

Written by: Ryan MacDougall

Sources:

https://www.justice.gov/opa/pr/justice-department-coordinates-nationwide-elder-fraud-sweep-more-250-defendants

https://www.ncoa.org/economic-security/money-management/scams-security/top-10-scams-targeting-seniors/

https://theconversation.com/how-loneliness-in-older-people-makes-them-more-vulnerable-to-financial-scammers-73483

https://www.nationalservice.gov/programs/senior-corps/

https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 
Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.
*|IFNOT:ARCHIVE_PAGE|* *|LIST:DESCRIPTION|*

TWITTER: @humanhacker / @SocEngineerInc
YouTube: http://youtube.com/SocialEngineerOrg
FACEBOOK: https://www.facebook.com/seorg.org
IRC: irc.freenode.net #social-engineer

unsubscribe from this list | update subscription preferences

 

The post Vol 08 Issue 107 August 2018 appeared first on Security Through Education.

Children Learn Best When Their Bodies Are Engaged in the Living World. We Must Resist the Ideology of Screen-Based Learning

Nicholas Tampio, associate professor of political science at Fordham University in New York, writing for Aeon magazine: As a parent, it is obvious that children learn more when they engage their entire body in a meaningful experience than when they sit at a computer. If you doubt this, just observe children watching an activity on a screen and then doing the same activity for themselves. They are much more engaged riding a horse than watching a video about it, playing a sport with their whole bodies rather than a simulated version of it in an online game. Today, however, many powerful people are pushing for children to spend more time in front of computer screens, not less. Philanthropists such as Bill Gates and Mark Zuckerberg have contributed millions of dollars to 'personal learning', a term that describes children working by themselves on computers, and Laurene Powell Jobs has bankrolled the XQ Super School project to use technology to 'transcend the confines of traditional teaching methodologies'. Policymakers such as the US Secretary of Education Betsy DeVos call personalised learning 'one of the most promising developments in K-12 education', and Rhode Island has announced a statewide personalised learning push for all public school students. Think tanks such as the Brookings Institution recommend that Latin-American countries build 'massive e-learning hubs that reach millions'. School administrators tout the advantages of giving all students, including those at kindergarten, personal computers. Many adults appreciate the power of computers and the internet, and think that children should have access to them as soon as possible. Yet screen learning displaces other, more tactile ways to discover the world. Human beings learn with their eyes, yes, but also their ears, nose, mouth, skin, heart, hands, feet. The more time kids spend on computers, the less time they have to go on field trips, build model airplanes, have recess, hold a book in their hands, or talk with teachers and friends. In the 21st century, schools should not get with the times, as it were, and place children on computers for even more of their days. Instead, schools should provide children with rich experiences that engage their entire bodies.

Read more of this story at Slashdot.

Using Electronic Devices During Lectures Led To Lower Grades, Study Finds

schwit1 quotes UPI: For the study, researchers followed 118 cognitive psychology students at Rutgers University in New Jersey. For one term, electronic devices were banned in half of the lectures and permitted in the other half. When the devices were allowed, students reported whether they had used them for non-learning purposes during the lecture. Having an electronic device wasn't associated with lower students' scores in comprehension tests within lectures, but was associated with at least a 5 percent (half-a-grade) lower score in end-of-term exams. The study was published July 27 in the journal Educational Psychology.

Read more of this story at Slashdot.

Cybersecurity Best Practices – Lösungen zur Erhöhung der Cyberresilienz für Unternehmen und Behörden | Michael Bartsch | Springer

springer.com - Das Thema Cybersecurity ist so aktuell wie nie, denn im Cyberspace lassen sich nur schwer Grenzen in Bezug auf den Zugang zu Informationen, Daten und Redefreiheit setzen. Kriminelle nutzen die Lücken…


Tweeted by @martindionch https://twitter.com/martindionch/status/1025077031137148928

LeBron James Opens STEM-Based School For At-Risk Students In Ohio

NBA superstar LeBron James is opening a new school that many are calling a "game changer." It extends the length of a traditional school day and focuses on teaching a STEM curriculum to students who have a higher probability of failing academically or dropping out of school. An anonymous Slashdot reader shares a report from SB Nation: LeBron James' I Promise School opened Monday to serve low-income and at-risk students in his hometown, and the public school could be an agent of change in the eastern Ohio city. The institution is the intersection of James' philanthropic Family Foundation and the I Promise Network he helped kickstart. I Promise began as an Akron-based non-profit aimed at boosting achievement for younger students from disadvantaged backgrounds. Now the movement has the means to educate these students year-round. I Promise will feature longer school days, a non-traditional school year, and greater access to the school, its facilities, and its teachers during down time for students. That's a formula aimed at replicating some of the at-home support children may be missing when it comes to schoolwork. The school has also anchored its curriculum in math and science-based teaching, dipping into the STEM -- science, technology, engineering, and math -- curriculum that prepares students for the jobs of the future.

Read more of this story at Slashdot.

Gestionando con Redmine

bloginnova.com - Desde mi punto de vista los aspectos organizativos y los procesos son lo más importante en la gestión de las tecnologías de información y si además están soportados por buenas metodologías y herramie…


Tweeted by @marodriguezz https://twitter.com/marodriguezz/status/1024729593310314496

France Bans Smartphones in School

When French students return to school in September they'll have to leave one of their most prized possessions at home -- their smartphone. From a report: French lawmakers on Monday passed legislation banning students as old as 15 from bringing smartphones and tablets to school or having them turned off at least, according to the Agence France-Presse. Officials in support of the new rule described the policy as a way to shield children from addictive habits and to safeguard the sanctity of the classroom. "We know today that there is a phenomenon of screen addiction, the phenomenon of bad mobile phone use," education minister Jean-Michel Blanquer told French news channel BFMTV, according to CNN. "Our main role is to protect children and adolescents. It is a fundamental role of education, and this law allows it." The law, however, does make exceptions for educational use, extra-curricular actives and for students with disabilities, the AFP reports. French high schools can choose to impose a less stringent ban on Internet-connected devices.

Read more of this story at Slashdot.

With Financial Aid Declining, Many College Students Don’t Have Enough Money To Eat, Studies Show, Even Though About 40 Percent Are Also Working

As students enter college this fall, many will hunger for more than knowledge. Up to half of college students in recent published studies say they either are not getting enough to eat or are worried about it. From a report: This food insecurity is most prevalent at community colleges, but it's common at public and private four-year schools as well. Student activists and advocates in the education community have drawn attention to the problem in recent years, and the food pantries that have sprung up at hundreds of schools are perhaps the most visible sign. Some schools nationally also have instituted the Swipe Out Hunger program, which allows students to donate their unused meal plan vouchers, or "swipes," to other students to use at campus dining halls or food pantries. That's a start, say analysts studying the problem of campus hunger, but more systemwide solutions are needed. "If I'm sending my kid to college, I want more than a food pantry," says Sara Goldrick-Rab, a professor of higher education policy and sociology at Temple University in Philadelphia, and founder of the Hope Center for College, Community and Justice. [...] According to a survey of UC Berkeley students, 38 percent of undergraduates and 23 percent of graduate students deal with food insecurity at some point during the academic year, Ruben Canedo, a university employee who chairs the campus's basic needs committee, says.

Read more of this story at Slashdot.

Igor Grabois: Guerra híbrida agora se volta para eleger Geraldo Alckmin – Viomundo – O que você não vê na mídia

viomundo.com.br - Por Igor Grabois, especial para o Viomundo O mundo passa por uma nova revolução tecnológica. Crescentemente, serviços são realizados online, a produção se torna mais flexível em sua cadeia de suprime…


Tweeted by @SAGGIO_2 https://twitter.com/SAGGIO_2/status/1023405561294016512

Cyber risque : seuls 13% des dirigeants se sentent mieux armés – GRAS SAVOYE WILLIS TOWERS WATSON

globalsecuritymag.fr - L’enquête a par ailleurs révélé que les administrateurs et les dirigeants trouvent rarement d’accord sur les réponses à apporter au risque cyber. Comment rendre l’organisation cyber-résiliente ? Avec…


Tweeted by @FFA_assurance https://twitter.com/FFA_assurance/status/1022851263942283264

La paradoja del influencer marketing: la inversión aumenta a pesar de la falta de transparencia | Marketing Directo

marketingdirecto.com - A pesar de que alrededor del 12% de los influencers podrían estar comprando seguidores, las previsiones de inversión en el influencer marketing no dejan de crecer. El influencer marketing ha sido, du…


Tweeted by @jtresguerras https://twitter.com/jtresguerras/status/1022738552910692352

Here’s How the University of Bari Is Tackling the Cybersecurity Skills Shortage

The cybersecurity skills shortage is getting worse — a November 2017 study by the Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) confirmed this statement.

But this probably isn’t news to you — especially if you’re among the 70 percent of security professionals who claimed their organization suffers from the talent crisis. Exacerbating this problem is the fact that many top universities have been slow to catch up to the needs of corporations when it comes to cybersecurity education.

Fortunately, at least one school is working to close the gap between what the market needs and what educational systems are delivering.

Closing the Cybersecurity Skills Gap Through Education

The University of Bari Aldo Moro in southern Italy is working closely with IBM to develop a specialized curriculum to help students work toward a bachelor’s degree in cybersecurity.

Founded in 1925, this institution on the Adriatic Sea serves the 1 million-plus residents in the metropolitan area of Bari and also draws students from around the world. Under the beautiful arches of its Roman architecture, students will study application security controls and processes to orchestrate tools, such as vulnerability management and security information and event management (SIEM) tools.

They’ll learn the practices necessary to drive a security unit, such as a security operations center (SOC) or computer security incident response team (CSIRT), with a focus on prevention, detection and response.

How Simulation Exercises Teach Essential Cybersecurity Skills

With IBM’s help, the university is creating a realistic, hands-on lab environment where students are assigned specific roles, such as chief information security officer (CISO), security analyst and security administrator. Through exercises like capture the flag — where defending teams attempt to identify and isolate bad actors breaching the infrastructure — students get a taste of what they might encounter in a real-world cyberattack.

But this is a partial view: In the real world, good and bad are more nuanced, depending on roles, processes and technologies. The lab enables students to test out various roles using the same software and solutions they would find in a real SOC — taking simulation exercises to a new level.

From the Ivory Tower to the Real World

University professors Danilo Caivano, Teresa Roselli and Donato Malerba have been the driving force behind this program, acknowledging the critical role universities can play in alleviating the cybersecurity skills shortage.

The goal is not only to turn out well-informed security professionals but also to leverage the lab as a competency center for the industrial and research communities and provide cybersecurity services in partnership with private companies and public administrations.

Read more: There’s Never Been a Better Time to Consider Security Careers

The post Here’s How the University of Bari Is Tackling the Cybersecurity Skills Shortage appeared first on Security Intelligence.

PCdoB e PSB veem chantagem do PT – Crusoé

crusoe.com.br - O PT adiou convenções para escolher candidatos em oito estados. A decisão foi comunicada em resolução publicada na sexta-feira (20). Nela, a sigla diz que o adiamento se deve à negociação com PSB e P…


Tweeted by @Pontes_consult https://twitter.com/Pontes_consult/status/1021745718086787072

Desde hoy Chrome calificará como no seguras las webs que no cuenten con un protocolo HTTPS | Marketing Directo

marketingdirecto.com - La nueva actualización de Chrome clasificará como inseguras todas las páginas que no cuenten con un protocolo HTTPS. Más de la mitad de las webs aún no lo tienen. Google ha lanzado hoy la versión núm…


Tweeted by @OmbusmanRS https://twitter.com/OmbusmanRS/status/1021713882102947841

The Basics of ICO Investing: A Brief Reminder to Those Who are New to the Game

The ICO market has been heating up for a little less than a year now, but it truly has turned into a new wave of technology. The amount of wealth being created is insane, and it can be difficult to keep up with the rate of change that is occurring within the industry. It is […]

The post The Basics of ICO Investing: A Brief Reminder to Those Who are New to the Game appeared first on Hacked: Hacking Finance.

rss – Exército Brasileiro

eb.mil.br - Rio de Janeiro (RJ) – Em 1957, com a execução e conclusão do 1º Curso de Operações Especiais, teve início o implemento das atividades de operações especiais no Exército Brasileiro e no Brasil. Essa a…


Tweeted by @jsjdirnsisn https://twitter.com/jsjdirnsisn/status/1021569789712654336

Some Colleges Cautiously Embrace Wikipedia

Megan Zahneis, writing for The Chronicle of Higher Education: Academics have traditionally distrusted Wikipedia, citing the inaccuracies that arise from its communally edited design and lamenting students' tendency to sometimes plagiarize assignments from it. Now, LiAnna Davis, director of programs for Wikipedia's higher-education-focused nonprofit arm Wiki Education, said, higher education and Wikipedia don't seem like such strange bedfellows. At conferences these days, "everyone's like, 'Oh, Wikipedia, of course you guys are here.'" "I think it's a recognition that Wikipedia is embedded within the fabric of learning now," she said. One initiative Davis oversees at Wiki Education aims to forge stronger bonds between Wikipedia and higher education. The Visiting Scholars program, which began in 2015, pairs academics at colleges with experienced Wikipedia editors. Institutions provide the editors with access to academic journals, research databases, and digital collections, which the editors use to write and expand Wikipedia articles on topics of mutual interest. A dozen institutions, including Rutgers University, Brown University, and the University of Pittsburgh, are participating.

Read more of this story at Slashdot.

SAT ha identificado a 5,390 empresas fantasma

eleconomista.com.mx - El Servicio de Administración Tributaria (SAT) continúa con su lucha contra la evasión y elusión fiscal. Al 2 de julio pasado, la autoridad fiscal identificó a 5,390 contribuyentes que, definitivame…


Tweeted by @allizesalgado https://twitter.com/allizesalgado/status/1020348160596590592

New NIST Guidebook Says Cybersecurity Is Everyone’s Job — Here’s Why

Every member of a digitally integrated enterprise has a role to play in keeping organizations safe across lines of business — up and down the organizational chart. Not every company has caught up to this line of thought, however. What’s more, those that have may not have a clear idea of what those roles should look like.

The National Institute of Standards and Technology (NIST) released a guidebook draft to help bridge this gap: “Cybersecurity is Everyone’s Job.” The NIST guidebook was created for business owners and leaders, but it’s also helpful for those serving functional roles in human resources (HR), IT, legal — and even sales and marketing.

The Importance of a Cybersecurity Culture

The NIST guidebook stresses the importance of a culture of cybersecurity in safeguarding the data that enables organizations to compete and thrive in the digital age.

The reality: Employees represent the “largest attack surface” of most organizations. Common business activities — such as product and service delivery, payroll, accounts payable, communicating with customers and suppliers and resource management — frequently expose organizations to cyber risk, which is why a cybersecurity culture is so critical.

Tone and close involvement from the organization’s leaders dictate whether efforts to impact culture are successful or short-lived experiments. Mindset is also a key driver of human behavior — so proper attention must be paid to evaluating and addressing employees’ mindsets as part of a broader security-awareness campaign. Additionally, due to the rise in attacks leveraging social engineering, organizations should seek to “harden” their employees to such attacks.

Leadership, Planning and Governance Are Key

The NIST guidebook directly addresses directors, chairmen and chairwomen, presidents, partners, founders and the like: “You matter to the organization because, without you, the organization lacks direction and cohesion. You are the hub of the wheel — connecting to, coordinating and driving the many parts of the business.”

This includes managing all cyber-related business risks, prioritizing and ensuring proper funding for cybersecurity projects, building a culture of security and ensuring proper governance controls are in place.

The NIST’s recommendations for action include:

  • Understanding cybersecurity well enough to enable sound decision making;

  • Including cyber risks in the enterprise risk management (ERM) process;

  • Developing and maintaining organizational information security policies and standards;

  • Promoting the development of effective cross-functional teams to accomplish cybersecurity goals for the organization; and

  • Protecting sensitive strategic, financial, legal and risk information.

People in these roles might often find themselves with the difficult responsibility of making decisions about a subject with which they are neither comfortable nor familiar. From the summit of a businesses’ accountability, leaders are encouraged to ask questions and access timely and relevant information that will allow them to make sound cyber risk decisions.

The Role of Finance and Administration

As players who “are responsible for ensuring that each part of the organization has the ability to pay for goods and services, operate within a budget, track revenues and expenditure and conduct business with external entities,” as well as handling massive banks of proprietary data, finance and administration departments function with a particular connection to cybersecurity.

This area often includes ERM, and possibly internal audit and compliance functions. “You matter to the organization because nothing can happen without the ability to maintain financial health, perform essential transactions, manage business risks and support the planning and governance function,” the guidebook stresses. There are many systems and sources of data people in this function own, manage or use, including Internal Revenue Service (IRS) data, balance sheets, budgets, Securities and Exchange Commission (SEC) filing data, ERM tools, audit reports, contracts and more.

Regarding cybersecurity specifically, the guidebook reminds professionals in finance and administration of their responsibility to “ensure that cyber risks are integrated into the enterprise risk management process” — including the ability to identify cyber risks early when initiating new projects or strategies, as well as the need to properly gauge the range of threats to which the business is subject.

Another major responsibility of people in this role is to “provide sufficient funding to enable the success of the organization’s cybersecurity strategy” and to ensure alignment of resources with strategy and risk appetite.

The bottom line: A holistic, broadly integrated (and deeply ingrained) approach to cybersecurity is the best way to fortify against risk and respond informedly and timely to incidents when they occur.

The post New NIST Guidebook Says Cybersecurity Is Everyone’s Job — Here’s Why appeared first on Security Intelligence.

19.jul.2018 — Policiais encontram corpo de membro do Comando Vermelho em 7 de outubro de 2017, em Campo Grande

noticias.uol.com.br - 7 de outubro de 2017: Policiais encontram corpo de vítima do PCC em Campo Grande "Picotar é o de praxe, meu mano, se caso der. Se não der, só arranca a cabeça ali, tá tranquilo." A ordem acima foi em…


Tweeted by @BlogdoNoblat https://twitter.com/BlogdoNoblat/status/1020249782940520451

How to use the cloud to improve your technology training

Anyone who has tried to hire an IT expert knows that the shortage of qualified people is real. We’re not just talking about IT security jobs, either. Almost every area of tech faces a skills shortage that threatens to sap productivity and presents challenges to IT departments of all sizes. Informal on-the-job training has been the norm for most IT teams. However, the rise of cyberthreats and the pace at which they arise leaves companies … More

The post How to use the cloud to improve your technology training appeared first on Help Net Security.

Twitter deja de verificar perfiles, de nuevo

omicrono.elespanol.com - Twitter ha anunciado que ha vuelto a “apagar” el sistema de verificaciones, por lo que, al menos de momento, no seguirá verificando cuentas. El motivo es que EEUU está a punto de entrar en las elecci…


Tweeted by @Omicrono https://twitter.com/Omicrono/status/1019507518605877248

How ICOs Changed the Way Companies Are Built

With cryptocurrencies now becoming a household name, investors are starting to look into plays they can make that are more off the beaten path. The market for initial coin offerings (ICO) offers just that, albeit with a dash of risk that traditional initial public offerings (IPOs) do not offer.  Restrictions on Venture Capital If you […]

The post How ICOs Changed the Way Companies Are Built appeared first on Hacked: Hacking Finance.

Microsoft and Flipgrid unite to bring social learning to students around the world

On Monday, Microsoft announced the acquisition of video-based social learning platform Flipgrid, used in 180 countries by more than 20 million pre-kindergarten to Ph.D.-level educators, students and families.

Like Office 365 Education software, Microsoft will also be making Flipgrid free for schools so it’s easy for any school to utilize the software. Customers who’ve purchased a subscription from Flipgrid will receive a prorated refund.

“We’re thrilled to see the impact Flipgrid has had in social learning thus far and look forward to helping them continue to thrive as part of the Microsoft family,” said Eran Megiddo, corporate vice president for Microsoft. “We’re diligently committed to making sure their platform and products continue to work across the Microsoft, Google and partner ecosystems to benefit students and teachers everywhere.”

Flipgrid was created in 2015 with a mission of empowering educators as they help students define their voices, share their voices and respect the diverse voices of others. That mission aligns with that of Microsoft, which aims to empower every person and organization on the planet to achieve more.

Microsoft sees Flipgrid as an effective tool to help teachers and students build social emotional skills beyond traditional curricula – skills the company’s recent research says will be required in 30 to 40 percent of the fastest-growing occupations.

Educator Lucretia Anton from the Arcadia Unified School District in California has seen this firsthand, and says Flipgrid “helps students develop communication skills, increase self-awareness and grow from failure, setting them up to contribute positively to the world.”

In joining Microsoft, Flipgrid will retain its distinct brand, culture and team that is focused on amplifying the voices of all students. Expanding Flipgrid’s accessibility across the global educator community, the company will also align with Microsoft’s General Data Protection Regulation (GDPR)-, Family Educational Rights and Privacy Act (FERPA)- and Children’s Online Privacy Protection Act (COPPA)-compliant privacy architecture to ensure Flipgrid continues to be a safe, secure place for students and teachers to communicate.

To learn more, visit the Microsoft Education Blog.

 

The post Microsoft and Flipgrid unite to bring social learning to students around the world appeared first on The Official Microsoft Blog.

Bringing our accessibility awareness game today and every day

Today we celebrate the seventh annual Global Accessibility Awareness Day and announce new technology and resources for people with disabilities. The goal of GAAD is to get everyone talking, thinking and learning about accessibility. For us, it’s also about digging deep into how technology can empower the 1 billion people worldwide who have disabilities. Not only is it important that we do this for our customers and our employees, it’s also an exciting area for technology and innovation to drive incredible impact. In 2011, the World Health Organization changed the definition of disability to the result of a mismatch between what a person wants to achieve and the environment or society that he or she lives in. Technology can play a leading role in bridging the gap. It’s both exciting to think about the tremendous opportunity to empower and humbling to think about our responsibility to get it right.

Technology has human impact. It can empower people like Dan, a devoted gamer whose life was changed by an accident; Nori, who is passionate about Japanese culture and public speaking and has low vision; and Joseph, a first-year student who studies biology at Rochester Institute of Technology in New York and is deaf.

While we live our mission to empower every person and every organization on the planet to achieve more every day, on GAAD we are pleased to be announcing the Xbox Adaptive Controller, a new technology to help more gamers game. We’re highlighting AI for Accessibility, which provides opportunities for inventors and researchers to use AI to empower people with disabilities. We’re reimagining accessibility as an important issue we can tackle together through a short film. And we’re launching a new Microsoft Accessibility website to make it easy to find, discover and experience all that we are doing.

As our CEO Satya Nadella recently said, “The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.” In the long term, we believe that designing with and for people with disabilities will lead to innovations in ubiquitous inclusive computing. In the short term, it’s about ensuring that accessibility is woven into the fabric of how we design and build. Accessibility isn’t optional.

The results are tangible. Last week at Microsoft’s Build conference, we showed a demo of a modern meeting. Microsoft employee Katie Sullivan arrived late but was able to catch up on what she missed by reading the transcript via Microsoft Translator and auto-generated meeting notes and actions made available when the meeting ended. She used this technology side-by-side with her ASL interpreter to ensure she brought her full self and her amazing engineering knowledge to the table. This technology is crucial to Katie and to me as deaf individuals, but the benefits accrued to everyone else at that table. It’s a beautiful example of how accessibility can be effortless, ubiquitous and empowering to everyone. We need to get these technologies into more people’s hands, and we’re excited to share new features that help people play, work and build human connections as we continue to drive awareness.

And it’s just one example of how we are working every day to create a more inclusive world. Here are a few of the other ways we’re ensuring inclusive innovations are infused in modern life, employment and human connection:

Game on!

As I learn daily from my kids, gaming is a huge part of modern life and having fun. I’m thrilled by the progress we are making to empower more people with awesome gaming experiences.

  • Today, we announced the Xbox Adaptive Controller, coming later this year. Designed primarily for gamers with limited mobility, the Xbox Adaptive Controller allows you to create a custom controller experience that can be adapted to meet the needs of people with various disabilities in an affordable way. We gained feedback from people with disabilities and collaborated with gamers to build an accessible controller from the ground up, and I think this will make a huge difference for gamers of all abilities — connecting more gamers than ever before.
  • From the Xbox Adaptive Controller to Copilot and Game Chat Transcription, advancements in technology are playing an important role to make gaming more inclusive. These initiatives have grown out of our Inclusive Tech Lab, a resource for employees across the company to come and test new ideas, receive feedback from people with disabilities and truly make gaming for everyone.

Accelerating innovation

This is a transformative time for technology and innovation. Learning from the past is crucial as we look forward to the possibilities with AI.

  • We want to inspire more innovation with AI, so we were thrilled to announce AI for Accessibility at last week’s Microsoft Build conference. AI for Accessibility is a new $25 million, five-year program to put AI tools in the hands of developers, makers, researchers and academics to accelerate the development of accessible and intelligent AI solutions. Get creating!
  • Just last week in Today in Technology, Microsoft President Brad Smith shared his thoughts on Louis Braille, who created Braille at the age of 12. Louis Braille and today’s Seeing AI inventors share the same spirit of innovation to enable people who are blind and with low vision connect with the world. Seeing AI is an iOS app that narrates the visual world around you. Seeing AI launches today in 21 new countries, bringing global availability to 56 countries— and we can’t wait to hear how you use it.

Accessibility in the modern workplace

We need to make accessibility a priority in the modern workplace to enable transformative change. To make that easier, we’ve included built-in assistive technologies and accessibility features in our mainstream technologies such as Microsoft 365:

  • Empowering people with disabilities to create, consume and share content in their preferred way is a key part of the Microsoft 365 vision for accessibility in the modern workplace.
  • We have enhanced many of our existing features over the past year and created new ones, including Ease of Access settings in Windows 10 and more built-in settings such as Read Aloud and Dictate in Office 365.
  • We are also unveiling new Office 365 features to help diverse teams collaborate inclusively and ensure equal access to information for people with disabilities.
  • Get a closer look at the latest accessible technologies and discover additional ways to foster digital inclusion in your workplace by watching the short film: Empower every person: reimagining accessibility.
  • To help create more inclusive digital environments, we are also showcasing how Windows 10 and Office 365 in Education focuses on creating inclusive classrooms.

Raising awareness every day

Technology has become a crucial component in our daily lives, and learning, sharing discussing how to be inclusive with our technology has never been more important. Look for these opportunities in the coming weeks, as well as ways you can get involved and informed:

  • Microsoft Store locations across the U.S., Canada and Puerto Rico are proud to host Ability Week from Tuesday, May 29, through Saturday, June 2. It’s a five-day series of events focused on accessibility.
  • Today we launched the new microsoft.com/accessibility website, which provides an overview of all the Microsoft technology available, as well as details of our dedicated Disability Answer Desk support team and more.
  • Coming up on July 1, Seattle will host 4,000 athletes and coaches from across the country to compete in the 2018 Special Olympics USA Games for the state of Washington. Microsoft is proud to be the presenting sponsor of these games, and I can’t wait to cheer on the athletes alongside our employee volunteers supporting the event.

 We need your feedback!

We count on your feedback to keep us moving forward, and we will keep pushing to create a more inclusive world for every person on the planet to achieve more. You can share your ideas on the Accessibility UserVoice Forum, and don’t forget to bookmark the Disability Answer Desk and Accessibility Blog.

It is an incredibly exciting time to be at Microsoft. I am proud of our recent momentum, excited at the journey ahead and looking forward to continuing the conversation with @MSFTEnable on Twitter. See you there!

 

The post Bringing our accessibility awareness game today and every day appeared first on The Official Microsoft Blog.

Bloxham Students Caught Buying Legal Highs at School


Bloxham Students Caught Buying Legal Highs at School


It’s true what they say: History repeats itself. This is especially true in the world of web security where tech-savvy students, with an inquisitive nature try to find loopholes in school filters to get to where they want to be or to what they want to buy.

Back in September we blogged about two high profile web filtering breaches in the US; highlighting the cases of Forest Grove and Glen Ellyn Elementary District. Both made the headlines because students had successfully circumvented web filtering controls.

Now the media spotlight is on Bloxham School in Oxfordshire, England, after pupils were caught ordering legal highs from their dorms. See what I mean about history repeating itself? Okay, so the cases aren’t identical, but there is a unifying element. The Forest Grove student was found looking at erotica on Wattpad, students from Glen Ellyn students were caught looking at pornography, and at Bloxham it’s “legal” highs. The unifying factor in all three cases is that they were facilitated by a failure in the school’s web filter. 

The difficulty, though, is working out what exactly went wrong with Bloxham’s filter, because none of the details surrounding the technicalities have been announced. Were students allowed access to website selling recreational drugs, or was there an oversight on the part of the web filtering management? In the original story broken by the Times, a teenage pupil was reported to have been expelled, and other students disciplined following an investigation by the school which found they had been on said websites.

Without knowing the details, it is probably wrong to speculate, however, i’m going to do it anyway! It’s entirely possible Bloxham chose a more corporate focussed web filter. In a corporate environment, “legal" highs may not present as much of an issue as in an education setting. With a strong focus on education, Smoothwall’s content filter has always been good at picking up these types of site. This is aided by the real-time content filter not reliant on a domain list, as these sites are always on the edge of the law, and move rapidly. Because the law is different depending upon where you live - and, indeed, rapidly changing regarding these substances, Smoothwall doesn’t attempt to differentiate between the grey area of “legal highs” and those recreational substances on the other side of the law. All of them come under the “drugs” category. This gives a solid message across all age ranges, geographies and cultures: it’s best not to take chances with your health!

Thousands of People Could Die if U.S. Power Grid is Attacked

Thousands of People Could Die if the U.S. Power Grid is Attacked.  “A terrorist attack on the U.S. power grid could be more destructive than superstorm Sandy, possibly costing hundreds of billions of dollars and leading to thousands of deaths, the National Academy of Sciences said.” Are You Prepared?  And if not, what are you doing about it?  See full article at businessweek.com

 

The post Thousands of People Could Die if U.S. Power Grid is Attacked appeared first on Quick Start Survival.