Category Archives: Training

3 reasons cyber security training is essential

Organisations are always looking for ways to improve their security practices, and one of the most effective ways to achieve this is by enrolling employees on cyber security training courses.

A recent Lucy Security study found that 96% of respondents agreed that a greater level of awareness over cyber security threats contributed to overall improvements in their defences.

Despite that, comparatively few provided adequate training to help staff mitigate the risks of data breaches and cyber attacks.

For example, only 81% of respondents said they conduct phishing simulations, and only 51% say their organisation has a mechanism to report suspicious emails.

With October being European Cyber Security Awareness Month, there has never been a better time is there to boost your organisation’s knowledge of effective information security practices.

Here are three reasons to consider it.

1. You’ll reduce the risk of data breaches

Almost all data breaches are caused by a mistake somewhere in the organisation. So if you want to keep your organisation secure, your employees to know what they’re doing.

That doesn’t only mean negligence – it could also be mistakes that you don’t even know are mistakes, such as gaps in your policies, ineffective processes or a lack of proper technological defences.

Placing staff on information security training courses will help them understand the mistakes they’re making and teach them to work more effectively.

This is especially useful if you intend to commit to a framework such as ISO 27001, the international standard for information security, as there are specific courses that teach you how to follow the Standard’s requirements.

2. You’ll meet compliance requirements

Cyber security laws and regulations inevitably contain complex requirements, so organisations need employees with specialist knowledge to achieve compliance.

For example, organisations that are required to appoint a DPO (data protection officer) under the EU GDPR (General Data Protection Regulation) must find someone with an in-depth understanding of data protection law.

The stakes associated with the position are huge; if the DPO doesn’t perform their tasks in accordance with the GDPR’s requirements, the organisation is liable to face regulatory action.

It’s therefore paramount that the DPO is given every resource available to do their job properly, and training courses should always be sought where possible.

They are not only the quickest way of studying but also usually include exams, which reassures employers that the individual is qualified.

The same advice applies for individuals in roles that involve compliance with the NIS Regulations (Network and Information Systems Regulations 2018), the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 or any other law or framework.

3. You’ll foster career growth

Training courses enable employees to pick up new skills and gain more advanced qualifications, which will help them move into more senior roles.

This isn’t only beneficial for them but also their employers. It’s getting increasingly hard to find qualified information security professionals, with one report estimating that there will be 3.5 million unfilled jobs in the industry by 2021.

Finding qualified personnel isn’t the only problem. A small pool of skilled workers also means job candidates can command a higher salary and more benefits.

As such, organisations might not be able to afford qualified professionals even if they can find them.

They should therefore do whatever they can to support employees who want to go on training courses. Organisations will almost certainly benefit from the extra knowledge, and it eases the pressure of finding skilled personnel in the job market.

Which course is right for you?

Cyber security is a broad industry, so you need to decide which area suits you best. To help you make that choice, here are some of our most popular training courses:

Knowledge of ISO 27001, the international standard for information security, is an absolute must for anyone who handles sensitive data. We offer several ISO 27001 courses, including an introduction to the Standard and guidance on specific roles, such as internal auditor and lead implementer.

ISO 22301 is the international standard for business continuity. Organisations that follow its framework can be sure that they’ll continue operating when disaster strikes.

Our Foundation-level course covers the essentials of the Standard, but we also offer advanced courses for those that want to lead an implementation project or audit.

Any organisation that transmits, processes or stores payment card data must comply with the PCI DSS. Our training courses help you understand the basics of the Standard, implement its requirements and complete the SAQ (self-assessment questionnaire).

The GDPR is the most significant update to information security law in more than twenty years. Anyone who handles personal data or is responsible for data protection needs to comply with its requirements.

Regular staff should familiarise themselves with the Regulation via our Foundation-level course, senior staff would benefit from our Practitioner course and those looking to fulfil the DPO role should enrol on our Certified DPO training course.

A version of this blog was originally published on 31 October 2018.

The post 3 reasons cyber security training is essential appeared first on IT Governance UK Blog.

Lessons From Teaching Cybersecurity: Week 2

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their […]… Read More

The post Lessons From Teaching Cybersecurity: Week 2 appeared first on The State of Security.

The Value of the PCI Secure Software Lifecycle Standard for Software Vendors

The PCI Secure Software Lifecycle (Secure SLC) Standard is part of the PCI Software Security Framework, which addresses security for software operating in payment environments. In this blog, we interview PCI Security Standards Council’s VP, Global Head of Programs, Gill Woodcock, about the Secure SLC Standard, what it is, and the value of adoption.

Benefits of Becoming a Participating Organization


It is great that your organization takes securing payment data seriously. Now is the time to take the next step forward and make a difference by becoming a PCI SSC Participating Organization, (PO). POs play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data.

Mind the Gaps! The Requisite Mindset to Stay Ahead of Cybersecurity Threats

Guest Post by Matt Cable, VP Solutions Architects & MD Europe, Certes Networks

At the end of 2019, it was reported that the number of unfilled global IT security positions had reached over four million professionals, up from almost three million at the same time the previous year. This included 561,000 in North America and a staggering 2.6 million in APAC. The cybersecurity industry clearly has some gaps to fill.

But it’s not just the number of open positions that presents an issue. Research also shows that nearly half of firms are unable to carry out the basic tasks outlined in the UK government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware. Although this figure has improved since 2018, it is still far too high and is a growing concern.

To compound matters, the disruption of COVID-19 this year has triggered a larger volume of attack vectors, with more employees working from home without sufficient security protocols and cyber attackers willingly using this to their advantage.

Evidentially, ensuring cybersecurity employees and teams have the right skills to keep both their organisations and their data safe, is essential. However, as Matt Cable, VP Solutions Architects & MD Europe, Certes Networks explains, as well as ensuring they have access to the right skills, organisations should also embrace a mindset of continuously identifying - and closing - gaps in their cybersecurity posture to ensure the organisation is as secure as it can be.

Infrastructure security versus infrastructure connectivity
There is a big misconception within cybersecurity teams that all members of the team can mitigate any cyber threat that comes their way. However, in practice, this often isn’t the case. There is repeatedly a lack of clarity between infrastructure security and infrastructure connectivity, with organisations assuming that because a member of the team is skilled in one area, they will automatically be skilled in the other.

What organisations are currently missing is a person, or team, within the company whose sole responsibility is looking at the security posture; not just at a high level, but also taking a deep dive into the infrastructure and identifying gaps, pain points and vulnerabilities. By assessing whether teams are truly focusing their efforts in the right places, tangible, outcomes-driven changes can really be made and organisations can then work towards understanding if they currently do possess the right skills to address the challenges.

This task should be a group effort: the entire IT and security team should be encouraged to look at the current situation and really analyse how secure the organisation truly is. Where is the majority of the team’s time being devoted? How could certain aspects of cybersecurity be better understood? Is the current team able to carry out penetration testing or patch management? Or, as an alternative to hiring a new member of the team, the CISO could consider sourcing a security partner who can provide these services, recognising that the skill sets cannot be developed within the organisation itself, and instead utilising external expertise.

It’s not what you know, it’s what you don’t know
The pace of change in cybersecurity means that organisations must accept they will not always be positioned to combat every single attack. Whilst on one day an organisation might consider its network to be secure, a new ransomware attack or the introduction of a new man-in-the-middle threat could quickly highlight a previously unknown vulnerability. Quite often, an organisation will not have known that it had vulnerabilities until it was too late.

By understanding that there will always be a new gap to fill and continuously assessing if the team has the right skills - either in-house or outsourced - to combat it, organisations can become much better prepared. If a CISO simply accepts the current secure state of its security posture as static and untouchable, the organisation will open itself up as a target of many forms of new attack vectors. Instead, accepting that cybersecurity is constantly changing and therefore questioning and testing each component of the security architecture on a regular basis means that security teams - with the help of security partners - will never be caught off guard.

Maintaining the right cybersecurity posture requires not just the right skills, but a mindset of constant innovation and assessment. Now, more than ever, organisations need to stay vigilant and identify the gaps that could cause devastating repercussions if left unfilled.

zynamics VxClass and memory analysis

First, let me start by saying thanks to our users for the more than 10,000 unique downloads of Memoryze and Audit Viewer in 2010. Peter and I have been working with a lot of different people over the past couple of months to bring you this new release. You can download version 1.4.4200 of Memoryze and Audit Viewer now. I will just touch on a few things of most interest. You can read the User Guides for the rest.

zynamics VxClass Integration

If you have not checked out VxClass from zynamics, now is a good time. For those at MIRcon, you got to see Thomas Dullien's presentation. VxClass automatically classifies malware into families. This allows the incident responder to leverage intelligence from prior investigations and focus on the most important threats. Since it is fast and automated, VxClass is a great addition to your arsenal whether you have a malware team or not. VxClass can also generate private byte signatures (in ClamAV format) for a whole family of malware samples. Imagine finding 160 pieces of malware that VxClass automatically classifies as a single family and generates one byte pattern that you can use to find every variant. It is now possible, and you can take that byte signature and scan all the physical memory in your enterprise with MANDIANT Intelligent Response or a host at a time with Memoryze and Audit Viewer.

Thomas has a great write-up of how this process works here. I will not attempt to explain the article, but below is a glimpse.

Two pieces of malware and how they overlap

Report Generation

Our users have really liked the wealth of information and the detailed analysis and scoring Memoryze and Audit Viewer provides, but sometimes you need all that data in a format you can rearrange. Audit Viewer has attempted to address this in different ways over time including the ability to cut-n-paste and comment almost every row of data. If you have not tried the comment feature, I encourage you to today. But how do you get all that information out of Audit Viewer as you work the incident? Well, Audit Viewer now includes the ability to automatically generate a report in text or Microsoft Word format with MRI results, case comments, handles, sections, ports, etc. Simply click on Operations->Generate Report.

Here is a brief example of the lsass.exe process that was infected. Note: if you are using this feature across every process with all the options turned on, it can generate large documents that Word and most editors may take a long time to process.

Searching Process Address Space

If you do not have access to zynamics VxClass, I encourage you pursue that; however, you can still search every process' address space. Memoryze will only return the processes that match your search criteria. Memoryze can also search for more than one pattern. It will look for the patterns and return the process if any pattern was a match. There are many applications of this technology. You could search for email addresses, partial domain names, URLs, Social Security numbers, credit card numbers, arbitrary byte patterns, etc.

Currently, Audit Viewer is customized for VxClass so if you want to use this feature you must edit ProcessAuditMemory.Batch.xml and run Memoryze from the command-line.

Memoryze.exe -o -script ProcessAuditMemory.Batch.xml -encoding none

You can also use the batch files included with Memoryze.

Process.bat -handles true -sections true -ports true -injected true -digsig true -content conficker

Training at CanSecWest

If you would like to sharpen your memory forensics skills, Peter and I will be teaching at CanSecWest.