Author: rescue@crimefire.in

by Jim Masters • Mar 23, 2023
New educational initiatives led by SANS Institute and the Center for Cyber Safety Education are designed to enhance diversity in the cybersecurity profession, the organizations announced in prepared statements.
SANS Institute, a provider of cybersecurity training worldwide, has expanded its SANS HBCU+ Academy to serve additional Black American communities in the U.S. Meanwhile, The Center for Cyber Safety and Education, the charitable foundation of (ISC)², announced that it is accepting applications for the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship, which will provide $30,000 in cybersecurity scholarships this year.
The SANS HBCU+ Academy offers opportunities for students and individuals from Historically Black Colleges and Universities (HBCUs), Minority Serving Institutions (MSIs), Predominately Black Institutions (PBIs) and other Black American college students. The academy’s programs provide hands-on cybersecurity training and real-world experience, free of charge.
Accordingly, the SANS HBCU+ Academy is addressing the underrepresentation in cybersecurity by offering accelerated, full scholarships for cybersecurity training and GIAC certifications to launch careers in cybersecurity for individuals with no previous experience.
Through the SANS HBCU+ Academy, participants will receive in-depth training from top SANS instructors and access to cutting-edge cybersecurity tools and techniques, the organization said. The program is designed to be flexible, allowing students to complete the training around their academic schedules and gain practical experience in a real-world setting.
Commenting on the initiative, Monisha Bush, SANS Mission Programs and Partnerships coordinator and a member of the SANS DEIB Task Force, said:
“We are proud and excited to see the SANS HBCU+ Academy expand. This program represents a significant investment in the future of the cybersecurity industry and the students who participate in it. By providing free, in-depth training and real-world experience, we are preparing the next generation of cybersecurity professionals and ensuring a diverse and well-rounded workforce.”
The application window for the SANS HBCU+ Academy has been extended to April 14, 2023, and is open to juniors, seniors and graduate students enrolled at HBCUs, MSIs and PBIs, as well as alumni who wish to shift careers into cybersecurity and selected Cyber FastTrack participants.
For more information on the SANS HBCU+ Academy and to apply, please visit: sans.org/scholarship-academies/hbcu-cyber-academies/.
The Center for Cyber Safety and Education is now accepting applications for the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship. The scholarship aims to improve diversity, equity and inclusion in the cybersecurity industry.
Three $10,000 scholarships will be awarded to individuals from historically underrepresented groups in STEM fields. Qualifying groups include, but are not limited to, women, Black, Native American, Asian American & Pacific Islander, Hispanic, African American, LGBTQ+ and individuals with disabilities. The deadline to submit applications is May 1, 2023.
Commenting on his company’s support, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, said:
“In order to meet the rising tide of cybersecurity threats, we must attract a diverse workforce to develop the best solutions for the challenges we will face in the future. The lack of diversity in STEM career fields is well documented as is the business case for greater diversity. Welcoming in diverse talent, some of whom historically haven’t been connected to the cybersecurity industry, will lead to more creative brainstorming, problem solving and new ideas.”
Applications will be evaluated based on passion, merit and financial need. Candidates must be high school seniors, undergraduate or graduate students, and have at least a 3.3 GPA on a 4.0 scale. To complete an application or learn more about the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship, visit iamcybersafe.org/s/raytheon-cyber-security-scholarship.
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Notify me of followup comments via e-mail. You can also subscribe without commenting.


Δ

source

By Michael Hill
UK Editor, CSO |
Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape. Many security teams are understaffed, overburdened, and lack resources, which can compound stress levels, while the need to meet deadlines, remain informed of the latest security risks, and manage intricate security systems and incident reporting can contribute to burnout.
“In the context of cybersecurity, job demands can include mental and physical workload associated with managing a high volume of security incidents and keeping up with evolving threats,” Dr. John Blythe, a behavioral scientist and director of cyber workforce psychology at Immersive Labs, tells CSO. “Without job and personal resources, role demands can create stress and burnout.”
There are ways to help mitigate the stress and burnout that can have significant impact on security teams and businesses, Blythe says. Recognition of problem areas and access to training can alleviate the negative effects of job demands, improve employee well-being and job performance, and ultimately help address both issues.
When cybersecurity professionals experience stress and burnout, they may become less productive, leading to delays in projects and missed deadlines, Blythe says. They are also typically more prone to making errors and mistakes in their work, which can increase the risk of security breaches and other issues. “Stress and burnout can lead to high rates of employee turnover, too, which can be costly for businesses in terms of recruitment and training. What’s more, when one or more members of a team are experiencing stress and burnout, it can negatively impact the morale of the entire team, leading to lower job satisfaction and a less positive work environment.” If a security breach occurs due to employee burnout or stress, it can damage the reputation of the business and lead to a loss of customer trust, he says.
Training and recognition can help to prevent stress and burnout by reducing job demands and ensuring that cybersecurity professionals have the necessary skills, professional resources, and support needed to manage their workload effectively, Blythe says. “Staff need access to training that helps them keep pace with cyber threats, whilst recognition is important for boosting staff morale.”
There is no victory condition for security; cyber professionals often deal with one issue, then move right on to the next risk, the next event, the next incident — taking a toll on their mental health, says Aaron Kiemele, CISO at Jamf. “Recognizing and rewarding these efforts and achievements can help boost motivation and help staff understand they are valued and appreciated. Training will expose employees to peers who are having the same issues, under similar conditions. Security is a team sport, and security professionals need reminders that we are all in this together.”
Training and recognition can also boost employees’ personal resources (also known as psychological capital) including hope, optimism, resilience, and confidence, which can help them cope with stress and burnout.
Blythe shares four ways access to job and personal resources can help to limit/prevent stress and burnout in security teams:
While training and recognition can have notably positive impacts on reducing stress and burnout of security personnel, some will be more effective than others, meaning both need to be appropriate for the organization and its security workforce. “CISOs should collaborate with their HR team to design evidence-based interventions that are suitable for their organization, which may involve establishing a formal training and recognition program with clear objectives and metrics for measuring progress,” Blythe says.
In Kiemele’s experience, conferences can be the single most useful training and recognition resource, and he advises CISOs to encourage and support their staff to attend such events whenever possible. “The content can be timely and excellent but is often secondary to the core value of meeting and mingling with other security professionals. ‘Security is a team sport, and knowing that you are not in this alone, that there is an entire community of folks undergoing the same trials and tribulations, seeing the same issues, and working to innovate solutions, is priceless.” Every security professional needs to know they are a part of something larger, a community dedicated to supporting the greater mission of reducing risk for their organizations. “There is nothing quite like going to a security conference and realizing you have a tribe.”
Training courses or certifications can also help security personnel to build new skills and knowledge along with supporting long-term development, which can increase their confidence and reduce stress levels, says Leo Cunningham, CISO at Flo.
“Training that helps the team stay current with the latest threat actors, technologies, vulnerabilities, and best practices, making the work more efficient and effective, reducing the risk of unforced errors and expanding the team’s capabilities, is very important,” says Kiemele. “By investing in their employees’ training and development, security leaders demonstrate that they value and support their team’s professional growth and career development, which can further boost morale and motivation.”
Additionally, training that helps to develop organizational and communications skills can help workers manage their own stress and identify issues with colleagues and teams, says Nadine Michaelides, expert psychologist and CEO of Anima People. “Part of the problem is that the approach to problems that involve people both as a cause and consequence focuses too much on technology and does not address human factors appropriately. Security teams are left holding the baby with no idea how to manage such complex issues. One of the most important aspects we can have to manage stress is the confidence and vision to find a solution, but if all you hit are brick walls, then you quickly become deflated and overwhelmed.”
Security leaders should aim to build a culture of well-being by providing ongoing feedback and support to their employees as well, Blythe adds. “By leading by example and advocating well-being within their teams, security leaders can help to create a supportive culture, which can in turn reduce stress and burnout among their teams. Security leaders should build a well-being culture by focusing on psychological safety, promoting work-life balance, encouraging open communication, promoting healthy habits, and leading by example.”
Security leaders also need to ensure consistent acknowledgment of a job well done, and a simple thank you can do wonders in this regard, says Kiemele. “When their hard work and contributions are recognized and appreciated, teams are more likely to feel a sense of satisfaction in their work. This will reduce the mounting stresses and foster a supportive environment with a real sense of shared purpose, and team camaraderie, and reinforces a culture that encourages and values work well done.”
Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security.
Copyright © 2023 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

            WASHINGTON – A Pennsylvania woman was sentenced in the District of Columbia today on felony and misdemeanor charges for her actions during the Jan. 6, 2021, Capitol breach. Her actions and the actions of others disrupted a joint session of the U.S. Congress convened to ascertain and count the electoral votes related to the presidential election.
            Riley June Williams, 23, of Harrisburg, Pennsylvania, was sentenced to 36 months in prison for interfering with law enforcement officers during a civil disorder, and resisting or impeding law enforcement officers, both felonies, as well as four related misdemeanor offenses. Williams was found guilty of the charges on November 21, 2022 after a trial in the U.S. District Court. In addition to the prison term, U.S. District Court Judge Amy B. Jackson ordered 36 months of supervised release and $2,000 restitution.
            According to the government’s evidence, on Jan. 6, 2021, Williams used an overturned bike rack barricade to climb an exterior wall and join the mob of rioters illegally on the Capitol grounds. Police use of chemical irritants to disperse the mob did not deter her. She entered the Capitol Building at approximately 2:15 p.m. through the Senate Wing Door, just two minutes after it was first breached, and urged other rioters not to leave. She remained inside for about 90 minutes, during which time she penetrated the Crypt, Rotunda, and Office of the Speaker of the House. While inside the building, Williams pushed other rioters to invade further, organized groups of them into a human battering ram to physically break through police lines, berated the police officers, directed a large group of rioters to lock arms to resist law enforcement efforts to clear them from the building, and encouraged another rioter to steal a laptop from the Speaker of the House’s office. Specifically, video captured Williams commanding another rioter to “Take that f—–g laptop” and told him “Dude, put on gloves!” so as to avoid being identified. Williams took video, audio, and photo recordings of her activities, which she proudly shared on social media, bragging about her leadership role in the riot and participation in thefts from the Office of the Speaker.
            Williams was arrested on Jan. 18, 2021, in Harrisburg, Pennsylvania. In the 12 days between the riot and her arrest, Williams repeatedly destroyed evidence and tried to evade law enforcement officials: she deleted her social media and communication accounts, instructed others to delete messages and take down videos from the internet, reset her iPhone, switched cellular phones, and used advanced software to wipe her computer.
            The case was prosecuted by the U.S. Attorney’s Office for the District of Columbia. Valuable assistance was provided by U.S. Attorney’s Office for the Middle District of Pennsylvania and the Middle District of Florida.
            The case was investigated by the FBI’s Washington Field Office and the Capital Area Resident Agency of the FBI’s Philadelphia Field Office. Valuable assistance was provided by the U.S. Capitol Police and the Metropolitan Police Department.
            In the 26 months since Jan. 6, 2021, more than 1,000 individuals have been arrested in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including more than 320 individuals charged with assaulting or impeding law enforcement. The investigation remains ongoing. 
            Anyone with tips can call 1-800-CALL-FBI (800-225-5324) or visit tips.fbi.gov.

Making sure that victims of crimes are treated with compassion, fairness and respect.
 


The United States Attorney’s Office In Your Neighborhood
 


Our nation-wide commitment to reducing gun crime in America.
 

source

Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
The UAE Cyber Security Council, formed in November 2020, is responsible for developing and overseeing a cyber security strategy that promotes  a secure  and resilient  cyber infrastructure in the United Arab Emirates.
The establishment of the Cyber Security Council was followed by legislations that developed to ensure effective cyber solutions were implemented. This article provides a brief overview of the essential articles of the Federal Decree Law No.34 of 2021 on Combatting Rumors and Cybercrimes which hold significant importance. , We will also discuss the role of the UAE Cyber Security Council in fostering collaboration  between the public and  private sectors  to enhance  cybersecurity  across the UAE.  
The enactment of this law was necessary to safeguard individuals and organizations from the rising cyber threats which have become a challenge in today’s world.  Criminals have an advantage in the borderless system of networks, allowing them to capitalize on anonymity and access.
Public-private partnerships involve cooperation between a government agency and a private-sector entity for the common good of the entire nation such as to finance, construction, and managing projects that aid in the country’s development in various domains.
 To develop a cybersecurity strategy, the UAE Cybersecurity Council has formed multiple collaboration agreements with external service providers from the private sector over the last eight months.  One such agreement has been made with Deloitte, one of the big four leading auditing and tax consulting firms and offers and extensive range of management and assurance services.   Given the fact Deloitte audits around 20% of all US Public Companies, this partnership aims to introduce international best practices within the Cyber Security Council and provide cyber training.
Another collaboration was established with Huawei, one of the largest telecommunications equipment manufacturers in the world, to focus on research and thought leadership in cybersecurity.  since telecommunication infrastructure is pivotal for protection, it is mandatory to invest in communications systems as a means of enabling security agencies to counter threats and safeguard society from harm.
 Additionally, the UAE Cybersecurity Council signed an agreement with Amazon Web Services, a widely adopted cloud platform that offers several on-demand operations such as computing power, database storage, and content delivery to help companies scale and grow.  The aim of this partnership is to assist (semi-)government entities in  accelerating their migration to the cloud.
 Giving the growing need for cybersecurity system globally,  it is evident that the UAE has adopted a proactive approach in developing legislations tailored to  the nation’s needs and  establishing collaborations to  protect organizations and  citizens from cyber threats. However, since cybercrime poses one of the greatest risks to prosperity and combat and exponential growth in recent times, we recommend expanding the protection layer worldwide by collaborating with Interpol through  their Global Cybercrime Program, which will facilitate international action to combat  and reduce cybercrime. 
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
Federal Decree Law No. (46) of 2021 Regarding Electronic Transactions and Trust Services (UAE)
Law on Combating Rumors and Cybercrime (No. 34) 2021 (UAE)
© Copyright 2006 – 2023 Law Business Research

source

Learn the basics of cybersecurity with this $60 web-based training package
Your email has been sent
The Premium Ethical Hacking Certification Bundle features eight courses that introduce students to the fundamentals and prepare them to earn important credentials from CompTIA.
The threat of a cyber attack is always looming, so experts advise companies to bolster their IT security budgets on the regular. Considering a tech career? Then cybersecurity is definitely a path worth considering. And to get started on your training, we suggest checking out the Premium Ethical Hacking Certification Bundle, currently on sale for a limited time.
The Premium Ethical Hacking Certification Bundle provides a convenient and affordable introduction to this very specialized field. It features eight courses that illustrate the basics of cyber security, shows students how to test various types of infrastructure and acquaints them with a lot of the tools that IT professionals use every day.
Once completed, students will have mastered the skills they’ll need to take and pass two very important certification exams from CompTIA — a widely respected organization that sets minimum standards for the entire IT industry. Basically, with one of their credentials in hand, students face a far better chance of success once they enter the workforce.
Of course, an education is only going to be as good as the training that’s provided. Which is why these courses are all facilitated by seasoned professionals — such as Joe Parys and Gabriel Avramescu — with stellar performance ratings. So, while the bundle itself is very affordably priced, that quality of the education offered rivals anything else you’re likely to find. The bundle is also rated an average of five stars by verified purchasers. One reviewer named Stefan H. wrote that this is “a must have for everyone who wants to go towards pen testing.”
Perhaps best of all, because the courses are delivered via the web, you maintain control over the pace of your own education. You can log in at any time you want, learn for a duration of your choosing, and then put it away until next time. And since there are no actual classroom sessions, the courses can be priced affordably.
In fact, right now, you can purchase the Premium Ethical Hacking Certification Bundle for just $59.99. That works out to less than $10 per course, which is an incredible value — especially when you consider how much you can earn per year as a salaried IT security pro.
Prices and availability are subject to change.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Learn the basics of cybersecurity with this $60 web-based training package
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.
Microsoft’s latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.
Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.
With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We’ve compiled a list of 10 tools you can use to take advantage of agile within your organization.
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to ‘eliminate’ passwords entirely.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, …
PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an …
PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit …
PURPOSE This checklist from TechRepublic Premium provides a method for auditing and documenting a client site and assembling an inventory of systems and software, as well as giving you a framework for developing recommendations, applying costs to them, and storing all that information in one file. Tracking client contact details, circuit information, network equipment, cloud …

source

Our Personal Tax Guide highlights tax planning ideas that may help you minimize your tax liability. Use this guide to identify issues that may impact you, then discuss them with your tax advisor.
EisnerAmper discusses a summary of CARES Act and how self-employed individuals, independent contractors or sole proprietors must submit necessary documentation
EisnerAmper provides some federal and state resources that are providing coronavirus-related assistance.
March 13, 2023
By Rahul Mahna
In 2023, the cost of cybercrime reached a whopping $8 trillion. Experts expect cybercrime costs to businesses to increase to $10.5 trillion over the next two years.
Cyber breaches cost businesses thousands of dollars each year, often due to common cybersecurity mistakes.
Luckily, preventing these common mistakes is simple. If businesses do not have the skills internally, they can work with an outsourced managed IT service provider to safeguard their networks, applications and other digital assets.
We’ve compiled a list of the top ten most common cyber threats and mistakes impacting businesses in 2023 to give businesses a running start.
1.  Relying on Antivirus Software Alone
Antivirus solutions have been the gold standard in cybersecurity for many years. This technology scans company files for known viruses. Some antivirus products also feature malware threat response services.
However, as cyber criminals’ tactics have evolved, so have the technologies used to stop them. While they are still helpful for modern businesses, a business’s cybersecurity strategy should not rely on antivirus software alone.
For example, endpoint detection and response (“EDR”) and extended detection and response (“XDR”) are solutions to detect potential threats. They offer an automated response, to protect businesses even after hours.
2.  Not Understanding Risk Profiles
Businesses may think an IT breach will not happen to them. In fact, cyberattacks happen all the time. They may not even know that a hack has happened in their workplace until it is too late.
This is why it is so critical for businesses to understand their risk of breaches. Doing a risk analysis can show where their IT security strategy is working and where it needs work.
Understanding risk profiles can help businesses prepare for the unexpected.
A risk analysis is best done by an independent third party. Businesses should select a vendor who is reliable, has extensive knowledge in audits and will perform an analysis that does not just follow a stated framework, but is personalized to the specific circumstances of the business.
3.  Over-Reliance on IT Departments
Cybersecurity may be within an IT department’s wheelhouse. However, breaches affect everyone in the workplace. As such, a business’s cybersecurity strategy should be all hands on deck.
Often, there is a strong reliance on the IT department, as it relates to threat detection and response to an incident; however, all  employees should be actively working to help prevent these breaches from happening in the first place.
Employees need to be trained in cybersecurity basics. Some of the most common cybersecurity mistakes happen when employees use public wi-fi connections, click on phishing links and fail to monitor webcams.
It is also essential to inform employees about the most critical assets of the business. For example, if handling sensitive personal information,  employees should be aware of the regulations surrounding it and not fall into common cybersecurity mistakes.
4.  Not Seeing Cybersecurity as an Investment
A robust cybersecurity system is an investment in a business’s future. Unfortunately, many business owners do not see it that way. Instead, they consider the costs of IT security a financial burden.
With fines for breaches and PR nightmares with customers, businesses need to realize that the benefits of a strong cybersecurity strategy far outweigh the costs. In fact, a sound plan could help them bypass their competitors.
Businesses will remain more competitive to their customers when they know their information will be protected. Prospective employees will prefer those firms as well. They will know their work is secure on a highly protected system.
5.  Falling for Cyber Scams
Cyber scams are on the rise and they are more dangerous than ever, because businesses and employees are often unaware of common tactics. Some of the most important scams to look out for are:
Phishing emails; Malware and ransomware scams; and Insider cyber threats.
Phishing attacks are arguably the most common of these. These scams happen when criminals send emails or texts to company devices. The user will be directed to download an attachment or click on a link in the email or text.
These types of criminals can be persuasive. For example, they may use another company’s branding or email addresses to make the scam look more authentic.
The COVID-19 pandemic also gave rise to new types of online scams. For example, many scammers have started posing as fake non-profits or health organizations to prey on people’s generosity.
6.  Not Updating Networks and Software
Did you know that failing to update your systems and applications can increase the risk of a breach? If not, it’s no wonder, considering what a headache doing company-wide updates can be.
Yet, products are made by humans, and humans are error prone. Updates to systems help reduce errors by including new updates to close loopholes and protect from vulnerabilities.
With frequent software updates, businesses can stay ahead of cybercriminals. Without them, they could be at risk for coordinated cyberattacks by criminals who target companies that do not update their products regularly.
7.  Neglecting Employee Training
Basic cybersecurity training is not enough for employees anymore. Employees are often the first point of contact for hackers. After all, hackers know that employees are the least knowledgeable about cyberattacks.
Part of employee training is also incorporating formal cybersecurity policies. Schedule training sessions to discuss and emphasize these policies during the workday.
Rules to include in a business’s formal policy include using company devices on public wi-fi networks, downloading unauthorized software on company devices and not sharing company devices with non-employees.
Create an employee checklist to make sure businesses hit all the most important subjects. For example, teach workers how to properly dispose of data and equipment. And train employees to back up this data in a way that won’t compromise its security.
8.  Not Using Two-Factor Authentication
Two-factor authentication, also known as 2FA or multi-factor authentication (“MFA”), is a security strategy used to log into systems. 2FA creates an extra layer of security over sensitive data.
To do 2FA, businesses need a password and second login method. For example, some systems may require them to log into a system using an authentication code sent to an employee’s email or phone.
Hackers cannot get the code needed to log in without access to an employee’s email or phone. The more difficult businesses make it for a cybercriminal to get into their systems, the less likely they are to try.
9.  Reusing Passwords
Does your business use the same password or passwords for all their systems? If so, two-factor authentication may not be sufficient protection. The same is true of shorter passwords and passwords that are not randomly generated.
When creating passwords, try randomly generated strings of numbers and letters, uppercase and lowercase. Also, avoid using patterns in keywords. That includes patterns like ‘abcd’ and ‘1234.’
Other password security best practices include using longer passwords. Experts recommend using passwords with 16 characters or more. Also, consider using password managers to store and retrieve login information securely.
Another thing to consider with passwords is who needs access to them. For example, do all the employees need access to every system at the business? If not, consider creating one-time passwords for situations when non-regular users need access to a particular system.
10.  Not Thinking About Prevention
The best way to prevent costly breaches at a workplace is to prevent them from happening in the first place. These tips on our list can help. But what happens if businesses do not have an IT department or CIO to prevent cyberattacks? Learn about what managed cybersecurity solutions for companies are and how businesses can use external services to augment what they have.
Are You Making These Common Cybersecurity Mistakes?
Businesses lose millions of dollars to the above cybersecurity mistakes each year. You do not have to be one of them. It’s important for businesses to train their IT departments and employees and follow basic cybersecurity protocols to shore up their operational cyber plans.
 
Rahul Mahna is a Partner in the firm and leads the Outsourced IT Services team with over 20 years of experience in IT technologies, software development and cybersecurity services.
Transform, Build, Innovate and Connect
©2023 Eisner Advisory Group LLC. All rights reserved.
“EisnerAmper” is the brand name under which EisnerAmper LLP and Eisner Advisory Group LLC, independently owned entities, provide professional services in an alternative practice structure in accordance with applicable professional standards. EisnerAmper LLP is a licensed CPA firm that provides attest services, and Eisner Advisory Group LLC and its subsidiary entities provide tax and business consulting services.
“EisnerAmper” is the brand name under which EisnerAmper LLP and Eisner Advisory Group LLC provide professional services. EisnerAmper LLP and Eisner Advisory Group LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. EisnerAmper LLP is a licensed independent CPA firm that provides attest services to its clients, and Eisner Advisory Group LLC and its subsidiary entities provide tax and business consulting services to their clients. Eisner Advisory Group LLC and its subsidiary entities are not licensed CPA firms. The entities falling under the EisnerAmper brand are independently owned and are not liable for the services provided by any other entity providing services under the EisnerAmper brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by EisnerAmper LLP and Eisner Advisory Group LLC.

source

#225BATONROUGE

LSU is establishing two student-run security operations centers, or SOCs, to provide the university’s Baton Rouge and Shreveport campuses with cybersecurity protection and response.
To staff the SOCs, the university announced it has signed an agreement with cybersecurity firm TekStream to provide training to the students at the same level it trains its own employees on cyberattacks, analysis, network defense, policy and escalation, and real-time response tactics to actual incidents.


Losses from cyberattacks have seen a five-fold increase over the past five years, according to the latest data reported by the FBI Internet Crime Complaint Center. Higher education is one target of the malicious online attacks, as evidenced by the suspected cyberattack that recently caused campuswide internet disruptions at Southeastern Louisiana University, as reported by Louisiana Illuminator.
The initiative is being funded out of the $2.5 million the Legislature approved in 2022 for cyber education and research at the Baton Rouge and Shreveport campuses. Read the announcement.
This story originally appeared in a March 8 issue of Daily Report. To keep up with Baton Rouge business and politics, subscribe to the free Daily Report e-newsletter here.

source

Tech layoffs aren’t hitting this digital job market where over 700,000 workers are needed  CNBC
source

Home > News > 2023 > Cyber NSA
Published: March 10, 2023
SUNY Canton’s four-year Cybersecurity Program continues its unparalleled growth with a new U.S. National Security Agency (NSA) designation.
The NSA and Department of Homeland Security recently informed the Center for Criminal Justice, Intelligence and Cybersecurity that it has received a National Center of Academic Excellence in Cyber Defense (CAE-CD) designation. Cybersecurity previously received NSA Program of Study Validation approximately six months ago.

“A highly skilled cybersecurity workforce is a strategic national security advantage,” said NSA CAE Program Manager Annie Becker. “The United States Government will continue to invest in and enhance programs that build the domestic talent pipeline, from primary through postsecondary education.”
The program met the increasing demands to serve the nation and contribute to protecting the National Information Infrastructure. A National Cyber Strategy authored in 2018 outlined the critical shortage of professionals with cybersecurity skills and highlighted the importance of higher education as a solution to defending America’s cyberspace.

“The CAE-CD designation signifies SUNY Canton’s excellence and assures students and employers that the Cybersecurity program aligns with national standards for cyber defense,” said School of Science Health and Criminal Justice Dean Michele A. Snyder. “It also recognizes that we can actively contribute to the cybersecurity community locally and nationally.”
Cybersecurity has become one of the largest programs at the college, with about 202 total students enrolled as of Fall 2022. This growth represents a more than 1400% increase from the original enrollment of 13 students when the program began in 2018. It is second only to the college’s Healthcare Management program, which has 242 total enrollments. Both programs are available entirely online with select in-person or flex class options.
Cybersecurity has become so large that the college has created a department within the School of Science, Health and Criminal Justice to handle the influx of students and offer expanded learning opportunities.
According to Associate Professor Kambiz Ghazinour, Ph.D., reasons for the rapid growth include increased cyber threats exacerbated by the COVID-19 pandemic, greater dependency on technology, new governmental regulatory requirements, and increasing awareness of privacy and risks associated with cybercrime.
“Understanding cybersecurity is no longer just an option; it’s necessary for the future. As technology advances, so do the threats and vulnerabilities that come with it,” Ghazinour said. “As academics and educators, we have a responsibility to not only teach the current state of cybersecurity but also to evolve and adapt to stay ahead of the curve. Only then can we truly prepare the next generation of professionals to defend against the ever-growing threat landscape.”
Ghazinour also oversees the college’s Advanced Information Security and Privacy (AISP) Research Lab, which provides students with the opportunity to get familiar with cutting-edge industry research. “Our students present their research articles to prestigious peer-reviews conferences and gain valuable knowledge that will help them with both future employment and graduate studies,” he said.
SUNY Canton has joined the ranks of several other New York colleges with NSA accreditation, such as Rochester Institute of Technology, the University at Buffalo, and the University at Albany. Canton’s CJIC has established agreements with UAlbany’s College of Emergency Preparedness, Homeland Security, and Cybersecurity, which offers students a convenient pathway to pursue graduate degrees at an accelerated pace.
As Northern New York’s premier college for career-driven bachelor’s degrees, associate degrees and professional certificate programs, SUNY Canton delivers quality hands-on programs in engineering technology, management, and healthcare fields. It is home to the Center for Criminal Justice, Intelligence and Cybersecurity. Faculty members are noted for their professional real-world experience in addition to outstanding academic credentials. As SUNY’s leader in online education, SUNY Canton OnLine offers hundreds of flexible and convenient courses as well as 23 online degree programs. The SUNY Canton Kangaroos 15 traditional athletic teams compete at the NCAA Division III level as part of the North Atlantic Conference. SUNY Canton also features varsity esports and cheerleading.
Cybersecurity NSA Michele Snyder Kambiz Ghazinour
34 Cornell Drive
Canton, NY 13617
© 2022 SUNY Canton | Web Accessibility | Privacy Statement | Non-Discrimination/Title IX

source

Decision to introduce a course on cyber security in degree colleges has been taken during a meeting convened by TSCHE

Hyderabad: Given the sharp rise in cybercrime, the State Universities will not just be creating awareness but also prepare cyber warriors to tackle and prevent cybercrimes. Towards this, the universities will be offering the cyber security course at the undergraduate (degree) level from the next academic year i.e., 2023-24.
This new course designed and developed by experts from the Osmania University and NALSAR University of Law can be chosen by any undergraduate student irrespective of their coursework. Students pursuing BSc or BA courses in the degree colleges can also take up this new elective, which will have two credits.
Decision to introduce a course on cyber security in degree colleges has been taken during a meeting convened by Telangana State Council of Higher Education (TSCHE) Chairman Prof. R Limbadri with Revenue Principal Secretary, Commissioner of Technical and Collegiate Education Navin Mittal and Vice Chancellors of six conventional universities in the State here on Thursday.
“Not just creating awareness on the cybercrimes, the new cyber security course will help students with employability opportunities,” Prof. Limbadri said.
Apart from cyber security, the university will also be offering BSc (Honours) Computer Science as a major and artificial intelligence and machine learning as minor subjects from the next academic year.
Another decision was that private affiliated degree colleges will be granted generic affiliation instead of course-wise affiliation from the next academic year. This meant all the BSc Life Sciences or Physical Sciences will be given a single affiliation instead of course-wise as is being done now. The affiliation process will be through university management system.
During the meeting, officials reviewed the bucket system that enable students choose their subject as per their interest.
To ensure standards in the higher education system, it was also decided to encourage all higher educational institutions in the State to go for National Assessment and Accreditation Council (NAAC) grading. The TSCHE will be providing a seed fund of Rs.1 lakh to the colleges desirous to go for the grading. It will also hold workshops and seminars with resource persons from the NAAC Bangalore on creating awareness on the grading system.
 
© Copyrights 2022 TELANGANA PUBLICATIONS PVT. LTD. All rights reserved. Powered by Veegam

source