show episodes
 
CSF is a non-denominational campus ministry located at the University of Kentucky. http://ukcsf.org/.
 
CSF is a non-denominational campus ministry located at the University of Kentucky. http://ukcsf.org/.
 
CSF is a non-denominational campus ministry located at the University of Kentucky. http://ukcsf.org/.
 
C
Cybersecurity Sense
Monthly+
 
CyberSecurity Sense is LBMC Information Security's weekly podcast that will provide insight and updates on such information security topics as: Managed Security Service Providers, IPS Monitoring and Managed IDS Services, Security Information Event Management, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Computer Security Incident Response, Penetration Testing, Risk Assessments, Security Program Planning, Web Application Security Assessments, ACAB LADMF Certificatio ...
 
CSF is a non-denominational ministry located at the University of Kentucky. http://ukcsf.org.
 
Loading …
show series
 
In a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the cu ...…
 
Most penetration testers are considered “red team,” while most defenders are considered “blue team.” Thus, the irony of a conventional penetration test is that these two groups are typically pitted against each other. When the red teams and blue teams are working together, you have what’s called a “purple team.” While purple-teaming has not alw ...…
 
The EU’s General Data Protection Regulation (GDPR) permits users certain rights (referred to as “data subject access rights” or “DSARs” in the documentation) that organizations will need to be prepared to accommodate if they must comply with GDPR. For organizations to be prepared to respond, it’s important to have a clear understanding of DSARs ...…
 
As organizations determine whether the E.U.’s General Data Protection Regulation (GDPR) is applicable to them, there are several important things to consider when it comes to compliance. Among those things involves preparing for and responding to personal data breaches which is not just a requirement of the GDPR; it’s a good business practice i ...…
 
As the May 25, 2018 GDPR enforcement date fast approaches, many organizations are asking, “How does the GDPR will apply to my organization?” As the GDPR extends to U.S. organizations that offer services to or monitor behaviors of E.U. citizens, it’s important to understand how to classify your organization’s data to determine GDPR applicability ...…
 
The question is not, “Will your employees will get your company hacked?” but rather “When will your employees get your company hacked?” A recent article from HITECH Answers highlights this sad reality of human-error being the most common reason for a cyber intrusion and data compromise. So, while employee actions can circumvent most every secur ...…
 
In a recent report from Wombat Security Technologies based on data from millions of simulated phishing attacks, it was found that 76% of organizations said they experienced phishing attacks in 2017, and nearly half of information security professionals said that the rate of attacks increased from 2016 to 2017. F-Secure also recently released re ...…
 
When cloud-managed security was first introduced, there was some concern about the levels of security as compared to the security of data on an organization’s premises. Today, security professionals have implemented the appropriate controls to help could-based data management be safe and effective. As many organizations are now embracing and mi ...…
 
Brian talks about feet, and the Cats upcoming game against Kansas State.By apple@ukcsf.org.
 
No matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them on ...…
 
In the information security world, we all wish we had more access to senior executives. Following that logic, if you’re responsible for security at your organization, and you are lucky enough to ride on the same elevator with a senior executive from your company, you should be prepared with your “elevator pitch” on what to say about improving t ...…
 
The AICPA Cybersecurity Working Group brought to life a new type of cybersecurity examination report in 2017 known as SOC (System and Organization Control) for Cybersecurity. These reports are intended to provide a consistent approach for evaluating and reporting on an entity’s cybersecurity risk management program and give management the abili ...…
 
UnDivided Series with Chuck Mingo of Crossroads ChurchBy apple@ukcsf.org.
 
Brian Marshall-Jan 11 2018By apple@ukcsf.org.
 
Incident response consultants are often contacted by clients who are in complete shock that their systems or networks have been compromised. Many times, these clients are hoping our analysis will ultimately prove that the incident was just a “flesh wound” to their systems and that they didn’t experience an actual data breach. It’s quite common ...…
 
In comparison to previous years, 2017 was a good year as the number of healthcare records compromised was significantly down. As of December 30, there had been 341 breaches reported, affecting a little less than 5 million individuals. This compares to 327 breach reports in 2016 but with 16.6 million individuals affected. When this information i ...…
 
A recent report from cybersecurity firm, FireEye revealed that Chinese hackers have been actively targeting a shortlist of multinational law firms since at least June of 2017. This was an apparent effort to spy on lawyers and steal confidential information, proving that not only are law firms targets of nation states, but attackers are also kee ...…
 
Since business leaders and board members are not often technically-inclined, they tend to have many questions about cybersecurity. Because of this, the AICPA recently recognized the need for a new type of cybersecurity examination report and put together a task force to bring to life what’s now known as SOC (System and Organization Control) for ...…
 
Bob Russell - Nov 30, 2017By apple@ukcsf.org.
 
A key observation that can be made within the information security industry today is that cybersecurity is not extremely difficult, it is just hard and requires long-term dedication, focus, and commitment. Considering this observation, a key question all cybersecurity professionals must ask is, “If you don’t know where you are, how do you know ...…
 
Often in the information security industry, professionals can be accused of spreading fear, uncertainty, and doubt with cybersecurity concerns. However, considering the implications of integrity attacks, it is essential to pay close attention to them. As more organizations move to cloud storage, user authentication compromises are increasing. I ...…
 
As operational technology (OT) networks are used with specialized Industrial Control Systems (ICS) to monitor and control physical processes such as assembly lines, mixing tanks, and blast furnaces, these networks have become ripe targets for adversaries. The lack of basic protections like antivirus can enable attackers to quietly perform recon ...…
 
Though not in the recent limelight, it’s no secret that espionage from nation states is happening once again. With sophisticated attacks on InfoSec supply chain companies in 2012, 2013—and as recently as the past few months—many people are left wondering who would target these specific companies? In the end, we know that despite agreements betw ...…
 
Austin Woffard - Oct 26, 2017By apple@ukcsf.org.
 
For the past 20 years, Kaspersky Lab has provided deep threat intelligence and security expertise for businesses, critical infrastructure, governments, and consumers around the globe. More than 400 million users benefit from protection services provided by Kaspersky, in addition to approximately 270,000 corporate clients. Recently, Kaspersky ha ...…
 
When an organization experiences a data breach, one would hope that a quick recovery is ideal, right? But, did you know that there are instances when a quick breach recovery can hurt an organization? For one healthcare facility, this was the case, as it fell prey to a ransomware attack. While the organization was able to quickly recover operati ...…
 
Sadly, email data breaches continue to be an increasing problem for businesses and organizations who retain large amounts of sensitive client and customer data. In fact, more than 700 million email accounts and millions of associated passwords were recently leaked in the biggest spambot dump ever. Breaches of this scale and impact have happened ...…
 
Remote access to networks has become commonplace in today’s IT environments, as this access is mainly used for IT support, power users, and developers. While this capability can be provided in a safe and secure manner, it can also be deployed in a manner that leaves the organization at great risk. When Remote Desktop is enabled, attackers can b ...…
 
Especially for healthcare IT systems, cyber attacks can lead to the exposure of patient data, service disruptions, time-consuming recovery processes, and high costs in the form of paying a ransom or spending money on new servers, security systems, or consultants. However, that is only when an organization is aware of the breach. Some network br ...…
 
It’s true—insider threat events are typically much less frequent than external attacks. However, insider threats often pose a much higher severity of risk for organizations when they do happen. As insiders are given access to sensitive information for work purposes, there’s a great potential for them to do a tremendous amount of damage to a bus ...…
 
Since January of 2015, all 50 of the United States have reported an increase in business email compromise (BEC) attacks—a 1,300 percent increase, to be exact. Even worse, organizations have reported a loss of nearly one billion dollars. With everyone now being a potential target, it’s been noted that reconnaissance, social media, and social eng ...…
 
SIEM, or security information & event management, is becoming a fairly common security control these days. It focuses on aggregation and analysis of log data. For this podcast we will assume you have a basic understanding of SIEM and how it’s commonly deployed. If you don’t have that base-level of understanding, you might want to check out one ...…
 
Are you prepared for a ransomware attack? Bill Dean, Senior Manager, LBMC Information Security, discusses a low-cost approach method to determine how well you will respond to computer cybersecurity incidents, similar to those that you are reading about in the news, by performing incident response tabletop exercises.…
 
Google login Twitter login Classic login