Friday, February 26, 2016

#darktriad - Psychopathy | Narcissism | Machiavellianism

The dark side harbors the bright side…I guess
It’s Friday - copy-paste from Harvard Business Review:

  • Narcissism was positively linked to salary
  • Machiavellianism was positively linked to leadership level and career satisfaction
  • individuals with psychopathic and narcissistic characteristics gravitated towards the top of the organizational hierarchy and had higher levels of financial attainment
  • Base rate for clinical levels of psychopathy is three times higher among corporate boards than in the overall population
  • Dark triad traits tend to enhance competitiveness, if only by inhibiting cooperation and altruistic behaviors at work
  • dark triad personality characteristics constitute the essence of the freeriding
  • An intermediate – rather than low – level of Machiavellianism predicts the highest level of organisational citizenship, perhaps because Machiavellian individuals are politically savvy and good at networking and managing upwards
  • Best leaders displayed the bright-side features of narcissism while inhibiting its dark-side traits: they were high in egotism and self-esteem but low in manipulativeness and impression management

...for me, it’s all about Balance
on No comments:

Wednesday, February 24, 2016

Opt-in to Leadership

Talent does not equal success.  Some of the most successful business man/women, politicians, Presidents, etc. rank in the lower half of their graduating class (and some didn't even graduate college).  Talent might very well be given to you or inherent but success must be earned.
Often times leaders are thrust upon the role due to technical accomplishments or accolades from previous projects or tasks but to be success, however, starts within oneself and can incite the unlimited human potential of others and deliver results.
While leadership is a teachable skill, it can be a lifelong process and may come more natural for some.  Capitalize on each opportunity and buy-in to earning success because your potential is limitless.
“HOW YOU LEAD DETERMINES HOW SUCCESSFUL YOU ARE” - Richard Rierson’s Dose of Leadership

on No comments:

Monday, February 22, 2016

UK CIOs' cyber readiness may not be what you think

82% of UK CIOs are pressured by the business to prevent, detect and resolve security incident faster (particularly in financial sector) however,
25% not concerned with security breach
15% are proactively identifying threats
UK CIO’s believe 26% would be able to uncover breach within 14 days and 33% within 90 days. Additionally, the biggest tale revealed/say, 52% would know how and what systems were affected if a breach were to happen today and within 24 hours.  Really...with other stats that show:
256 days to detect breach
100-120 days to remediate after attack
Average cost of $3.8 million

Alarming statistics particularly since hackers are no longer just smart young kids but instead, heavily funded organizations with high stakes and very passionate motives.
End-point protection is still lacking in comparison to the deployment of traditional firewall, anti-virus, intrusion detection system and encryption.  External partner connections extend the physical boarder which offers no consistency in data protection today and dialog between companies as well as inter-countries have proven to be a challenge.  Additionally, another gap is the lack of qualified cyber security professionals as seen by the large volume of open positions that have proven difficult to fill.  Cyber security is the 6th fastest growing industry in the UK and is set to grow 13% per year according to the Department of Business, Innovation and Skills (BIS)…which some say can take 20 years to fulfill.

Article sources:
Carbon Black 
Ponemon 
Computer Weekly

on 1 comment:

Wednesday, February 10, 2016

Encryption and Backdoors

The upshot of ISACA's the sky is falling article identifies the following, from an SME that lives and breathes cybersecurity and forensics:
  •          Humans are the weakest link i.e. phishing and social engineering
  •          Security awareness training is essential…since data harvesting can occur over years
  •          Continuous communication since some of the preventative items seemingly easy and just makes common sense

Now, instead of diving deep into forensics which is probably best left as a separate post, lets transition off to recent events. Trending lately is data encryption and backdoors by the way of Blackberry and RSA, respectively.
As if Blackberry didn’t have enough to worry about its place in the market.  A claim has surfaced that its PGP used for email can be decrypted with commercially available tools.  In fact source, Dutch investigators, was quick to point out that not all, but nearly 85% of encrypted emails including deleted messages were recovered. Blackberry’s response have been limited, to be expected, but what encryption isn’t full proof, right. 

There again, unless you purposefully or offer to leave backdoors…as reported by Reuters that NSA paid RSA for making the random number generator algorithm the default option in its cryptographic toolkit.  Of course Snowden’s information leaks spurred conversation which now may have some affects on the upcoming 2016 RSAConference.  Over half-dozen presenters have withdrawn including members of Google, Mozilla, Taia Global, F-Secure and now OWASP is voting on the boycott matter.  Unfortunately, the RSA named conference was intended to be an independent forum anyway; yet likely to suffer from the RSA brand for which the event is hosted under.  Wonder if naming it EMConference make a difference?  The vendor presentations, exhibits and sponsorships has opened doors for other companies and it does not seem to have a short of those requesting.
on 1 comment:

Friday, February 5, 2016

Identity Theft: 65,000 UCF SSN

If you’re the not so lucky University of Central Florida Sentinels past/current study or staff, you will be receiving notice today of a Social Security Number security breach.  Records also included student IDs, class studies and their sports - including 600 student-athletes of 2014-2015.  Apparently access shown to occur on Jan. 8 and realization of breach occurred on Jan. 15, but release notification held due to investigations and work with law enforcement.  It’s suggested that hack resulted from multiple individuals, and phishing is suspected but not confirmed.  While no evidence indicated thus far that the information has been published or used/exploited, free 1-year credit reporting and services is being offered as a result of the mishap.
Recall other notable other higher education breach: University of Maryland and North Dakota University with 300,000, Auburn University with 370,000 and Butler University with 163,000 records...


on No comments:

Wednesday, February 3, 2016

TalkTalk update to earlier post & Outsourcing

It’s been months since the UK cyber attack and while investigation continues, but last week 3 Wipro Kolkata call center employees were arrested in connection with the 157,000 customer records (and approx 15,000 banking information) data breach.  Apparently the BPO relationship had been formed to increase customer satisfaction by 10% and targeting results in the tunes of $2 million in annual cost plus $1 million increase in revenue via analytics that would lead to reduction in TalkTalk customer complaints.  Reports indicate TalkTalk’s had lost 7% of its existing customers as a result of the breach (of which 250,000 broadband customers the week of the breach in October).
Of course, Wipro isn’t commenting much on an existing investigation but state the confidentiality and integrity of its customers’ data is important and has zero tolerance policy.  Recall another outsourcing competitor, Infosys, who lost their CEO and CFO of BPO Operations that resulted in overbilling of Apple by Infosys employees.  Looks like the new Wirpo CEO, Mr. Neemuchwala, will be relying on it's new-age technology and artificial intelligence to make some immediate impact...on top of trying to grow the 3rd largest software firm and its profits.

Vendor and Supplier Information Security Diligence and Audit programs are essential part of doing business...across the street or across the pond.  It always a balance of business capability/flexibility and IT/security - but particular focus areas including: data exfiltration [thin clients], comingling of data [network and application segregation], dedicated resources/SME [least privileges], accountability/liability [contract/legal/incident response], and spot/surprise audits [contracts].
on No comments:

Cyber events in early 2016

Few of the notable conferences:

  • First, needing no intro, who’s going to the February 25th anniversary of #RSAC in the Bay?
  • General Audit Management Conference in Dallas, March – IIA summit for audit management with tracks from Technology Risk, Leadership and of course, auditing strategically
  • SANS Cyber Threat Intelligence Summit in Alexandria, February – with SANS courses including hacking, monitoring/operations and forensics
  • B-Sides Tampa Security Conference in April – for security hackering
  • ICISSP 2016 in Rome, Italy, 2nd Annual in February – Security and Privacy practitioners
  • CISO Summit in New York, February – for practices in Enterprise Security Threats
  • Secureworld in Boston, March – for cybersecurity
  • CyberSecurity – Women in cyber, Dallas in March
  • ASIS International in London, UK, April – European security conference on various industries and topics on threat landscape
  • Interop Las Vegas, in May – with various conference tracks

Just a few that crossed the radar.  Enjoy...see you out there

on 1 comment:
Subscribe to: Posts (Atom)