Cyber Security Trend Week in Review: Fraud Detection, Certifications, Analytics, Compliance
This week in the Cyber Security Trend Community featured some interesting advice on several fronts for skilled IT security professionals to consider. Topics ranged from fraud detection and prevention to compliance. We chose to focus on advice this week despite the plethora of bad news relating to security issues including bogus download sites containing malware with the amazingly popular Pokémon Go, Fiat Chrysler’s new bounty program, the Omni Hotels data breach and the continuing attacks on health care companies. They all point to the agility of the bad guys to exploit vulnerabilities and the need to be trained and certified on the latest and most destructive.
First up this week is the insightful article from special guest Ryan Wilk, vice president of customer success, NuData Security. In the posting, Fraud's New Focus - and How to Defeat It, Wilk explains how the emerging area of observable behavioral biometrics can help detect fraud by gathering data that cannot be spoofed. This is non-trivial as assuring that interactions are with legitimate users has become a priority in enterprises of all sizes and locations.
Community host (ISC)2 and its training and certifications programs made news this week with the announcement that Cycubix is not offering (ISC)²® Information Security Training to Engineers Ireland members. It is a reflection of how and why security knowledge is becoming critical as part of solutions vendor offers as well as an illustration of the prestige attached to using our host’s capabilities.
In the third item this week, a team from Securonix shared insights on why predictive analytics is emerging as something cyber security pros need to have as part of their tool kit. In the posting, Sally is Going to Do What!? Predictive Analytics Explored, conclude with the observation:
Not that long ago, we thought large cement walls were the answer, but as General George S. Patton said, “Fixed fortifications are a monument to the stupidity of man...An even shorter time ago, we thought firewalls, anti-malware and SIEM were the answer. Ultimately we must adapt as the threat actors have adapted and embrace predictive analytics as a critical new component of cyber security that integrates with and augments prevention, detection and response.
Finally, as every cyber security professional knows up close and personal, a critical professional responsibility these days as part of the overall task of meeting organization’s risk management objectives is compliance. Special guest Ruth Zive, vice president of marketing, blueprint software in her posting, Seven Best Practices to Support Regulatory Compliance, provides a nice reference piece on what are the best practices for assuring that your organization is in compliance.
For those new to the community and for old hands as well, we like to point out that the Cyber Security Trend home page has been designed as your easy to use gateway to valuable resources. This includes feature articles, news, white papers and profiles of certifications that can help you keep your organization safe and secure and help advance your career. The Official (ISC)² OnDemand Training and The Rise of the Cloud Security Professional Whitepaper are just two of several resources that stand out. In addition, our companion Cloud Security Resource site is also a source of valuable security insights and news.