by Craig Cocciola | Aug 26, 2016 | Ethical Hacker, Insider Threats, Knowledge Center, News
What is an Insider Threat?
Is the threat to your organization someone you know and trust? An Insider Threat may be intentional or just bad work habits, poor training and personal behaviors. Both intended and unwitting threats are significant problems. Ignoring questionable behaviors can only increase the potential damage the insider can have on your organization, the national security and/or employee safety. While each insider threat may have different motivations, the indicators are generally consistent.
Be Alert! Be Aware! Report suspicious activity to your local security official. See something, say something. Nine times out of ten, after an attack on data or people, someone realizes they knew something that could have stopped or reduced the damages, or even deaths.
Insider Threat Examples of possible Reportable Behaviors – Information Data Collection
- – Keeping classified materials in an unauthorized location
- – at home, car, backpack, bag, personal server
- – Attempting unauthorized access to private or classified data information
- – Obtaining access to sensitive information beyond the requirements of a person’s job
- – A request from a worker or team member to provide access or documents without a current need or out of their project access
- – Questionable data or file downloads
- – Gathering information which has no relevancy to assigned work
- – Unauthorized use of removable media and moving files without permission
- – Using an unclassified medium to move classified materials
- – Unsecured faxing, thumb drives, external hard disks
- – Discussing classified topics and materials on non-secure phones, using non-secure emails or texts
- – Use of cellphone in or out of workplace on home phone or personal email or texting
- – Removing the classification markings from documents
- – Changing the classification or observing deleting classified markings
- – Unnecessary or excess copying of classified materials
- – Nervous behaviors around unusual activities
- – Moving data to external drives or any out of pattern heavy usage of copy machines
- – Expressing loyalty to another country or for a radical cause
- – Displays desire to help, assist or fight for a foreign faction
- – Concealing reportable foreign travel or contact
- – Sudden reversal of financial situation or a sudden repayment of large debts or loans
- – Mysterious purchase of new car, expensive jewelry or large investments
- – Being disgruntled to the point of discussing or writing about the desire to retaliate
- – “I’ll get them for this” or “she’s going to pay for that”
- – Repeated or unrequired work outside of normal duty hours
- – Bringing an unapproved BYOD or work device into a unauthorized or controlled area
What’s in it for me to take the risk of reporting something?
Insiders have a negative impact on your industry, our nation’s security and safety and well-being of the citizens. Not reporting can seriously affect your career or even cause you big legal problems. The effect of not reporting, often will result in:
Not reporting can seriously affect your career or even cause you big legal problems.
The effect of not reporting, often will result in:
- – Loss or compromise of private information, of classified or controlled and sensitive information
- – Military weapons can be reproduced, destroyed, or rendered ineffective
- – The country’s loss of technological competitiveness or superiority
- – Financial loss, company brand and image damage causing layoffs or slowing economic growth
- – Public utilities and infrastructure damage and physical harm, and loss of life
Take the Insider Threat seriously. It’s worth doing the right thing over the cost of keeping quiet.
To find out what steps you can take in creating Insider Threat awareness, and the requisite change management for your organization, call Susan Morris or Tom Jenkins today.
480-222-7507 office or 480-227-5134 direct
by Craig Cocciola | Aug 24, 2016 | Cybersecurity Certifications, Cybersecurity School, News
FOR IMMEDIATE RELEASE
Advanced Business Learning Launches New Cyber Security
Certification Preparation School in Arizona
Licensed in the State of Arizona as a postsecondary vocational school, ABL, an industry Authorized Training Provider (ATP), is offering five-day cyber security boot-camp certification preparation courses at their classroom facility in Tempe.
Scottsdale, AZ (August 18, 2016) – Scottsdale based Advanced Business Learning (ABL Academy) has been supporting the US Intelligence Community and the US Navy with cyber security boot-camp-style certification preparation and is now bringing these highly efficient, low cost programs to businesses and individuals in Maricopa County and throughout Arizona.
A strong value of ABL Academy is their pre-course assessment tools, as well as their reinforcement and continuous learning environments post-course where students are encouraged to participate in sponsored communities of practice. ABL Instructors dedicate time for tutorials at the end of each class day to provide reinforcement and individualized coaching as needed, which ensures a high exam pass rate. On-line live workshops and labs, discussion groups and instructor-led blogs are all under design and development for additional value and support for every student. Upon certification ABL Academy assists with job search preparation and resume submission to prospective employers.
ABL Academy’s learning environment is student centric. ABL Academy’s proven ability to bring world-class course content, live in-person education taught by excellent, experienced instructors result in an outstanding learning experience. Their core belief is that the instructor is far more credible and effective if they have “felt the pain” associated with being experienced in real world application.
“The need for smart, knowledgeable and strategic cybersecurity professionals has never been more obvious”, said Tom Jenkins, CEO of ABL. “Hardware is easy to protect. People in an organization often represent the weakest link in the security chain. As cybersecurity becomes more and more integrated in to the mission of the organization, not just another administrative department, the cyber professionals in a company require ongoing education and knowledge of best practices to work with and educate their internal colleagues and management”, said Tom Jenkins.
Class schedules will start in late September for CISSP; PMP; Security +; Network +; CEH and more. Visit www.advancedbusinesslearning.com/cybersecurity for further details on classes or contact the ABL Academy at: 480-222-7507 or 480- 339- 4851.
About Advanced Business Learning (ABL)
For over 17 years, Advanced Business Learning has been a leader in workforce effectiveness programs serving the US Government and Fortune 1000 clients across the country and around the globe. Their team of elite consultants, instructors and best-of-breed partners are dedicated to delivering relevant, results-focused programs that are cost effective and have a measurable impact on your company’s short term goals and long term success.
Advanced Business Learning has a mission of bringing the same high quality DoD classroom experience with authorized CompTIA; EC-Council; ISACA; ISC2; and PMI materials plus military grade instructors, many with DoD experience and Secret clearances, to our certification exam prep courses where they ensure both certification exam readiness and application to real world work.
Phoenix Marketing Associates
by Craig Cocciola | Aug 23, 2016 | Cyber Security, Cybersecurity Certifications, Cybersecurity Jobs, Ethical Hacker, News
Best CyberSecurity 5 Day Classes to Earn Certifications
As companies find themselves becoming more and more vulnerable to data breaches, employers in Arizona are increasingly looking within to hire or promote employees who have obtained cybersecurity certifications to ward off future potential attacks. Corporations like Target, who have recently fell victim to a data breach not only pay millions in costly fines but also lose consumer trust and future goodwill.
CompTIA Security +
Job seekers within the growing technology trade in Phoenix who wish to obtain a commercial cybersecurity job or land a coveted IT security position within the defense industry must receive certification as a prerequisite from a state certified school. Depending on the position desired, candidates can start their career with a basic CompTIA certification in network security while top-tier candidates seek the coveted Certified Information Security Manager (CISM). CompTIA certification gives candidates a good overview of best practices in troubleshooting, networking and security across a broad array of devices. Although the CompTIA certification is seen as a stepping stone for more advanced levels of certification, it’s important to note its relevancy as it is required by all employees of the U.S. Department of Defense.
Certified Ethical Hacker
An industry in Arizona that is rapidly growing in popularity is “Ethical Hacking” or “White Hat Hacking.” Ethical hackers must be properly trained and certified because of the high level of trust that is commanded by these positions. Ethical hackers are a unique breed whose main job is to think like a malicious cybercriminal while using that information to protect its employer. In order to properly train individuals to perform this job function, candidates are encouraged to obtain a Certified Ethical Hacker (CEH) certification. Certified Ethical Hackers are often referred to as “penetration testers” and are actually encouraged to attempt to penetrate a company’s network without physically stealing any data. Those who are able to successfully balance this mental game are also well rewarded as salaries start within the six figure range.
Certified Information Systems Security Professional
One of the most popular certifications prospective job seekers can obtain is that of a Certified Information Systems Security Professional (CISSP). Generally obtained by experienced IT professionals, consultants and auditor and risk management professionals, this certification serves as a base requirement for employees securing a company’s network. While the certification doesn’t focus on a single vendor, it does cover a wide array of topics from physical security to cryptography. Those who fully capitalize on the CISSP certification can make in excess of $150,000 per year.
Certified Information Security Manager
The Certified Information Security Manager (CISM) certification is a top-tier certification for those who have at least five years of experience within the network security industry. The CISM classes are very rigorous and will demand every bit of your five years’ background in IT. Those completing this advanced certification will learn about the following four area of cybersecurity:
- > Information security program development and management
- > Information security management
- > Information security incident management
- > Information risk management and compliance
Completion of this certification has the potential to roll out an invitation to the C-suite as CISM’s often obtain Chief Information Security Officer positions and command in excess of $200,000 annually.
by Jason Jantzen | Aug 22, 2016 | Cyber Security, Cybersecurity Jobs, Cybersecurity School, Knowledge Center, News
Banner Health recently joined a growing list of corporations who have been the victim of cybersecurity data breaches in Arizona. Banner Health recently made headlines in the Phoenix Business Journal where it was revealed that private information was stolen from consumers using credit cards at various Banner Health food and beverage outlets. The hackers targeted Banner Health from June 17 to July 7th obtaining cardholder data like names, card numbers, expiration dates and verification codes.
Craig Cocciola, Director of Information Technology and Facility Security Officer for Advanced Business Learning Inc. was interviewed as an expert source on the incident, claiming that companies need to worry about more than just implementing the latest in physical security systems to stay safe. “The attackers are always going to have an advantage, teaching employees how to stay on top of potential data breaches is key and that doesn’t happen with the annual webinar training program. It’s got to be part of your culture.”
Advanced Business Learning (ABL) firmly believes that properly trained and certified employees are your best asset in defending unwanted cyberattacks. Hiring employees with an Ethical Hacker Certification or a Certified Information Systems Security Professional (CISSP) certification is the best compliment to any physical firewall.
Referencing a past example where an employee of a large corporation accidentally inserted a found thumb drive into their network causing a breach, Cocciola further explained, “If employers provide insider threat training and have more of a culture of security, this person would have known inserting a thumb drive in his computer is risky behavior. Instead he should have taken it to a manager.”
Eliminating threats is an unrealistic expectation, Cocciola said, adding, “reducing them drastically is a realistic expectation.”
Employers interested in “leveling up” their current staff’s broad base knowledge of preventing future cyberattacks can take advantage of ABL’s new workforce training programs. Fully customizable to employers’ respective needs, ABL’s boot camps prepare staff members to take the certification exam in as little as five days.