A bipartisan bill proposed last week by New York representatives Kathleen Rice (D) and John Katko (R), who co-sponsored the act, requires members of Congress to receive annual cybersecurity and IT training. The Congressional Cybersecurity Training Resolution of 2019 adds to the existing requirement that House employees receive annual training by mandating that the House members themselves also receive cybersecurity and IT training, according to The Hill.
“The chief administrative officer shall carry out an annual information security training program for members (including the delegates and resident commissioner), officers, and employees of the House,” the act states.
“We strongly encourage support for the Congressional Cybersecurity Training Resolution,” said Jack Koziol, CEO and founder at Infosec. “Cyber-criminals are responsible for hundreds of billions of dollars’ worth of damage to the global economy and undermine democracy around the world.”
ISO 19600 provides guidelines for establishing, developing, implementing, managing and improving a compliance management system within an organization. This standard is applicable to all sizes, nature and complexity of company’s business activities.
Compliance Management is more than just a legal requirement; it is also a bound to meet the stakeholder’s needs and expectations
This will allow organizations to encounter all their regulatory requirements and manage their operational risks with one uniform compliance framework. Compliance Management is more than just a legal requirement; it is also a bound to meet the stakeholder’s needs and expectations regardless of industry.
By being certified against ISO 19600, the organization will be capable to detect all existing compliance gaps and implement appropriate corrective actions by following ISO 19600 recommendations.
Why is Compliance Management important for you?
Being certified against ISO 19600 helps you ensure that your organization is adhering to legal regulations and contractual obligations. You may also be able to evaluate the organization’s practices by ensuring that they are in line with specific ethical standards within the limitations of the laws. You will also get acquainted with the appropriate knowledge to offer advice on how to address any areas of noncompliance and how to guard against future compliance risks.
Compliance is important for your reputation and career perspectives. By following the Compliance Management System recommendations you can support your organization to continuously improve compliance programs and reduce the non-compliance risk rates.
The ISO 19600 LCM training and certification is now available for Self-training
Self-Training is a great opportunity for those who can study on their own and who do not have the time or budget to travel and join a traditional class.
With Self-Training, you get online access to the training material. You can use your favorite device (computer, tablet or phone) to study and also print the PDF files. Study the material at your own pace in the comfort of your home. When you are ready, you can easily organize an individual online exam at your convenience.
Faculty members and students at a Michigan university have received hockey pucks to use as a “last resort” to potentially thwart active shooters.
Oakland University in suburban Detroit said in a statement posted to Facebook last week that faculty members purchased 800 hockey pucks for teachers and another 1,700 pucks for students following a recent active shooter training. Student government leaders are also planning to purchase more pucks for students, the university said.
“Oakland University Police Chief Mark Gordon has conducted hundreds of active shooter trainings for nearly 10 years, and in those courses he has stressed that primary defenses for individuals in active shooter situations are running from harm’s way and sheltering in place. He introduces fighting an attacker as a last-resort, self-defense option,” the university’s statement read.
Risk managers who teach employees what suspicious email looks like can drastically reduce the risk of being hit with ransomware.
Posted on Canadian Underwriter | By Greg Meckbach
Ransomware is when criminals hack into computer systems, encrypt files and demand a ransom from the computer owners to decrypt those files.
A lot of ransomware comes with “emails that look suspicious,” Elissa Doroff, XL-Catlin’s vice president of underwriting and product manager for technology and cyber liability, said in an interview.
Training a worker not to open a file attached to an email with the .exe extension is one way to reduce ransomware risk, Doroff advised. Another is to make sure that all software is updated with the patches provided by software vendors.
Security and privacy awareness training is the best line of defense.
The federal investigation into the Hawaii civil defense snafu earlier this month revealed that there were serious errors in how the training exercise was conducted between two shifts and in the ongoing performance concerns of the employee directly responsible for sending out the alert.
For 38 minutes, citizens and visitors in the Hawaiian Islands cowered in fear, alerted to take immediate shelter by messages that were received on cellphones and broadcast on TV stations across the state. While officials attempted to calm the populace by taking to Twitter immediately to quell the concerns, many people were not—understandably—taking to tweeting what may have been their last thoughts, and thus were not informed until a follow up message was broadcast to cellphones nearly 40 minutes later.
The night-shift supervisor wanted to test the preparedness of the morning-shift workers with an unannounced drill, according to the FCC report.
Let me start by wishing you an amazing 2018! Hope you have a spectacular adventure.
Over the last year, I took on a major new challenge and qualified as a Personal Trainer. Yes indeed, a fairly average, fat boy (34 regular), took on a different capability and I found that my previous skills and experiences, of coaching and mentoring; business and personal resilience, and even anatomy and physiology, all helped me pass my Level 3 qualification.
I am now at an age and period of my life, where I swore I would never take on another exam! There comes a point in your life, when you would rather live ‘your life’ than sit in front of the computer and manuals, all alone and away from everyone, ‘revising’. Besides, it becomes so, so much harder to concentrate, when you just want to listen to music, go shopping or even do the ironing!
IN YOUR EARS
Paul suggests listening to this song to accompany reading this post!
Intuition, Listening and Leadership
Something inside me, my intuition and interests, along with some great words of encouragement from people who believed in me, made me decide to take on more study and become a Personal Trainer (PT). Why not I thought? I can do that. I am exceptional (I’m confident with it) at helping others to develop. I have done this all my life.
I am a motivator. A ‘leader’. I see the great potential in others and enjoy helping them become better at being themselves. I am a resilient person first and a resilient professional second.
A good coach can change you, but a great coach can change your life
Health and Wellbeing: Resilience Required
We hear so many resolutions at this time of year; the desire to ‘be healthier’, ‘be good’, ‘achieve this and don’t do that’. The peer pressure often collides with our own personal needs and desires to make a new start; begin as we mean to go on.
But in reality, it is generally a temporary thing. There is nothing wrong with this, in my opinion as everyone is perfectly entitled to want a bit of improvement. It is good for both mind and the body.
But in health and fitness, there remains a key element in that the ‘client’ needs to own their own goals if they really are to adhere to them. There is the essential element that goals and objectives need to be SMART of course.
However the ‘client’ fundamentally must own the direction they want to travel in. Understand the journey; resonate with the language.
See the support but also accept it is they who really need to do the hard, painful, tiring stuff. It must be something they see and can do.
They must be resilient to see and feel the change for good
Feel the Burn
We are all personal trainers of some sort; we support and motivate ourselves (and others) to go and do things. We can even visualise how we see things in the future and we try to work towards it. We do that without a ‘text’ book open as we progress through the ‘exams of life’.
We feel the heat and the burning sensations from time to time, but we hopefully feel the euphoria of success and contentment. We are resilient.
Physical Activity Readiness Questionnaire (PAR-Q)
If you are a member of a gym, you will be familiar with (well, hopefully anyway) the PAR-Q process you must fill out prior to any exercise activity. It is a small, simple health screening format to determine if you have any illness or injury to prevent you from safely taking part in your exercise programme.
At the end of the day, exercise programmes must be safe and effective if they are to work.
Business Resilience and the Personal Trainer Similarities
My experiences of both business resilience and the newly acquired skills of being a PT, made me realise that like a great deal of completely different topics, there will always be some familiar faces. Before we make a conscious decision to want to change our lifestyle, we need to feel the need, see it and believe we can do it.
The client/PT relationship of course, will remain a critical part of the success and should never be seen as just a transaction. Unfortunately I think this does happen (my opinion) from time to time. But if the client is happy, the training safe and effective and results can be seen, then who are we to question?
Business leaders, of all shapes and sizes; the fit ones and those that need a ‘bit more’ additional support to become fitter and healthier, will require the essential ingredient of resilience to make it happen.
Not everyone is perfectly shaped, fit, healthy and capable, but importantly, everyone deserves a chance to be better.
We just need to see the potential and help ourselves to achieve it with the right coaching, guidance, empathy and ‘push’ in the right direction. I believe you can do it!
A truly down to earth, grounded individual who is a resilience professional. Helping people and organizations to build and maintain their capabilities to respond to and recover from, crisis, emergencies or disasters. Paul is the ‘resilience maverick’ because he is not like the average resilience professional. Paul wants to help everyone be a bit more resilient because they can! firstname.lastname@example.org
The General Data Protection Regulation (GDPR) is set to take effect on 25 May 2018. By now, all organizations around the world conducting business with, and handling personal data of European Union citizens with should be aware of how GDPR affects them. There is a lot at stake and failure to comply with GDPR is not an option.
The legislation stipulates a number of new obligations for organizations. One of the major requirements is the mandatory appointment of a dedicated Data Protection Officer (DPO). The role of the DPO is complex. DPOs will need to possess comprehensive knowledge and understanding of data protection laws, not just as they relate to companies operating in the EU but globally.
Our Certified Data Protection Officer training and certification can help!
See below our CDPO training and certification opportunities!
The Certified Data Protection Officer training course enables you to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regard to the protection of personal data.
By holding a PECB Certified Data Protection Officer Certificate, you will demonstrate that you thoroughly understand the gap between the General Data Protection Regulation and the current organizational processes including: privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to associate organizations in the adoption process to the new regulation.
When Superstorm Sandy ripped through New York City in October 2012, it did not discriminate.
At the construction site of the new Whitney Museum of American Art, chief operating officer John Stanley recalls “mechanical equipment bobbing like corks” in the floodwaters.
And at the Rubin Museum of Art, a few blocks uptown, and upland, the museum lost power—a necessity for preserving the artifacts from environmental damage—and the backup generators weren’t enough to keep the facility running.
”No one really anticipated we could go without power for a week’‘“We thought if we do lose power, in the history of New York City, it would be for a day or two,” executive director Patrick Sears says. “No one really anticipated we could go without power for a week.”
But as once-rare storms like these become more common and more consequential (Sandy caused an estimated $70 billion in damage, behind only Hurricane Katrina), coastal communities are reorienting to a world where they might be underwater at a moment’s notice.
Pop-culture can teach us a lot about computer security if we’re willing to dig a bit beneath the surface.
1. R2-D2 hides important data in plain sight
During the opening scene of A New Hope, we see Princess Leia quietly interact with a random R2-unit on a rebel ship that has just been captured. R2 and his companion C3PO then get away in an escape pod, and land on Tatooine where they meet a young Luke Skywalker.
While poking around the R2 unit, Skywalker stumbles upon a secret distress message. We later learn that Leia planted the Empire’s Death Star plans—valuable intellectual property—in plain sight, hiding them in an unassuming astromech droid.
That scenario perfectly illustrates what InfoSec professionals call, “security by obscurity.” In general, experts don’t really consider security by obscurity a good thing. While “obscurity” does make things harder to find, it doesn’t really fully protect them the way, say, encryption does.
However, I think there’s value to obscurity when used as an additional layer of security, and this Star Wars scene proves it. None of the Empire’s troops suspected that two lowly droids held the plans to their ultimate weapon.
These ordinary droids made the perfect cover for Leia’s stolen data. Granted, if the Empire had caught our hero droids, we’d also see the flaw in security by obscurity.
2. Little vulnerabilities can blow up the biggest Death Star
Everyone remembers the exciting conclusion to A New Hope. Skywalker was able to perfectly launch a pair of X-Wing proton torpedoes into a little thermal exhaust port in the Death Star, blowing it to smithereens.
This concept applies to cyber security as well. Sometimes the smallest vulnerabilities in the most niche software can lead to the chain of events that allow malicious attackers to gain complete control of a network.
Many IT professionals have stories about finding old, unpatched, and forgotten servers on their network, which were exposed to the public.
Hackers might take advantage of little vulnerabilities in these forgotten servers to gain a foothold into the network, and leverage them as a stepping-stone for gaining complete control. Don’t end up like the Death Star.
3. Jedi mind tricks are used by the Dark AND Light-side hackers
In A New Hope, we also see Obi-Wan Kenobi perform a Jedi mind trick. Using The Force, he guiles Storm Troopers into not seeing something that’s right in front of them.
Believe it or not, both good guy and bad guy hackers leverage technical “Jedi mind tricks” to get computers or programs to miss important details as well.
Looking at the Dark-side of hacking, many advanced malware samples include Something called a rootkit, which is a component that helps malware hide inside operating systems.
For instance, when a security program uses a Windows function to list the files in a folder, in hopes of scanning for malware, the rootkit might perform a technical “Jedi mind trick” on Windows, telling it, “This isn’t the file you’re looking for.”
4. Master or Padawan, never underestimate training and preparation
One of Skywalker’s biggest philosophical dilemmas in The Empire Strikes Back was whether or not to ditch his Jedi training and leave to save his friends. His experienced teachers encouraged him to complete his training so he’d have the skills he’d need to actually help. However, Skywalker choose to delay his training and save Han and Leia. Perhaps if he finished his training he could have helped more?
Information security professionals cannot underestimate the importance of training, either. The ISO 27001 ISMS training and certification can help you to become a security Jedi.
5. “Ewok” Tactics Can Defeat Sophisticated Attacks
Love them or hate them, few can forget the Ewoks, or the Endor forest scene where they fought alongside the Rebel Alliance against the Empire. Yet, the Ewoks were effective; their giant trees, rocks and guerrilla warfare were incredibly successful against a more sophisticated opponent.
In the same way, basic security practices can still be effective today. Though more advanced attacks can bypass some of our older security measures, additional layers of security can still save you when the previous layer failed. Learn from the Ewoks, and make sure you’re implementing basic security practices like layered security.
Survival is less about heroic actions than avoiding mindless mistakes.
“I’ll never forget the sound. The sound of metal crunching,” says George Larson, a passenger on Indian Airlines Flight 440 from Chennai (Madras) to New Delhi in 1973. It was 22:30 – pitch black outside. A storm was raging, and the plane was flying low. The rear end slammed into the ground first. Larson was thrown from his seat.
The next thing Larson knew he was awake, lying on his back on some wreckage. He tried to move his legs, but he was stuck. Soon there was an explosion as the heat ignited fuel tanks by the wings. As debris rained down all around him, Larson realised he’d have to save himself. With one last breath – “it seared my lungs, the air was so hot” – he pushed off the wreckage and rolled down onto the ground. Then he clawed his way to safety. Of 65 passengers and crew on board, Larson was one of just 17 survivors.
Surprisingly, plenty of other people in deadly scenarios don’t act fast enough to save their own lives. From arguing over small change while a ship sinks into stormy water, to standing idly on the beach as a tsunami approaches, psychologists have known for years that people make self-destructive decisions under pressure. Though news reports tend to focus on miraculous survival, if people escape with their lives it’s often despite their actions – not because of them.
“Survival training isn’t so much about training people what to do – you’re mostly training them not to do certain things that they would normally think to do,” says John Leach, a psychologist at the University of Portsmouth who survived the King’s Cross fire disaster in 1987. He estimates that in a crisis, 80-90% of people respond inappropriately.
So, if faced with a life-threatening scenario, what behaviours should you do your best to avoid?
During the recent stabbing at London Bridge, an off-duty police officer who tackled the attackers reportedly described members of the public nearby as standing “like deers in the headlights”.
The reaction is so universal, psychologists now talk of the fight-flight-freeze response.
Though it looks passive from the outside, when we’re paralysed with fear the brain is actively putting on the brakes. As adrenaline surges through the body and our muscles tense, the primitive “little brain” at the base of our necks sends a signal to keep us rooted to the spot. It’s the same mechanism across the animal kingdom, from rats to rabbits, where it’s a last-ditch attempt to stop a predator from spotting us. But in a disaster, fighting this hangover from our days out on the savannah is vital to survival.
2. INABILITY TO THINK
The first clues that our brains tend to go into meltdown under stress came from an alarming discovery.
Even at the best of times, our brains are disconcertingly slow – while disasters are rapid. As part of the certification process, aeroplane manufacturers are required to show that the entire plane can be evacuated in just 90 seconds, since studies have shown that the risk of the cabin being consumed by fire sharply increases after this time. Meanwhile, most of us are still fumbling with our seatbelts.
3. TUNNEL VISION
In a crisis, it’s reassuring to think that we’d respond by creatively thinking our way around the problem. But – you guessed it, it’s the opposite. A typical response to disaster is so-called “perseveration” – attempting to solve a problem in a single way, again and again and again, regardless of the results. This happens so often, it’s informed the design of seatbelts in light aircraft.
Because people are used to looking for their seatbelts around their hips, in an emergency that’s the only place they look. Previous designs used to involve a buckle higher up, but in the panic of a crash-landing, people just couldn’t handle it. Other incidents have shown that in a crisis, pilots tend to become obsessed with one item of equipment or response.
Intriguingly, this tunnel vision is also seen in those who have permanently damaged their prefrontal cortex, suggesting that the brain’s stress response switching off this region might be to blame for inflexible thinking in moments of crisis.
ISO International Standards help businesses of any size and sector reduce costs, increase productivity and access new markets. When it comes to SMEs, confidence has a nickname that’s recognized worldwide. Now you know it too. It’s ISO.
For small to medium sized enterprises (SMEs), standards can help to:
Build customer confidence that your products are safe and reliable