CyberheistNews #10

CyberheistNews Vol 1, #10

Editor's Corner

How To Create A Layered Security Strategy As Per FFIEC

Quite a few industries are now regulated, and things like HIPAA and

Sarbanes-Oxley pop into mind immediately. One that is slightly less

well known but quite powerful is the Federal Financial Institutions

Examination Council (FFIEC for short). Keep in mind that these

regulations have teeth, and will bite over security blunders.







The Council is a formal interagency body empowered to prescribe uniform

principles, standards, and report forms for the federal examination of

financial institutions by the Board of Governors of the Federal Reserve

System (FRB), the FDIC, the National Credit Union Administration (NCUA),

the Office of the Comptroller of the Currency (OCC), and the Office of

Thrift Supervision* (OTS), and to make recommendations to promote

uniformity in the supervision of financial institutions.







The FFIEC recently updated its Authentication Guidance, and this update

means that they have raised the bar: your existing security controls are

no longer sufficient. Banking institutions have to deploy a layered

approach to securing their high-risk online banking infrastructure.

And it would be a very good idea if everyone else also deployed a

defense-in-depth architecture.







Organizations defend their networks on each of the six levels in the graph

you see after you click on the link below. Internet Security Awareness

Training resides in the outer layer: ‘Policies, Procedures, and Awareness’.

As you see, this is the outer shell and in reality it is where security

starts. Let’s have a quick and admittedly highly simplified look at

defense-in-depth:


http://www.knowbe4.com/resources/defense-in-depth/







Now, the problem is how to choose among all of the layered security options.

And then, after selecting controls, what are the elements of an effective

layered security strategy that satisfies the guidance and enhances security?







Join George Tubin, a foremost industry analyst, for his expert insights on:

- FFIEC Authentication Guidance and expectations for layered security controls;

- Strengths/weaknesses of most popular controls, from out-of-band

authentication to voice-based biometrics;

- An effective layered security framework that includes the device, user,

transaction and network. Register here:


http://www.bankinfosecurity.com/webinarsDetails.php?webinarID=246

Internet Premier Blogger Interviews KnowBe4 CEO

Chris Pirillo is a very well known 'geek' with his own TV show and

hundreds of thousands of followers. He sat down with KnowBe4's Founder and

CEO Stu Sjouwerman (pronounced shower-man) and discusses the problem of

phishing and Eastern European cyber mafias that prey on U.S. enterprise.

You can see it on YouTube:


http://www.youtube.com/watch?v=Wz_PvU9OyPY

Quotes of the Week

"Intellectual growth should commence at birth and cease only at death." - Albert Einstein







"There are no great limits to growth because there are no limits to

human intelligence, imagination and wonder." - Ronald Reagan







"All growth depends upon activity. There is no development physically

or intellectually without effort, and effort means work." - Calvin Coolidge







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/

Need more IT security budget? Give This Book To Your Boss

"The book is well crafted and an intoxicating read - I couldn't put it down." - Paul Wright

"Anyone who uses a computer connected to the Internet needs to know this information to protect themselves." - H. Heller

"As both an IT Pro and a businessman, I highly recommend this book for anyone concerned about online threats." - C. Contor

"Stu Sjouwerman informs in a way that managers can understand, and "techies" can relate to. He goes in detail about the oft-overlooked (and in my opinion THE most dangerous) part of online security: The Human Element." - Robert Folden

"If you fall victim to a cyberheist after reading Sjouwerman's book, shame on you." -- Dirk A. D. Smith

Buy and Read Cyberheist!


http://www.cyberheist.com/

White House Gets Tough With Cybercriminals

In testimony before the Senate Judiciary Committee Wednesday, Deputy

Attorney General James Baker outlined a legislative initiative, first

unveiled in May, to increase the maximum penalties for cybercrimes.

"Such modifications are appropriate in light of the scale and scope

of our nation's current cybercrime problem," Baker said.

Baker talked about the disparity between conventional and cybercrime

punishments. "Penalties for fraud committed using a telephone should

not differ, for example, from penalties for fraud committed by computer

hacking," he said. Computer hacking to commit fraud carries a 5 year

maximum sentence, but the most comparable real-world crime that

involves mail or wire fraud, gets a maximum penalty of 20 years.

"All of these changes will empower federal judges to appropriately

punish offenders who commit extremely serious crimes, ones that result

in widespread damage," Baker said.

The administration seeks tougher penalties for hackers because of the

increasing scope and depth of cyberheists. "Where 10 years ago hackers

were more commonly motivated by curiosity or seeking notoriety, most

criminal hackers today are motivated by greed," Baker said. "Federal

law needs to more effectively deter this spreading criminality."

To illustrate that Baker claims are quite correct, read KnowBe4's

'Five Generations Of Cybercrime' here:


http://www.knowbe4.com/resources/five-generations-of-cybercrime/

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

The "New Hot 5" plays for a herd of cows in Autrans, France. I've never

seen cows look so enthused:


http://www.flixxy.com/jazz-for-cows.htm

Watch mountain bike World champion Danny Hart's incredible run and listen

to the commentators that can actually SPEAK IN CAPSLOCK ;):


http://www.flixxy.com/mountain-bike-world-champion-2011-danny-hart.htm

An adorable elephant calf playfully annoys its mother at the Berlin

Zoological Garden:


http://www.flixxy.com/elephant-calf-playfully-annoys-mother.htm

Apparently Japanese pets aren't just cuter, they're smarter as well:


http://www.flixxy.com/well-trained-cat.htm

Real life Superman gets people to film him flying from roof to roof:


http://www.flixxy.com/real-life-superman.htm