Text/HTML

Cybersecurity Tip of the Week

Shop Safely Online

Shopping online offers lots of benefits that you won't find shopping in a store or by mail. The Internet is always open - seven days a week, 24 hours a day - and bargains can be numerous online. With a click of a mouse, you can buy an airline ticket, book a hotel, send flowers, to a friend, or purchase your favorite fashions. The following tips can help you staysecure while doing your shopping online.

  • Know with whom you're dealing.
  • Beware of pop-up windows and sudden emails.
  • Pay by credit or charge card.
  • Keep a paper trail.
  • Don't email your financial information.

For more information check out the US-CERT Newsletter on "Shopping Safely Online".

Text/HTML

Red exclamation point in a red circle

Information Security Alerts and Advisories

CIS Advisory 2015-050 - Multiple Vulnerabilities in Google Chrome Could Allow For Remote Code Execution

CIS Advisory 2015-049 - Vulnerability in WordPress Content Management System Could Allow Remote Code Execution

CIS Advisory 2015-046 - Multiple Vulnerabilities in Mozilla Firefox Could Allow For Remote Code Execution

CIS Advisory 2015-045 - Multiple Vulnerabilities in Google Chrome Could Allow For Remote Code Execution

CIS Advisory 2015-042 - Vulnerability in Microsoft HTTP.sys Could Allow Remote Code Execution

Security Alert Archive

Text/HTML

 

    Information Security News   


 

Text/HTML

Information Security Training Available

Looking for information security training for your technical staff? The Enterprise Security Program has several opportunities for both free and paid training.

SANS Securing the Human Developer Training

The STH Developer training is an extension of the Securing the Human End User training most state employees have completed the past two years. It focuses on the OWASP top ten web vulnerabilities and the system development life cycle.  There are 18 7-10 minute modules in the program. During the discount purchase period licenses are $250 per person. We need to purchase a minimum of 10 seats. For more information and samples of the modules visit:

http://www.securingthehuman.org/developer/

SANS Online Training and Certification

SANS offers a variety of long courses, most of which prepare students for security certifications. During the discount purchase period courses are $2,330 each, with a minimum of three courses (all agencies combined). Certification exam vouchers can be purchased at the same time for $629 each. Courses can be taken either through SANS OnDemand or SANS vLive. For more information about available courses visit:

www.sans.org/ondemand/courses

www.sans.org/vlive/sessions

The current discount purchase window for SANS courses ends on July 31, 2015. If you are interested, but this timing doesn’t work, there will be another discount purchase period this winter – usually from December until the end of January. 

Federal Virtual Training Environment (FedVTE)

Just when you thought we were teasing about the FREE courses available, we’ll tell you about the FedVTE cybersecurity training system.  Courses range from beginner to advanced levels and are available at no cost to users. We’ve attached a training catalog for the FedVTE program. Sign up is easy at: www.Fedvte.usalearning.gov

If you’d like to purchase any of the SANS courses or have questions, please contact lisa vasa

 

Text/HTML

Text/HTML

    Hyperlink Information Security Home
    Hyperlink Information Security Alerts
    Hyperlink Information Security Training
    Hyperlink Information Security Incident Reports
    Hyperlink SITSD Disaster Recovery Services
    Hyperlink About Information Security
    Hyperlink Information Security Resources

 

Text/HTML

SIGN THE CYBER PLEDGE

It's up to each of us to take responsibility for staying safe online. Simple things like strong passwords, updated software, anti-malware solutions, and paying attention to what you do and share online all make a big difference to your security. The Center for Internet Security has kicked off a new campaign to encourage the practice of good Cyber Hygiene. Take the pledge to do your part today!

Text/HTML

From the Desk of 

Lynne Pizzini, CISO

Keep Calm and Think Security logo

Social Engineering Through The Internet

Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes a social engineer is able to rely solely on information posted online or will sometimes interact with the victim to persuade the victim to share details or perform an action.

Oversharing Online

Information posted online can seem harmless, until you think about how a social engineer could use the same information. By gathering multiple pieces of information from various sources, a cyber criminal could have enough facts about you to craft a very convincing social engineering scam. Think about how these seemingly innocuous details might be valuable to the cyber criminal:

  • Posting a picture of your pet might give away your pet’s name, or posting a photo of your car would identify its color. Pet’s name and car color are common security questions.
  • Answering a “meme” can give away personally identifiable information (PII) such as your date of birth or other sensitive information, including answers to security questions.

Be careful about how much information you post and think about how the various pieces might be combined for use by a cyber criminal.

Continue reading...

 

 

Text/HTML

Today's Cyber Alert Level