After Target, it's Michaels. While they diagnosed one case, bumpers have been coming all the way through Christmas. Retail chain is out of wits. It's like the accident count, where the actual count is never known, plenty devices are probably unaware of unauthorised access. But it is not less apprehended how important it is getting to know what-to-do-once-victim?

(Read more:  How Should a CISO choose the right Anti-Malware Technology?)

A 2012 study of 2,618 business leaders and security practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil found that they experienced an average of 66 attacks per week, with organizations in Germany and the U.S. reporting the highest numbers: 82 and 79 per week, respectively.

>>Download The Complete Report

What Report Says?

-Business objectives and Risk tolerance

-Proactive security plan

-Today's Inevitable Sophisticated Attack

-Building a culture of security awareness.

>>Download The Complete Report

Like so many other things in today’s world, cyber attacks along with those who perpetrate them are becoming more sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing their applications and data across multiple devices. It’s now clear that simply protecting an organization’s perimeter is not enough. These sophisticated attacks—which include advanced persistent threats, or APTs—are bypassing traditional defenses. 

(Read more: Top 5 Big Data Vulnerability Classes)

What's in the Report?

• How to Prioritize your business objectives and set your risk tolerance
• How to Protect your organization with a proactive security plan
• How to Prepare your response to the inevitable: a sophisticated attack
• How to Promote and support a culture of security awareness.

>>Download the Complete Report

IBM COMPLIMENTARY SECURITY HEALTH SCAN!

We are happy to announce the 4th Edition of our Top 100 CISO Awards. The award was conceptualized in 2010 to celebrate the success of the Chief Information Security Officers. TOP 100 CISO Awards is held every year to honor the success of the unsung heroes who continuously strive to make the cyber world a safer place.

Why Top 100 CISO Awards?
Information Security gets noticed only when things get broken. So we thought of celebrating the success of the persons who remains unnoticed when they do their job in the best manner.  The vision of Top 100 CISO Awards is:

• To celebrate the success of the top security leaders and honor their contribution
• To provide a platform for the Top CISOs to share their learning with each other and also the larger community

(Read more:  How to write a great article in less than 30 mins )

What’s new in 2014?

In 2014 we are coming up with several new initiatives. 

• The India event shall happen in Agra, the city of Taj Mahal. We will also encourage spouse of the CISOs to join during the event and share the moment of celebration and joy.
• We shall have complete global coverage with the Europe, USA and APAC awards in 2014.
• We will have both online and regular events to celebrate the success of the CISOs.
• We are introducing special award category this year. Few of the examples are as follows: CISO Hall of Honor (for successive 3 year winners), Best Implementation in GRC, Data Security, Vulnerability Management, APT Security, Web Security , Innovation, Community Contribution etc.

Nomination Process
Nominations for "Top 100 CISO Awards" and "Special Award" are open until February 15^th for USA, Europe and APAC and until January 31^st  for India. You can register online by clicking on the link: Please click here for online nomination.

We are looking forward to an exciting 2014 to share the great work of the CISOs globally. Let’s walk together as a stronger community towards creating a safer world.        

“A line is a dot that went for a walk” -  by Paul Klee. (Tweet blog)

(Read more:  Top 5 Big Data Vulnerability Classes)

About CISO Platform

CISO Platform is a online social network exclusively for Chief Security Officers to Network, Share and Learn. Our vision is to provide highest quality information to CISOs to help them excel in their role. 1400 + Global CISOs are members of CISO Platform. Few of the key initiatives are as follows:

• CISO Handbook -Precise Operational Handbook for the CISOs, by the CISOs
• CISO Platform Index- First framework to evaluate products based solely on CISO recommendation
• CISO Platform Annual Summit- Annual event where 200+ CISOs gather to share knowledge through 18 minute "Turbo Sessions"

"The good guys need to be right all the time. The bad guys just need to be right once."

From recent Target shops in US being compromised with 40 million shopper's card details, last minute shoppers are well discouraged. So is action after being compromised! Security threats are no longer confined to 'www.',it's gone into ATMs and Card scanners or maybe more we're yet to know! You may not know which server of yours hosts unofficial access. 

A security breach can have devastating consequences for any enterprise—resulting in possible operational disruption, data leakage, reputation damage and regulatory complications. The lack of a unified incident management process, coupled with inexperienced staff, can increase the business impact of such incidents.

So, here's just the whitepaper you need.

Why Download it?

• Helps reduce risks and exposure to cyber threats
• Provides access to key resources
• Enable faster recovery and minimize business impact from incidents
• Broader view and deeper understanding of incidents
• Use of intelligence data and analytics
• Help cut costs

The last fortnight has been like real busy @CISO Platform Annual Summit, 2013. But taking into consideration the brainstorming sessions,the brimming CISOs, the altogether wonderful experience, it all seems worth it! Nevertheless, there are always great talks on which we like to catch on any time again!

( Read more:  My Key Learning While Implementing Database Security )

Can somebody hack your smart TV?

A smart TV is the smartest and dullest thing you've ever spent your bucks on! We love watching a match on it but wait!! What I say next may pose to dampen all the hype of Smart TVs.IPTVs are no more than big Smart Mobiles , that look huge but have smarter threats in our lives. For instance-

• Could it be watching over your house?
• Could it prompt news 'your president is dead' ?

Well, that's YES!.....So,Can your TV give any hacker as good remote access as any other hackable device? Or much more? How can you stop access to your private life?

Martin gave an interesting insight into the Hbb (Hybrid Broadcast Broadband) TVs. Martin Herfurt is a recognized IT Security researcher who works with a german IT security firm nruns. His research and passionate interests center around Bluetooth and mobile technologies.

More:  Want to become a speaker and address the security community?  Click here    

 WATCH the complete video here.

>> Liked the video? Then share this.

( Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles )

 WATCH the complete ppt here.

>> Liked the ppt? Then share this.

 (Read more:  Database Security Vendor Evaluation Guide)

Building an Android Scale Incident Response Process

Author - Anil Upadhyay, DM - ITGS, ITSD, Gujarat Gas Limited

We have listed a Key Parameter are required for Security Incident and Event Management and The Framework was attached at the end.

Major Parameters To Consider :

1. Ability to identify non-compliant machines and network activities based on Organisational Policies and Procedures.

2. Ability to demonstrate compliance and/or due diligence, with respect to ISO 27001 guidelines, Account management, Configuration Management, Authentication, Vulnerability Management

3. Ability to Identify and respond to Organisational policy violations. Web Policies of explicit material, use of clear text protocols, or Access policies, Organisational Information Security Policy.

4. Ability to Risk management of threats and exposed vulnerabilities. Identify and respond to attacks against the organization’s information systems from external threats. This includes monitoring for worms, viruses, denial-of-service, and other similar attack vectors.

5. Ability to identify compute activity trends and raise alarms for potential outbreaks (e.g., from worms)

6. Ability to identify and notify Intrusions. Isolate actual breaches while recording and suppressing false positives.

7. Ability to identify Suspicions activity in the network, monitor and record potentially malicious activity and raise alarms on thresholds.

8. Ability to identify networks being subjected to potential denial of service attacks.

9. Ability to identify and respond to attacks against the organization’s information systems from internal threats. The focus is to identify activities that could result in theft of intellectual property and/or intelligence.

10. Ability to record and generate an alarm for data leakage, track and reconstruct insider activities and identify exceptions

11. Ability to track risk i.e User Activity with early warning indicators.

12. Ability to