DOCSLIB.ORG

Cyber Risk Leaders Magazine Issue 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Risk Leaders Magazine Issue 2 THE MAGAZINE FOR SECURITY & TECHNOLOGY PROFESSIONALS | www.cyberriskleaders.com Issue 2, 2020 Top trends that Coronavirus should inform your victims of a COVID-19 security different nature: posture The targets of COVID-19 cyberthreats Does COVID-19 signal the end Critical- for fingerprint infrastructure recognition? attack attempted against Israeli water supply Invest in intelligence now to The law on cyber prepare Australia’s bullying and utilities for the trolling future RESPONSE & RECOVERY CYBER + COVID-19 Cyber Security PLUS Weekly Podcast highlights NEW BOOK REVIEW WE’RE BRINGING THE BEST IN CYBERSECURITY RIGHT TO YOU. This year, RSA Conference Asia Pacific & Japan will be a free virtual learning experience. This is an incredible opportunity to engage with a global cybersecurity community right from your home or wherever you might be. RSAC 2020 APJ will be packed with sessions and interactive activities designed to expand your knowledge, including: • Over 60 timely sessions, streamed live during Singapore business hours, or available later on demand. • Inspiring and forward-looking keynotes from RSA’s Rohit Ghai, Microsoft’s Ann Johnson, and author, performer and activist George Takei, who will be a special guest on The Hugh Thompson Show. • Three different Capture the Flag experiences. • Engaging networking opportunities including Ask the Expert Roundtables. Secure your spot today—for free—and join thousands of your peers for three days of learning and networking. FOLLOW US FOLLOW Register today at #RSAC www.rsaconference.com/mysecuritymedia-apj20 Search and find all upcoming featured security events Plus many more! www.mysecuritymarketplace.com Contents Editor's Desk 5 Shaping the future of data centres 8 Director & Executive Editor Submarine Cable Network: The Global Sovereign Asset 10 Chris Cubbage Energy security: Keeping the electrons flowing 12 Director Critical-infrastructure attack attempted against David Matrai Energy security: Keeping the electrons flowing Israeli water supply. 16 Art Director Stefan Babij The golden tax department and the emergence of GoldenSpy malware 18 Getting serious about security assurance 20 MARKETING AND ADVERTISING [email protected] Invest in intelligence now to prepare Australia’s utilities for the future. 24 Copyright © 2020 - My Security Media Pty Ltd GPO Box 930 SYDNEY N.S.W 2001, AUSTRALIA The golden tax department and Siloed response to cyber threats failing to protect E: [email protected] the emergence of GoldenSpy malware. Australian organisations. 28 All Material appearing in Cyber Risk Leaders Magazine Human error – Deliberate or unintentional? 30 is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Top trends that should inform your COVID-19 security posture 36 Professional advice should be sought before applying the information to particular circumstances. How to reduce work from home risks in a post-COVID world 38 Does COVID-19 signal the end for fingerprint recognition? 40 CONNECT WITH US Coronavirus victims of a different nature: Human error – Deliberate The targets of COVID-19 cyberthreats 42 www.facebook.com/MySecMarketplace/ or unintentional? The law on cyber bullying and trolling 46 @MSM_Marketplace Why domestic violence is a workplace issue. 48 www.linkedin.com/company/my-security- media-pty-ltd/ Editor's Book review 50 www.youtube.com/user/MySecurityAustralia Human error – Deliberate or unintentional? www.australiancybersecuritymagazine.com.au www.mysecuritymarketplace.com Like us on Facebook and follow us on Twitter and LinkedIn. We Why domestic violence is a post about new issue releases, feature interviews, events and workplace issue. www.australiansecuritymagazine.com.au other topical discussions. Correspondents* & Contributors Also with: www.aseantechsec.com www.asiapacificsecuritymagazine.com Iain Strutt Brian Hussey Codee Ludbey Ray Griffiths, www.drasticnews.com www.chiefit.me Mark Sayer, John Young Dave Weinstein Geoff Nick de Bont Brenda van Visahl Samson Schomburgk Rensburg David Selvam, | | Michael Warnock www.youtube.com/user/ MySecurityAustralia www.cctvbuyersguide.com Editor's Desk “The prospect of high-intensity military conflict in the Indo- Pacific is less remote…including high-intensity military conflict between the United States and China.” AUSTRALIAN 2020 DEFENCE STRATEGIC UPDATE – July 1, 2020 n June, the cybersecurity ‘situation’ observed Strategic Update and 2020 Force Structure Plan, We maintain coverage of the COVID-19 across western liberal democracies was thrust acknowledging while the long-term impacts of pandemic. Adapting your respective security Iforward in Australia to be on the national the pandemic are not yet clear, it has deeply posture is essential in a rapidly changing and centre stage. Much like Australia’s early call for altered the economic trajectory of the world, with unpredictable environment and there has been an independent international inquiry into the implications for national security. Stating “the immediate impacts on security technology, origin and cause of the COVID-19 pandemic, on conduct of ‘grey-zone’ activities are broadly being including the potential disruption of fingerprint June 19, Australian Prime Minister Scott Morrison applied with military and non-military forms of biometrics. With COVID-19 there was, and openly declared Australia was being targeted assertiveness and coercion being used to achieve continues to be, an influx of adapted cyber- by a sophisticated, state-based, cyber actor national strategic goals but without provoking attacks, with some reports that coronavirus- across a range of sectors, including all levels conflict. In the Indo-Pacific, these activities have related phishing attacks went up 667%, and of government, industry, political organisations, ranged from militarisation of the South China Sea every single country around the globe has now education, health, essential service providers, to active interference, disinformation campaigns been hit with at least one phishing attack related and operators of other critical infrastructure. and economic coercion.” to the pandemic. Longer term, we will also see Coinciding with these attacks, other countries As a middle-power, Australia is at the an increased focus on contactless biometrics were also reporting significant cyber-attack centre of a dynamic strategic environment and as part of multifactor authentication and other activity. Naturally, China is implicated. China is expanding cyber capabilities, and the willingness security systems such as entry management. AI acting widely belligerent, whilst enacting further of countries like China and non-state actors technologies and drone surveillance is being control over Hong Kong – taking one big step to use them, make for a complex strategic developed and rapidly deployed to help monitor closer to Taiwan. Releasing a massive, asymmetric ‘situation’. At our partnered Webinar on July 1 this the spread of the virus. Thermal cameras are cyber-attack against Australia and other countries was eloquently summed up by Mr. Yigal Unna, being installed in facilities and workplaces and sits alongside China’s trade and diplomatic Director General of the Israel National Cyber facial recognition will still work even when a disputes with the US, UK, Canada and India. Directorate - “the attack surface is on steroids.” person is wearing a mask. Contactless fingerprint It is well accepted that major power In this edition, we cover all aspects of recognition, iris scanning and face detection will competition has intensified and accelerated security technology and critical infrastructure become the norm for biometrics. as a result of the COVID-19 pandemic and the protection, starting with what is the central So, when you finally get to leave your home prospect of ‘high-intensity conflict’ in the Indo- element of the internet - data centres. The and head to work or enter a public place, likely Pacific is increasingly likely. For historical context world’s data is set to grow to 175 zettabytes it will be best to smile, beneath the mask – and what the status of the region was as the by 2025 and John Young examines how data because you’ll be on camera – thermal included pandemic unfolded, we include in this edition centre engineers need to keep pace with an and may even have a drone or robot pass you by my book review and podcast interview with ongoing data evolution. Connecting data centres with a public health announcement – because Professor Rory Medcalf, author of ‘Contest for is the cables and we get insights into the global this is 2020! And we’re just half way through it. the Indo-Pacific – Why China Won’t Map the submarine cable networks, a timely article with On that note, as always, there is so much Future’. China is certainly influencing it! the recent completion of the Japan-Guam- more to touch on and we trust you will enjoy On June 30 Australia announced the country’s Australia North Cable System, approximately this edition of Cyber Risk largest ever investment in cyber security, with 2,700 kilometres in length and a design capacity Leaders. Enjoy the read! $1.35 billion over the next decade, referred to of 30 terabits per second. Then next, we have as the Cyber Enhanced Situational Awareness Iain Strutt’s consideration to the power source and Response (CESAR) package to enhance and related energy security issues. These the cyber security
Load more

Recommended publications
  • Watchguard Internet Security Report Q4 2020
    INTERNET SECURITY REPORT Quarter 4, 2020 Contents The Firebox Feed™ provides quantifiable 03 Introduction data and trends about hackers’ latest 05 Executive Summary attacks, and understanding these trends can help us improve our defenses. 06 Firebox Feed Statistics 08 Malware Trends 09 Overall Malware Trends 11 Most-Widespread Malware 13 Catching Evasive Malware 14 Individual Malware Sample Analysis 18 Network Attack Trends 19 Most-Widespread Network Attacks 21 Top 10 Network Attacks Review 22 Overall Geographic Attack Distribution 24 DNS Analysis 25 Top Malware Domains 27 Firebox Feed: Defense Learnings 28 Endpoint Threat Trends 30 Top Ransomware Variants in 2020 33 Endpoint Defense Learnings 34 Top Security Incident 35 SolarWinds Breach 39 Important Takeaways 40 Conclusion and Defense Highlights 43 About WatchGuard Internet Security Report: Q4 2020 • 2 Introduction The Q4 report covers: As digital technology has evolved and become much more Firebox Feed Threat Trends: interconnected, your individual company’s cybersecurity This section highlights the top malware, network posture has expanded to affect others far beyond just your own 06 attacks, and threatening domains we see targeting organization. This complex cyber-ecosystem means it’s now in customers. We break these results down both by your best interest to improve everyone’s cybersecurity stance, raw volume and by the most widespread threats, not just your own. I believe cybersecurity needs to become a while also giving a regional view. We also highlight community effort that creates a tide to lift all boats. individual standout threats, such as Emotet, Tesla Agent, the return of cryptominers, and an IoT trojan Both the pandemic and the SolarWinds breaches seeded my targeting consumer routers called The Moon.
    [Show full text]
  • (Public Pack)Agenda Document for Licensing Sub-Committee, 16/04
    Public Document Pack LICENSING SUB-COMMITTEE MEETING TO BE HELD IN CIVIC HALL, LEEDS ON TUESDAY, 16TH APRIL, 2019 AT 10.00 AM MEMBERSHIP Councillors H Bithell - Kirkstall; C Knight - Weetwood; G Wilkinson - Wetherby; Enquiries specific to Agenda compiled by: Entertainment Licensing: Governance and Scrutiny Support Stephen Holder Civic Hall Tel No: 0113 3785332 LEEDS LS1 1UR Tel No: 0113 3788662 Produced on Recycled Paper A CONFIDENTIAL AND EXEMPT ITEMS The reason for confidentiality or exemption is stated on the agenda and on each of the reports in terms of Access to Information Procedure Rules 9.2 or 10.4(1) to (7). The number or numbers stated in the agenda and reports correspond to the reasons for exemption / confidentiality below: 9.0 Confidential information – requirement to exclude public access 9.1 The public must be excluded from meetings whenever it is likely in view of the nature of the business to be transacted or the nature of the proceedings that confidential information would be disclosed. Likewise, public access to reports, background papers, and minutes will also be excluded. 9.2 Confidential information means (a) information given to the Council by a Government Department on terms which forbid its public disclosure or (b) information the disclosure of which to the public is prohibited by or under another Act or by Court Order. Generally personal information which identifies an individual, must not be disclosed under the data protection and human rights rules. 10.0 Exempt information – discretion to exclude public access
    [Show full text]
  • How to Delist a Blacklisted IP Address
    How to delist a blacklisted IP address PROBLEM My IP address is blacklisted by some sender reputation RBL and emails are not delivered. How can I remove it form the blacklists? RBLs Our dedicated IP are only assigned to one account at a time, so we expect those users to take responsibility for all of the mail that is sent through their account. Please note: in the event that a sending domain (and not the IP address) is blacklisted, that domain’s controller will be responsible for handling the delisting request. RBLs are blacklists of IP addresses. One IP address enters into a blacklist for spamming activity. Here you can find instructions on what to do once the IP address entered into one or more blacklists. Why did you get into the blacklist in the first place? First of all, make sure you identified the reason for the blacklisting. If you didn’t identify and resolve it, you will just make things worse by asking for delisting. The IP will be quickly re-blacklisted and it will be harder to delist it. So, check why the IP has been blacklisted and fix the source of the problem before going ahead. Once you resolved all the problems (if it is a new IP address there is no problem to resolve, of course), you can go ahead with the delisting with the following instructions. First time cleanup If you just acquired this IP address, make sure that the dns reverse lookup is set before requesting removal from blacklists. When asked for a reason for requesting delisting, tell that you just acquired the IP address.
    [Show full text]
  • Mimecast Cloud Archive
    S Mimecast Cloud Archive The Best Defense is a Good Offense Effective information management is a business-critical issue for organizations of all sizes and across a wide variety of industries. As the massive volumes of data being created converge with increasingly stringent restrictions on how information must be maintained, the data management quandary is fast approaching a boiling point; and organizations are struggling to keep pace. From enforcing complex regulatory policies and reducing legal exposure to ensuring efficient data retrieval and safeguarding employee productivity, companies need solutions that can tame complexity, minimize risk, reduce costs, and decrease the burden on already over-taxed resources. Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization. The Mimecast Cloud Archive solution is a multi-purpose platform that serves the needs of legal, compliance, and IT leaders. With capabilities for managing retention, e-discovery, compliance, and supervision, Mimecast Cloud Archive helps reduce cost, complexity, and risk, while bringing greater insights and decision-making power to the people who need it. A leader in the Gartner Magic Quadrant for Enterprise Information Archiving for four years’ running, the solution allows you to: • Ensure Compliance – Mimecast Cloud Archive removes the guess work The Archiving Imperative from compliance by automating the application of customer-defined retention policies. Customers can reduce the risk, cost, and complexity T erag Dover abyt of navigating dynamic regulatory requirements, while controlling 1,0001 audit-readiness.
    [Show full text]
  • Monthly Security Bulletin
    Advanced Security Operations Center Telelink Business Services www.telelink.com Monthly Security Bulletin March 2020 This security bulletin is powered by Telelink’s Advanced Security Operations Center The modern cybersecurity threat landscape is constantly evolving. Why Advanced Security New vulnerabilities and zero-day attacks are discovered every day. The Operations Center (ASOC) by old vulnerabilities still exist. The tools to exploit these vulnerabilities are Telelink? applying more complex techniques. But are getting easier to use. • Delivered as a service, which Mitigating modern cyber threats require solutions for continuous guarantees fast implementation, monitoring, correlation, and behavior analysis that are expensive and clear responsibility in the require significant amount of time to be implemented. Moreover, many Supplier and ability to cancel the organizations struggle to hire and retain the expensive security experts contract on a monthly basis. needed to operate those solutions and provide value by defending the • Built utilizing state of the art organizations. leading vendor’s solutions. • Can be sized to fit small, The ASOC by Telelink allows organizations get visibility, control, and medium and large business recommendations on improving their security posture for a fixed and needs. predictable monthly fee. • No investment in infrastructure, team, trainings or required technology. • Flexible packages and add-ons that allow pay what you need approach. • Provided at a fraction of the cost of operating your own SOC. LITE
    [Show full text]
  • Best Practices for Securing the Enterprise in Today's Collaboration
    Best Practices for Securing the Enterprise in Today’s Collaboration-Based World A New Multi-Sponsor Survey, eGuide and Lead-Generation Program In Collaboration with Effectus Media Group, LLC Optional Participation in a Virtual Summit Project OR-JULYESC Effectus Media Group, LLC 2901 West Coast Highway, Suite 200 Newport Beach, CA 92663 C O N F I D E N T I A L WHO SHOULD CONSIDER THIS PROGRAM? This program is intended for sponsorship by any vendor that provides solutions designed to protect collaboration applications and data stores from advanced threats like phishing, ransomware and CEO Fraud/Business Email Compromise/whaling (BEC). Even smaller organizations can use in excess of 100 collaboration applications, including Microsoft Office 365, Microsoft Teams, Slack, Skype, Box, Google Apps, GotoMeeting, and Docusign, as well as a host of apps for individual departments. The intended audience for the eGuide will be decision makers and influencers in mid- sized and large organizations who are charged with evaluating and selecting security solutions. The goal of this program will be to help decision makers and influencers understand the risks of a growing number of collaboration applications, the growing volume of data that they contain, and the growing number and sophistication of advanced threats that can put corporate data at risk. In short, within this threat landscape, what are the best practices enterprises can employ and how can IT organizations regain control of their environments? OVERVIEW Vertical and horizontal collaboration applications with enterprises are now growing by leaps and WHAT THIS PROGRAM bounds. These applications go well beyond just INCLUDES: social networks, but include unified communications, document and workflow A mini-survey of management, and mobile and remote device corporate decision makers connectivity that can serve all employees.
    [Show full text]
  • Hot Topics and Trends in California Consumer Class Actions
    Hot Topics and Trends in California Consumer Class Actions Presented by: Robert B. Milligan, Daniel Joshua Salinas & Darren W. Dummit April 15, 2021 Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Legal Disclaimer This presentation has been prepared by Seyfarth Shaw LLP for informational purposes only. The material discussed during this webinar should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The content is intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have. Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2020 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Agenda 01 COVID-19 Consumer Class Action Developments 02 Latest TCPA Decisions and Trends 03 Eavesdropper and Call Recording Claims Under CIPA 04 Recent Developments in Privacy/Data Breach 05 False Advertising Claims 06 Latest Developments Concerning Arbitration and Class Waivers Latest Decisions and Trends Involving Live Sports, Entertainment, 07 and Recreation ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 3 Speakers Robert Milligan Daniel Joshua Salinas Darren W. Dummit Litigation Trade Secrets, Computer Litigation LOS ANGELES/ Fraud & Non-Competes LOS ANGELES/ CENTURY CITY LOS ANGELES/ CENTURY CITY CENTURY
    [Show full text]
  • Mimecast's Unified Email Management
    Sponsored by Mimecast Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365, including archiving, continuity and security. By unifying disparate and fragmented email environments into one holistic solution that is always available from the cloud, Mimecast minimizes the risk and reduces cost and complexity, while providing total end-to-end control of email. Founded in the United Kingdom in 2003, Mimecast serves more than 10,000 customers worldwide with millions of users and has offices in Europe, North America, Africa, Australia and the Channel Islands. www.mimecast.com 2 M#$3'&%01-#$02)89/:0$6') A+)O@)P'1'&)A&4CC'%') M#"+&-6:1Q)HIJR) ) ) Conversational Exchange Published by Conversational Geek Inc. www.conversationalgeek.com All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Trademarks Conversational Geek, the Conversational Geek logo and J. the Geek are trademarks of Conversational Geek. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. We cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
    [Show full text]
  • Mimecast Enterprise Information Archiving a Single, Secure and Accessible Cloud Archive for Your Business’ Most Important Information
    DATASHEET Mimecast Enterprise Information Archiving A single, secure and accessible cloud archive for your business’ most important information. Mimecast delivers a secure, dependable and highly scalable solution to meet growing information management challenges. A single, tightly integrated cloud platform delivers unified and secure archiving of emails, files and IM conversations. It supports rapid access to content for compliance with regulations, comprehensive e-discovery and litigation readiness as well as granular user search. KEY FEATURES: KEY BENEFITS: l A single, secure cloud platform with unified l Instantly protect valuable intellectual property search for rapid access to all archived content – assets with a purpose-built, highly secure and email, files, IM trusted cloud platform supported by a 100% service availability SLA and guaranteed data l Archive integrity is provided through compliance storage region driven chains of custody for all your archive data l Delight users and speed workflows with rapid l Perpetual retention ensures a long term archive is search and content retrieval through a single, available to support compliance and e-discovery intuitive search interface across a choice of without needing to deploy any additional desktop and mobile apps hardware or significant software l Comprehensive compliance, e-discovery and l Folder based retention and replication of a user’s litigation support through compliance driven Exchange mailbox folder structure combined chains of custody for all your archive data with Exchange
    [Show full text]
  • With the Increase in Online Activity During the Pandemic, Cybercriminals Are Finding New and Innovative Ways to Target Customers
    A GULF NEWS SPONSORED SUPPLEMENT Tuesday, October 20, 2020 With the increase in online activity during the pandemic, cybercriminals are finding new and innovative ways to target customers PAGE 2 2 Tuesday, October 20, 2020 dle East and North Africa– many of which were likely used for financial gain.” Scamsters have capitalised on the pan- demic with creative attack campaigns that play to the present mood. With peo- ple’s health, jobs and finances all under threat, cyber monitors report an in- crease in e-mails enticing users to click on unsafe links, purportedly offering in- formation on rising local case numbers, advice on safety measures, tips for claim- ing stimulus cheques, as well as alerts on coronavirus-linked investment opportu- nities or relief donations. Focused attacks CK TO “Ransomware, privileged access RS abuse, data loss and poorly configured TE services that create vulnerabilities are UT significant risks,” says Ammar Enaya, Re- SH gional Director – Middle East at Vectra, an artificial intelligence-based threat de- tection platform that counts UAE banks THE COVID EFFECT among its clients. “Cybercriminals partic- ularly target banking customers and sup- ply chain partners so those connections tion, there is often a general escalation and credentials must be controlled and BY KEITH J FERNANDEZ in cybercriminals’ activity,” says Anoop monitored too. Banks are also a target SPECIAL TO GN FOCUS Das, cybersecurity expert at the cloud for politically motivated attacks seeking services provider Mimecast Middle East. to disrupt and destabilise a region’s infra- n August, Hozefa Arsiwala was having “There has been a spike in cybercrime structure.
    [Show full text]
  • Fall 2019 Email Security
    2019 FALL CUSTOMER SUCCESS REPORT EMAIL SECURITY SOFTWARE CATEGORY EMAIL SECURITY SOFTWARE OVERVIEW Email security software monitors a company’s outbound and inbound email traffic for malicious and unwanted messages. These tools quarantine or block spam, phishing attacks, and malware. Advanced solutions also provide data loss prevention capability as well as email encryption features for outbound email. Email security software helps to ensure staff compliance and prevent internet threats. The program funnels incoming emails through spam filters and scans messages before transmitting them across a firewall. These tools include user governance or labeling functions to determine malicious actors and stop them from communicating further. Their archiving capabilities enable enterprises to keep a log of past communications for both reference and compliance purposes. 2 Customer Success Report Ranking Methodology The FeaturedCustomers Customer Success ranking is based on data from our customer reference Customer Success Report platform, market presence, web presence, & social Award Levels presence as well as additional data aggregated from online sources and media properties. Our ranking engine applies an algorithm to all data collected to calculate the final Customer Success Report rankings. The overall Customer Success ranking is a weighted average based on 3 parts: Market Leader Content Score is affected by: Vendor on FeaturedCustomers.com with 1. Total # of vendor generated customer substantial customer base & market share. references (case studies, success stories, Leaders have the highest ratio of customer testimonials, and customer videos) success content, content quality score, and social media presence relative to company size. 2. Customer reference rating score 3. Year-over-year change in amount of customer references on FeaturedCustomers platform 4.
    [Show full text]
  • Design – TAG Cyber LLC Finance – M&T Bank Administration – Navitend Research – TAG Cyber LLC Lead Author – Dr
    Design – TAG Cyber LLC Finance – M&T Bank Administration – navitend Research – TAG Cyber LLC Lead Author – Dr. Edward G. Amoroso Researchers – Liam Baglivo, Matt Amoroso, Miles McDonald Facilities – WeWork, NYC TAG Cyber LLC P.O. Box 260, Sparta, New Jersey 07871 Copyright © 2018 TAG Cyber LLC. All rights reserved. This publication may be freely reproduced, freely quoted, freely distributed, or freely transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system without need to request permission from the publisher, so long as the content is neither changed nor attributed to a different source. Security experts and practitioners must recognize that best practices, technologies, and information about the cyber security industry and its participants will always be changing. Such experts and practitioners must therefore rely on their experience, expertise, and knowledge with respect to interpretation and application of the opinions, information, advice, and recommendations contained and described herein. Neither the author of this document nor TAG Cyber LLC assume any liability for any injury and/or damage to persons or organizations as a matter of products liability, negligence or otherwise, or from any use or operation of any products, vendors, methods, instructions, recommendations, or ideas contained in any aspect of the 2018 TAG Cyber Security Annual volumes. The opinions, information, advice, and recommendations expressed in this publication are not representations of fact, and are subject to change without notice. TAG Cyber LLC reserves the right to change its policies or explanations of its policies at any time without notice. September 7, 2017 To the Reader: This 2018 TAG Cyber Security Annual – Volume 1: Outlook for Fifty Cyber Security Controls is a companion guide to the report of similar name issued last year.
    [Show full text]