International Journal of Cyber-Security and Digital Forensics (IJCSDF) About this Journal The International Journal of Cyber-Security and Digital Forensics (IJCSDF) is a knowledge resource for practitioners, scientists, and researchers among others working in various fields of Cyber Security, Privacy, Trust, Digital Forensics, Hacking, and Cyber Warfare. We welcome original contributions as high quality technical papers (full and short) describing original unpublished results of theoretical, empirical, conceptual or experimental research. All submitted papers will be peer-reviewed by members of the editorial board and selected reviewers and those accepted will be published in the next volume of the journal. 7 Clever Google Tricks Worth Knowing Email Below I have compiled a list of 7 clever Google tricks that I believe everyone should be aware of. Together I think they represent the apex of the grand possibilities associated with Google search manipulation tricks
TR-069 Other forums, such as the Home Gateway Initiative (HGI), Digital Video Broadcasting (DVB) and WiMAX Forum endorsed CWMP as the protocol for remote management of home network devices and terminals (such as the DVB IPTV set-top box). There is a growing trend to add TR-069 management functionality to home networking devices behind the gateway, as well as many other access devices like M2M, FTTH CPE/ONTs, WIMAX CPE and other carrier access equipment. Communication between the device and ACS Transport details CWMP is a text based protocol. Orders sent between the device (CPE) and auto configuration server (ACS) are transported over HTTP (or more frequently HTTPS).
FireEye predictions for cybersecurity in 2015 Sony is still smarting over a cataclysmic cyberattack, US banks, Target and Staples have all been targeted, and it seems hackers are always one step ahead. But what can we expect from next year? Security flaws Heartbleed, Cryptolocker and Shellshock have all had their time in the media spotlight, companies are reviewing their risk management and damage control processes, and investment is being pumped into training the next generation of cybersecurity experts in an attempt to keep corporate network intrusion to a minimum. Mobile and Web-based viruses remain a scourge, and hardly a week goes by without hearing of another data breach or a new strain of malware being discovered in the wild. According to Greg Day, CTO of the EMEA region at security firm FireEye , these situations are likely to deepen and worsen over the coming year and into 2015. The security and forensics firm predicts that in the technical realm, mobile ransomware will surge in popularity.
5 Best Practices in Data Breach Incident Response It goes without saying that all IT organizations should have an active Incident Response (IR) Plan in place – i.e. a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process to follow when an incident occurs. There’s a lot of good guidance online about how to recruit a data breach response team, set initial policy, and plan for disaster. For those organizations already prepared for IT incident response, be aware that best practices continue to evolve. The best IR plans are nimble enough to adjust over time.
Cyber Security In today’s information economy, data can be your organization’s most valuable asset — but with the rise of mobile technology, cloud computing and an exponentially growing volume of digital information, keeping that data secure also becomes one of your greatest challenges. No one is immune to data loss incidents — and no one is better equipped than Kroll to help you identify and close gaps that put your organization’s cyber security at risk. Information security issues — such as data breaches or employee misconduct — are a constant worry for C-suite leaders as well as for front-line managers in your organization. Cyber security challenges put sensitive data at risk and can cost your company time, revenue and resources. At Kroll, we know securing and managing electronically stored information (ESI) is critical to the future of your business. Sign up for our monthly newsletter and receive expert insight into the latest issues and trends in privacy and data security.
The 10 Windows group policy settings you need to get right In the enterprise, one of the most common ways to configure Microsoft Windows computers is with group policy. For the most part, group policies are settings pushed into a computer's registry to configure security settings and other operational behaviors. Group policies can be pushed down from Active Directory (actually, they're pulled down by the client) or by configuring local group policy. The ability to set and configure security settings using group policy is one of the big advantages of working with Windows computers. Yes, many operating systems today have comparable management systems, but Windows has had group policies since Windows NT 4.0 Service Pack 4, released in October 1998. Ah, I can still remember using secedit.exe to configure local group policies.
California data breach law AB1710 stirs up debate on notification requirements California Assembly Bill No.1710 (AB 1710) was signed into law on September 30, 2014, and amends California’s existing data protection laws, in part by setting forth requirements on what to do if protected data is exposed. AB1710 takes effect this January 1st, 2015, and there has already been much speculation and debate regarding several key pieces of the legislation. One such point of debate is the wording that amends what must be done if data is breached, which now states that a breached entity must “offer to provide appropriate identity theft prevention and mitigation services, if any, to the affected person at no cost for not less than 12 months if the breach exposed or may have exposed specified personal information.” It is the use of “if any” as a modifier that is causing contention; i.e., does this phrasing mandate services, or simply that entities choosing to offer services must do so for 12 months? The de facto offering is, of course, credit monitoring.
8 Best Practices for Encryption Key Management and Data Security 8 Best Practices for Encryption Key Management and Data Security From centralization to support for standards, these encryption key management and data security best practices can help you protect your organization’s confidential data and comply with regulatory mandates. by Gary Palgon Data encryption is an important element of an organization’s response to security threats and regulatory mandates.
Protect Myself from Cyber Attacks What You Need To Know The Department of Homeland Security plays an important role in countering threats to our cyber network. We aim to secure the federal civilian networks, cyberspace and critical infrasture that are essential to our lives and work. DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24x7 center responsible for the production of a common operating picture for cyber and communications across the federal, state, and local government, intelligence and law enforcement communities and the private sector. Next Steps The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into "clicking the link" or opening attachments to seemingly real websites:
Apple, Google blasted by FBI over smartphones' new encryption software WASHINGTON -- Apple has been unveiling a new generation of devices with bigger screens, sharper cameras and faster processors, but it's Apple's new privacy protections that worry law enforcement. The latest operating system from the tech giant - and competing software from Google - allow people to permanently lock their smartphones. Only the user knows the security code. Apple and Google say they can't break that code. Neither can police, even with a court order. FBI Director James Comey warned Thursday this could allow criminals and terrorists to permanently hide their files.
CRM: FRAUD: Foreign Corrupt Practices Act (FCPA) An Overview The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq. ("FCPA"), was enacted for the purpose of making it unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business. Since 1977, the anti-bribery provisions of the FCPA have applied to all U.S. persons and certain foreign issuers of securities. Creepy: Next-gen Barbie doll listens in on your kids' conversations Well, this is something that is kind of cool and utterly scary at the same time. Mattel has announced Hello Barbie, a next-gen version of its infamous fashion doll that will feature Wi-Fi connectivity and an always-listening feature. Hello Barbie will record your kids' conversations where it sends it to researchers, securing it in their 'secure' database, where researchers will analyze the conversations with your child. Mattel says that this will enable the new Hello Barbie to become more complex over time, where it offers two-way dialogue, speech recognition, and more. The dollmaker says that this will allow Hello Barbie to form a "unique relationship" with children, as Hello Barbie will be able to tell jokes, listen, learn and adapt to situations.
Best Practices: Backup and Recovery Strategies You can't recover data that you haven't kept. But how confident are you that the data on which your business depends is backed up successfully? This paper examines the kinds of data storage technologies and solutions that are best for all businesses and offers some best practices for ensuring the successful data backup and recovery required to sustain operations -- regardless of what happens to your business. It's always a challenge to keep your business data readily available when you need it.