Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
In the News
All Questions
Questions:
- Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
- Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain your answer.
- What challenges are involved in performing a quantitative information security risk analysis?
Question 1
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
Question 2
Is information security a technical problem or a business problem? Explain your answer.
Question 3
What challenges are involved in performing a quantitative information security risk analysis?
Welcome!
In this course you will learn key concepts and components necessary for protecting the confidentiality, integrity and availability (CIA) of information assets. You will gain an understanding of the importance and key techniques for managing the security of information assets including logical, physical, and environmental security along with disaster recovery and business continuity.
The first half of the course, leading up to the mid-term exam, will focus on information security risk identification and management. The second half of the class will cover the details of security threats and the mitigation strategies that are used to manage risk.
Course Objectives
- Gain an overview of the nature of information security vulnerabilities and threats
- Learn how information security risks are identified, classified and prioritized
- Develop an understanding of how information security risks are managed, mitigated and controlled
- Gain experience working as part of team, developing and delivering a professional presentation
- Gain insight into certification exams and improve your test taking skills
Victims of these four types of file-encrypting malware can now retrieve their files for free
People who have fallen victim to FortuneCrypt, Yatron, WannaCryFake or Avest ransomware should now be able to retrieve their encrypted files without giving into the extortion demands of cyber attackers.Three of the decryption tools have been released for free as part of No More Ransom, a joint initiative by tech security companies and law enforcement that is designed to help businesses and consumers in the fight against cybercrime. Now more free decryption tools have been added to the No More Ransom arsenal, as Kaspersky Lab has provided tools for decrypting Yatron and FortuneCrypt, while Emsisoft has released a free decryptor for WannaCryFake.
https://www.zdnet.com/article/hit-by-ransomware-victims-of-these-four-types-of-file-encrypting-malware-can-now-retrieve-their-files-for-free/
Critical Windows Security Warning Issued For Windows 10, 8.1 And 7 Users
Hi guys,
Is it safe to say that windows is no longer safe, can we categorize its operating system as Moderate or High?
This article is a little worrying for Windows users like me.
From a security perspective, it hasn’t been the best few weeks for Microsoft or Windows users for that matter. There have been so many serious security issues coming to the fore that “security warning fatigue” is becoming a real danger. Most recently I reported how a Windows 10 update broke Windows Defender. This was preceded by a critical Windows warning about a worm able exploit that had been weaponized. Before that, there was a “complete control” hack attack warning, another Windows update breaking things issue and a device driver design flaw leaving millions of Windows 10 users at risk. Now there’s more bad news, and good news, as a zero-day vulnerability that is being exploited in the wild is confirmed by Microsoft. Here’s what you need to know and what you need to do now.
https://www.forbes.com/sites/daveywinder/2019/09/24/new-critical-windows-security-warning-for-windows-10-81-and-7-users/#79341f141c33
Most Cyber Attacks Focus on Just Three TCP Ports
Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents. A report from threat intelligence and defense company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.
According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).
Alert Logic says that these appear in 65% of the incidents, and it makes sense since they need to be open for communication, be it secured or plain text.
Coming in fourth place is the port for Microsoft’s Remote Desktop Protocol (RDP), responsible for remote communication between machines. RDP attracted attention this year through multiple patches for vulnerabilities leading to remote code execution
https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/