Tag Archive for: center

Center for Internet Security, CREST Join Forces to Secure Organizations Globally


EAST GREENBUSH, N.Y., June 28, 2023 — The Center for Internet Security, Inc. (CIS®) today announced the launch of a joint initiative with CREST, an international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST are launching the CIS Controls Accreditation program to provide organizations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls) underpinned by the rigorous standards of CREST accreditation.

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organizations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity. 

“The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security,” said Tom Brennan, Executive Director, CREST Americas Region. “Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced.”

The CIS Critical Security Controls are a set of globally-recognized and widely-used best practices that provide a prioritized path to improve an enterprise’s cybersecurity posture. This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting.

“CIS is pleased to partner with CREST to provide end user organizations a selection…

Source…

Domain Name System is once again front and center for exploits and security policy


Two recent events are once again bringing the internet’s foundational Domain Name System into the news, and not in a good way.

The first event involving the DNS last week was a warning from the Cybersecurity Infrastructure and Security Agency issued on Friday for version 9 of the Berkeley Internet Name Domain, or BIND.

It calls attention to three exploits that were disclosed and requires updates to this open source software, which is used by thousands of companies and government websites to translate the alphabetic domain names, such as SiliconANGLE.com, and a set of numerical IP addresses, such as like 35.91.118.127, back and forth. The exploits would allow remote malware execution, although none has yet been observed in the wild.

DNS is an essential glue protocol that almost every internet-related service depends on, and BIND is the most popular way DNS entries are manipulated and managed. Exploits are common targets for hackers, who can redirect traffic to their own malicious destinations, useful for phishing and subsequent data stealing operations. The recent Microsoft Layer 7 attack, for example, leveraged a few DNS exploits.

This isn’t the first alert regarding BIND, and isn’t even the first alert seen in 2023: Back in January, there was another alert that could cause denial-of-service and other system failures. Both alerts urge users to update their versions to current patched levels.

The second news item relevant to DNS concerns an open letter issued Friday by Vint Cerf, Stephen Crocker, Carl Landwehr and several others, entitled “Concerns over DNS Blocking.” The authors of this Medium post have been involved in internet protocol development and overall internet governance for decades.

The letter was sent in response to a draft bill under consideration in the French parliament entitled draft Military Planning Law 2024-2030 that was issued in early May. The authors state that the proposals “pose grave risks for global Internet security and freedom of expression.”

The meat of the proposed laws would enable wholesale DNS blocking of any internet provider operating in France. The authors claim the proposals would do more harm than good, and they…

Source…

Better public sector cybersecurity aimed by Center for Internet Security, Google Cloud alliance


SiliconAngle reports that the Center for Internet Security and Google Cloud have entered into an alliance that seeks to strengthen the cybersecurity posture of the public sector amid increasing threats.

Under the alliance, CIS will be able to provide Google Cybersecurity Action Team services, including Google Threat Horizons reports and Mandiant cybersecurity tools, to help its members bolster cloud security and overall cybersecurity practices. Meanwhile, Google has also introduced partnerships with Health-ISAC and FS-ISAC, as well as unveiled the new Google Public Sector aimed at accelerating digital transformations at U.S. public sector entities.

“This partnership between CIS and Google is particularly exciting because it is bringing together two powerhouse perspectives on cybersecurity and applying them to the highly targeted and historically cyber-underserved community of U.S. state, local, tribal, and territorial government organizations. The cybersecurity needs of the public sector demand best-in-class, cost-effective solutions that include implementation and operational support and we look forward to how we can work together to support this community,” said CIS Executive Vice President of Sales and Business Services Gina Chapman.

Source…

Computer scientist confronts worldwide challenge of online security and privacy – News Center



Thursday, Apr 06, 2023
• Herb Booth :
Contact

A University of Texas at Arlington computer security researcher has received a prestigious federal grant to determine what technologies and methods work best to attain and retain online security and privacy.

Shirin Nilizadeh
Shirin Nilizadeh

Shirin Nilizadeh, assistant professor in the Department of Computer Science and Engineering, received a $200,000 National Science Foundation grant to study social media discussions and better understand what concerns are about online security and privacy, what technologies and tools they suggest to each other to use and whether they are effective. Nilizadeh called this a “worldwide challenge.”

“People care about their online security and privacy everywhere,” she said. “And sometimes, due to societal and political movements, they become more cautious or aware of the problems, where they go online and on social media, and proactively discuss their concerns and ask for tools and methods that can help protect them.

“We can help as a research community to see what’s working and what isn’t. We can take these research findings to design and develop better online safeguards and to improve the existing security and privacy-preserving systems if they are not secure, effective and efficient.”

Hong Jiang, chair of the Department of Computer Science and Engineering, said Nilizadeh’s research could further the security of social network tools.

“Everyone is connected to social networks,” Jiang said. “Studying social networks’ discussions and understanding what security measures people are looking for and using allow researchers to develop and provide such measures to improve online security and privacy.”

Previous Nilizadeh work showed that social media users extensively discussed the security and privacy threats of video communication tools more people started working from home due to the COVID-19 pandemic. This work showed how misinformation about security and privacy spread on social media platforms.

Nilizadeh…

Source…