A Review of the Best News of the Week on Cybersecurity Management & Strategy

Name+DOB+SSN=FAFSA Data Gold Mine (Krebs on Security, Nov 24 2017)
KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.

3 Ways to Retain Security Operations Staff (Dark Reading, Nov 20 2017)
1. Convert Roles to Duties, and Then Rotate Them, 2. Offer Phased Training and Certifications, and 3. Offer Step-up Retention Bonuses

Six data security questions that every board needs to ask (Help Net Security, Nov 22 2017)
The good news is that boards can take the risk management concepts they already know well, and apply those to cybersecurity by properly framing the conversation using these six questions.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Research: Half of Enterprises Suffered Insider Attacks in Last 12 Months (eWEEK, Nov 21 2017)
Survey is based on a comprehensive online survey of 472 cybersecurity professionals, which provides deep insight into current security trends.

Endpoint Advanced Protection Buyer’s Guide: Key Technologies for Detection and Response (Securosis Blog, Nov 21 2017)
Digging into some key EDR technologies which appear across all the use cases: detection, response, and hunting. Agent, Machine Learning, and Cloud Integration.

Only 12% or organizations are likely to detect a sophisticated cyber attack (Help Net Security, Nov 22 2017)
The EY survey of nearly 1,200 C-level leaders of the world’s largest and most recognized organizations examines some of the most urgent concerns about cybersecurity and their efforts to manage them.

Why You’ll Never Succeed at Selecting an MSSP (Without These Questions) (Delta Risk, Nov 22 2017)
Selecting an MSSP isn’t easy. Not all MSSPs are created equal. Here are some essential questions to simplify the process and narrow the field.

Mr. Robot eps3.6_fredrick+tanya.chk – the security review (Naked Security – Sophos, Nov 23 2017)
What’s new in Mr. Robot’s world?

A university gets personal with its students about cybersecurity (Inside Higher Ed, Nov 23 2017)
One institution may have found a way to reach students — by making them, and their pets, the stars of a cybersecurity-awareness campaign.

Equifax now hit with a rare 50-state class-action lawsuit (CSO Online, Nov 22 2017)
This rare 50-state class-action suit against Equifax, highlights the massive costs and critical damage companies could face in the wake of a cybersecurity attack.

The CIO should report to the CISO (CSO Online, Nov 20 2017)
And the CISO should report directly to the CEO.

How to hire top cybersecurity talent for your company (CSO Online, Nov 20 2017)
As cyber threats continue to grow in volume and intensity, companies need top-tier cybersecurity talent to successfully fend off these attacks.

Uber suffered massive data breach, then paid hackers to keep quiet (Naked Security – Sophos, Nov 21 2017)
Uber suffered a data breach in 2016, but didn’t tell anyone – instead, it seems the company paid the hackers to help to hush it up.

Introducing the Complete Guide to Building a Security Culture (Registration Required) (Trustwave Blog, Nov 01 2017)
The concept sounds utopian, but you’re still working on getting your employees to remove the Post-It notes containing their passwords (amirite?). How can you possibly build a culture?