National Cybersecurity Awareness Month

Security Innovation is proud to be a National Cybersecurity Awareness Month Champion, dedicated to helping make companies more secure from administrators and developers to IT Security Managers and CISOs.

Get Secure This October & Beyond!

We have a TON of general awareness and application security assets, blog posts, and videos to share with you this month. Check out what's going week by week!

WEBINAR:
Security Best Practices for Regular Users

October 4, 2018
2:ooPM ET
Register Today!

This Webinar May Not Be for You

If you already know all about protecting your privacy and security online, this webinar may NOT be for you.

But if you are unsure how best to protect yourself and your family online, you'll want to register - and share with others! 

You will learn:

  • The What and How Behind Your Personal Threat Model
  • Quick and Easy Steps for Password Protection and Two Factor Authentication
  • Everyone’s Watching: How to Manage Your Online Privacy While Remaining Social

Register Here  <https://www.securityinnovation.com/training/it-infrastructure-training?utm_source=email&utm_medium=button_register&utm_campaign=Appsec_Webinar_Fall2018>

Text-Img.jpg

 

4 Things You Should Do Now to Protect Yourself Online

Let Security Innovation show you 4 quick & easy ways to enhance your online safety.  In this tip sheet, we cover:

  • How to use a password manager and a few of the most popular and trusted names
  • The Does and Don'ts for using free WiFi
  • What is Two-Factor Authentication (2FA) and when, where and why should I use it?
  • Safe posting while remaining social - What is safe to share and what is better kept under wraps

 

Download Tip Sheet

Blog: IoT Security in the Home
by Dinesh Shetty

IoT devices are proliferating our homes, from smart thermostats, light switches, security cameras, even refrigerators, our homes are becoming even more "connected."  With these connections, comes security risk.  How do you minimize these risks to help protect your home and your family?  Read more...

Talk to Your Children About Online Security Infographic

Talk to Your Children About Online Safety

The potential online risks to our children is alarming!  From cyber-bullying, to ransomware, to child predators, where to begin in talking to and educating our kids about everything they could encounter online?

You can install firewalls, restrict access to certain sites, monitor apps on their phone, but that won’t get to the real underlying issues.  Becoming aware of security concerns and safety measures, you can start the conversation with your kids and ultimately instill safe browsing habits.

Download our infographic, Talk to Your Children About Online Security to help start the conversation today!

Text-Img.jpg

Finding Your Inner Evil-Doer

Written by Joe Basirico, SVP of Engineering, this white paper covers what it takes to become a great security tester. Using his years of experience examining and training development teams, Joe has come up with three pillars that every security testing foundation must have: 

  • Imagination - Great imagination extends beyond the ability to imagine a system as it could be, but extends to envision the truly interesting bugs and vulnerabilities in a system. 

  • Complete Knowledge of the System - A successful security tester has deep knowledge about everything that goes on in a computer system and can quickly identify items that are out of place. But most importantly....

  • An Evil Streak - This is the ability to take a potential vulnerability to it's logical end. It's possibly the most important quality in a security tester. Not because it gives you some superhuman ability, but rather because it gives the spark that will drive the other two qualities.

Get The White Paper Now

OWASP Mini Toolkit

We've compiled a few of our top OWASP assets to keep you "in the know" and help secure your organization from the OWASP Top Ten vulnerabilities.

XSS

In this quick 2-minute video, we'll discuss the difference between Stored and Reflective Cross-Site Scripting (XSS) attacks and what you can do to avoid them.

 

What You Really Need to Know

Check out our latest tip sheet to learn more about the 3 new vulnerabilities in the Top Ten as well as those pesky incumbents that continue to wreak havoc on code even after all these years.

OWASP Top Ten: What You Really Need to KNow

SQL Injection

In this quick 2-minute video, we'll go over the basics of SQL injection - what it is, how it can impact your code and organization, and what you can do to protect yourself against it.

 

Blog: Preparing for a Career in Cybersecurity

By Lisa Parcella

October is National Cyber Security Awareness Month and week-two brings us an interesting and very relevant topic. Millions of Rewarding Jobs: Educating for a Career in Cybersecurity.

We can all reap the technological and societal advancements that occur when we diversify the talent pool and bring new and fresh perspectives to the challenges in front of us.  

CLICK TO READ

Blog Post_careers-in-cybersecurity

 

 

Building a Culture of Cybersecurity

cul•ture | \’kәl-chәr\ noun the set of shared attitudes, values, goals, and practices that characterizes an institution or organization.

A strong culture of cybersecurity can complement and work with procedural and technology controls to help organizations be proactive as they build secure software, systems, and networks – as well as help detect and stop potential attacks.

This paper discusses the importance of a strong culture of cybersecurity, and examines ten key activities for building – or improving – that culture within your organization. Download to learn:

  • What is a culture of cybersecurity
  • The benefits of a culture of cybersecurity
  • Ten core activities for building a culture of cybersecurity

2018 APPLICATION SECURITY REPORT

Download the Application Security Report and learn about the state of application security, how organizations are protecting their applications, and what tools and best practices IT cybersecurity
teams are prioritizing to find, fix and prevent
vulnerabilities in next-gen apps
.

Despite software being the primary target of attacks, organizations still fall woefully short with even basic security hygiene:

53% lack significant resources to detect and remediate application vulnerabilities

42% blame "rushing to release” for not establishing secure coding procedures

Download 

Based on a comprehensive online survey of IT and cybersecurity professionals in the 400,000-member Information Security Community on LinkedIn, the 2018 Application Security Report has been produced in partnership with Security Innovation.

2018 AppSec Report

INSIDER THREATS

Learn everything you need to know about Insider Threats... in 2 Minutes!

 

Blog: Online Security in the Workplace

Security in the Workplace is the NCSAM focus this week. Security Innovation is dedicated to help keep everyone safe online whether it is at home or in the workplace. We strive to make security approachable, fun and interesting  through training resources and courses for various roles at your company. Teaching best practices for securing online users is a priority to us whether it is at home or in the workplace.


CLICK TO READ

Beanpot_hacker_code-1

6 Easy to Follow Steps to Compliance: NIST 800-53

The NIST Cybersecurity Framework was created with the realization that specific controls and processes have already been covered and duplicated in existing frameworks, and that organizations needed high-level guidance for improving their cyber security defenses.

This tip sheet will break it down into 6 easy steps for compliance as well as recommended courses under each of the 5 NIST Cybersecurity Frameworks.  The steps are as follows:

1. Categorize Information System

2. Select Security Controls

3. Implement Security Controls

4. Assess Security Controls

5. Authorize Information System

6. Monitor Security Controls

SECURITY ESSENTIALS

To celebrate the final days of National Cybersecurity Awareness Month, we’d like to offer a limited time trial* to some of our most popular Security Essentials courses.

Whether adhering to NIST 800-53...

or any other compliance standard, Security Essentials provides a framework for creating security assessments, authorizations, policies, and procedures across the enterprise and provides critical, high-level guidance for those responsible for the implementation of information systems for security controls, such as Architects, Managers, Policy Writers, Facilities Personnel, IT Operations and more! 

Below is a list of all of our Security Essentials courses. 
Those included in our NCSAM trial* are in bold.

Start Your Trial!

  • ENG 110. Essential Account Management Security
  • ENG 111. Essential Session Management Security
  • ENG 112. Essential Access Control for Mobile Devices
  • ENG 113 Essential Secure Configuration Management
  • ENG 114. Essential Risk Assessment
  • ENG 115. Essential System and Information Integrity
  • ENG 116. Essential Security Planning Policy and Procedures
  • ENG 117. Essential Information Security Program Planning
  • ENG 118. Essential Incident Response
  • ENG 119. Essential Security Audit and Accountability
  • ENG 120. Essential Security Assessment and Authorization
  • ENG 121. Essential Identification and Authentication
  • ENG 122. Essential Physical and Environmental Protection
  • ENG 123. Essential Security Engineering Principles
  • ENG 124. Essential Application Protection
  • ENG 125. Essential Data Protection
  • ENG 126. Essential Security Maintenance Policies
  • ENG 127. Essential Media Protection

*You must register by 10/31 to get access to the Security Essentials trial for 7 days.