Summary: Each week, Gerry and Steve discuss Information Security topics relevant to the medical industry and to patients. From the latest hacks and bugs, to changes in the regulatory environment, and tips and tricks to keep your own personal information safe.
The guys look toward 2018, helping with your cyber New Year’s resolutions! They discuss cyber jobs and the demand for a cybersecurity workforce in the United States and how you can pivot into the industry or charge your career if you are already working in information security. They also drill into industry specific certifications and conferences that can help expose you to diverse aspects of the field and give you a tactical advantage at the negotiating table. If you have questions of suggestions, email us at firstname.lastname@example.org. Show Notes Resources: Job Market Study from Frost and Sullivan (supported by NIST) “2017 Global Information Security Workforce Study” https://iamcybersafe.org/wp-content/uploads/2017/07/N-America-GISWS-Report.pdf 2014 Cisco Annual Security Report, presented at CSO online. https://www.csoonline.com/article/3201974/it-careers/cybersecurity-job-market-statistics.html NORSE map (Global attack visualization) http://map.norsecorp.com/#/ Certifications Comptia https://www.comptia.org/ ISC (CISSP, SSCP, HCISPP) https://www.isc2.org/ ISACA (CISA, CISM) https://www.isaca.org/pages/default.aspx SANS (GIAC) https://www.sans.org/ Technology Specific (CCNA, MCSE) https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna-routing-switching.html https://www.microsoft.com/en-us/learning/mcse-certification.aspx DoD Approved 8570 Baseline Certifications https://iase.disa.mil/iawip/Pages/iabaseline.aspx Security conferences Blackhat http://www.blackhat.com/ DEFCON https://www.defcon.org/ Shmoocon http://shmoocon.org/ Bsides (Charleston, Augusta) http://www.securitybsides.com/w/page/12194156/FrontPage#PastPresentandFutureBSidesEvents DerbyCon https://www.derbycon.com/ DakotaCon http://dakotacon.org/ HIMSS http://www.himss.org/Events EduCause (Security) https://events.educause.edu/security-professionals-conference/2018 RSA
Steve gets a bank fraud alert on his credit card and he passes along some tips to protect yourself during the holiday shopping season. Gerry talks about some attackers who went shopping through a California voter database and wins big. They both share their experience with this year’s SANS Holiday Hack Challenge. If you have questions of suggestions, email us at email@example.com. Please excuse the little bit of static we got during recording. The problem has been corrected for future episodes (bad USB cable). Show Notes Resources: Bank Fraud Examples: https://www.theguardian.com/money/2017/dec/09/text-bank-student-loan-money Avoiding Security researchers https://gbhackers.com/most-important-tools/ California Voter Information Data Breach: https://mackeepersecurity.com/post/cyber-criminals-steal-voter-database-of-the-state-of-california https://www.scmagazine.com/millions-of-california-voter-records-exposed-in-unprotected-mongodb/article/719028/ https://docs.mongodb.com/manual/administration/security-checklist/ SANS Holiday Hack Challenge: https://www.holidayhackchallenge.com/2017/ Cybrary: https://www.cybrary.it/ Python may be coming to Excel https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-python-as-an-official-scripting-language-to-excel/ You can also follow Gerry and Steve on Twitter. Disclaimer: Please note the views and opinions of the hosts are their own and not necessarily those of the Medical University of South Carolina.
If you discover an internal data breach do you, a. Report it to the affected Individuals, or b. Fix it quickly and say nothing? One official at Stanford University chose poorly. The U.S. House Energy and Commerce Commission asked some great questions of Health and Human Services (HHS), including requiring medical device managers to report a Bill of Materials (BoM) for all software components in their medical devices. Also, following on the heels of WannaCry was a Linux version called SambaCry, which has now been weaponized as a ransomware delivery mechanism. So get your Linux and NAS devices patched and amp up the monitoring. Gerry and Steve talk about all these topics plus their One Cool Things in this week’s episode. Show Notes Resources: Stanford CDO Resigns for Data Breach handling: https://www.sfgate.com/education/article/Stanford-University-executive-leaves-job-after-12407976.php House Energy and Commerce Committee wants Bill of Materials for medical device manufacturers: https://www.scmagazine.com/house-committee-asks-hhs-to-boost-cybersecurity-by-requiring-component-list-for-medical-devices/article/708139/ SambaCry and the new StorageCrypt ransomware attack: https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/ https://f5.com/labs/articles/threat-intelligence/cyber-security/sambacry-the-linux-sequel-to-wannacry Emotion Analytics: http://searchhrsoftware.techtarget.com/feature/Emotion-analytics-may-expose-your-true-feelings-to-HR What Every Body is Saying by Joe Navarro: https://www.goodreads.com/book/show/1173576.What_Every_Body_is_Saying MoviePass https://www.moviepass.com/ Disclaimer: Please note the views and opinions of the hosts are their own and not necessarily those of the Medical University of South Carolina.
Gerry and Steve give you an Apple security update on the recent Mac High Sierra bug, discuss a recent testimonial given to Congress about identity verification in a post-breach world, and some advice from the IRS to avoid tax fraud with the tax season coming up. The guys also present their One Cool Thing. Get the Show Notes Resources Apple security problem in macOS High Sierra A vulnerability for macOS High Sierra has been identified that allows an attacker to bypass administrator authentication without supplying the administrator’s password. Basically someone can have root access to the machine without having to provide a password. In concert with your inner monologue, yes this is an awful vulnerability. Fortunately, Apple has responded quickly and has released a patch (Security update 2017-001). This vulnerability applies to systems running macOS High Sierra and does not affect systems running macOS Sierra 10.12.6 and earlier. https://support.apple.com/en-us/HT208315 https://support.apple.com/en-us/HT201541 House Energy and Commerce Hearing https://energycommerce.house.gov/hearings/identity-verification-post-breach-world/ IRS Anti- Tax Fraud tips and tricks As part of National Tax Security Awareness Week-November 27 to December 1-the Internal Revenue Service (IRS) is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft. https://www.irs.gov/newsroom/national-tax-security-awareness-week-2017
Show Notes Introducing the InfoSec ICU Podcast, in which hosts Gerry Auger and Steven Cardinal discuss Information Security topics of interest to those working within the healthcare field. You’ll get the latest cyber news, tips and tricks for keeping yourself safe online, and a glimpse at the cool tech and scary threats coming down the pike. Please note that the views and opinions expressed on this podcast belong to the hosts and do not necessarily reflect those of the Medical University of South Carolina.