ISACA COBIT framework
The importance of Information and Technology Governance cannot be overstated. With companies trying to maximise the value derived from IT assets while managing the associated risks, the need for a structured approach to designing and implementing enterprise governance for IT is key.
ISACA's COBIT has been one of the most accepted frameworks in this area for over 20 years. Recently ISACA has released COBIT® 2019, its first update to the COBIT framework in nearly seven years. The new version provides comprehensive practical guidance and new focus areas in hot topics like DevOps, Cyber Security and Digital Transformation. COBIT® 2019 has been written in a way that can now easily be customised for small-to-medium sized business.
Author: Pablo Borges
Password Reuse after Dell Hack
US based hardware giants Dell recently announced a security breach that took place earlier in the month of November.
Even though Dell forced its customers to reset their passwords, users should still be concerned. If hackers are able to steal passwords from one website then they can possibly use that information to access some other websites too. It is recommended you reset any passwords for other websites where the same password was used on Dell.com and support.dell.com. Use strong and unique passwords and promote the use of a password manager.
Check out the following link to learn more about good password practices.
How using Safari can get you Hacked
Dropbox has recently revealed three critical vulnerabilities in the Apple MacOS operating system, which could allow a hacker to execute a malicious code by convincing the victim to visit the malicious web page.
The video demonstration shows that researchers have been able to create a two-stage attack on a Mac computer just by convincing the victim to follow the malicious page. Apple continuously releases updates to fix new vulnerabilities. Users should continuously install monthly updates in order to protect their systems against such threats.
Source: The Hacker News
Marriot Data Breach and What Should the Customers do to Protect Themselves
Marriot on Friday reported a data breach affecting the information of 500 million of its Starwood customers. The stolen information includes name, phone number, email addresses, passport number and in some cases credit card numbers and expiry dates. While the company is still taking measures to do damage control for the second biggest breach in history (after Yahoo’s data breach), here is what consumers can do to protect themselves:
- Look out for any suspicious activity on your bank account. Continuously monitor all activities and immediately report any unauthorised transactions
- Limit information you share with your company. A travel company may ask for your passport number, but customers can also provide a different form of identification. Try not saving credit card details on untrusted websites
- Reset any reused passwords associated with your Starwood account. Select strong passwords that are difficult to predict and consider using a password manager.
- Look out for updates from Marriot but be aware of phishing emails trying to take advantage of the news relating to the breach.
Privasec's COO, Karan Khosla Interviewed by ICE71
Privasec is really proud to be a part of ICE71; Singapore's first cybersecurity startup hub, aimed at growing Singapore's cybersecurity ecosystem. Privasec’s COO, Karan Khosla shared his thoughts on hacking and data breaches in a recent interview with ICE71. Here are some key takeaways from his interview:
- It is not a question of IF but WHEN a company will be hacked.
- Preparation is key. Many companies are now realising the value of incident response war room training - walking through an incident to practice what to do and being prepared for security incidents.
- Individuals need to become better prepared and start protecting themselves from data breaches. Keeping systems up to date and using strong passwords is critical.