6-30-14 Podcast References

“I knew that if I failed I wouldn’t regret that, but I knew the one thing I might regret is not trying.”

—Jeff Bezos

Rare SMS worm targets Android devices


C-IT Recommends

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit pornographic sites. Also, instruct employees not to apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Stronly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

Article Resources

Adaptive Mobile Detail Analysis on


US CERT Defending Cell Phones and PDAs Against Attack



Most health care vendors earn ‘D’ in data protection, study finds


C-IT Recommendation

  1. Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National Institute of Standards and Technology Framework, International Organization for Standardization 27001, and Information System Audit and Control Association’s Control Objectives for IT.
    1. Ensures your organization has a plan for Information Security
    2. Provides direction for developing information security policies, procedures, standards and guidelines
    3. Ensures organizations have administrative, physical and technical controls to deter, detect and/or prevent malicious behavior
  2. Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with  CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
  1. Material to be covered
    1. Current Risks (including potential severity and probability)
    2. Emerging Risks (including potential severity and probability)
    3. Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
    4. Monitoring Progress of Risk Handling

Article resources

The Unlocked Back Door to Healthcare Data Report


NIST Cyber Security Framework


ISO\IEC 27001 Framework





PlugX RAT Armed With ‘Time Bomb’ Leverages Dropbox In Attack


C-IT Recommendation

  1. Evaluate the organizational risks for allowing users in your organization to use online document sharing sites such as dropbox, Google drive, Microsoft One Drive. Understand once the information leaves your organization you no longer have controls. This evaluation should include input from your core business leaders, the legal department and the information technology and security leadership.
  2. Make an organizational decision to whether or not you will allow users to store files on online document sharing sites.
  3. Ratify a data storage policy that explicitly addresses your directives for storing files on online document sharing sites.
  4. If you decide to disallow users to use online document sharing sites, you may want to consider blocking those sites on your web content filter appliance.
  5. Evaluate the total cost of ownership and return on investment for deploying tools that manage ShadowIT

Article Resources

Shadow IT Definition


CIO Magazine “How to Bring Shadow IT Under Control” Article


Trend Micro Blog Detailing PlugX RAT


Leave a Reply

Your email address will not be published. Required fields are marked *