Security Awareness Professionals! This Is Day 3 of Gartner Security and Risk Management Summit 2018. Join Terranova at booth 119! We have been exchanging numerous ideas with participants about raising security awareness effectively and user training initiatives. Consequently, we are focusing our discussion on security awareness. We ask the following question: “How do you measure employees’...

Without awareness, there is no security. Truly an inseparable pair! This is Day 4 of RSA Conference 2018 , and the Terranova team has been engaging in some interesting conversations. You have expressed views and concerns regarding Information Security Awareness (ISA). And we are taking notes! The article that follows discusses the first phases of implementation of a security awareness program...

The secret for continuous growth is to strive for success through effective learning opportunities and employee engagement. Organizing educational content for your business has its challenges, especially when priorities are not arranged efficiently. From compliance to learner validation and user experience, any number of factors can make or break your business’ learning efforts. When aiming for...

By this point, the dangers presented by phishing attacks are becoming increasingly well known. Business leaders recognize that information security awareness is critical for organizations of all kinds, and these programs need to focus heavily on phishing if firms want to remain protected in the current cybersecurity landscape. Phishing attacks have become among the most dangerous forms of...

While certainly not the biggest data breach in recent memory, this Rogers Communications incident demonstrates how a seemingly small employee error can have significant consequences in the realm of cybersecurity. Data breaches have become major news topics and with good reason. These incidents have major implications not just for the businesses affected but also for their employees, their...

Latin American companies need to increase their investment in cybersecurity, including security awareness training for employees. Data breaches and cybercrime used to be seen as shocking, alarming and difficult to fathom. Today, they seem almost run of the mill. The world and many of its criminals have gone digital, and yet countless organizations have yet to embrace new strategies that can...

New data breach notification proposals from President Obama and other political leaders will only exacerbate the impact of these incidents. The stakes surrounding cybersecurity aren’t just increasing – they are expanding. For years now, business leaders have understood that data breaches are a serious issue, one which firms must do everything in their power to avoid. After all, these incidents can...

The consumerization of IT is when employees use their own personal mobile devices, such as laptop computers, tablets, smart phones, etc. at work, referred to as BYOD (bring your own device). This use is becoming increasingly common and exposes companies to a variety of risks, including the protection of personal information. Canadian businesses appear to be leading the world in IT consumerization...

Information security governance is a subset of corporate governance and can complete or encompass the governance of information technologies. It directs or strategically aligns information security activities and ensures that the company’s business objectives are reached. It also guarantees that information security risks are adequately managed and that information resources are used responsibly...

As a follow up to the Business Continuity Management program article , here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components: Emergency action plan and damage assessment This is a response plan to deal...

In April 2013, the Canadian government announced its action plan for cybersecurity and highlighted the successes realized within the framework of its cybersecurity strategy to enhance cyberspace security for Canadians. One such measure involves the Canadian Cyber Incident Response Center (CCIRC), which supports Public Safety Canada, acting as the national coordinating center for cybersecurity...

The business continuity management program (BCM) covers the prevention, response and organization of actions required after an event which could significantly disrupt business operations. This ongoing program is more than an IT recovery plan. Here are the steps and components of a BCM, their relationships and the winning conditions necessary to implement such a program within a company. Governance...

Ransomware is one the many scams that Internet users dread. Once this type of malicious program is installed, it asks the user for “ransom” to unlock the computer, using various pretexts and pretending to be a local police authority. In one case, a user clicked on a malicious link and was bombarded with pornographic pop-ups. The user attempted to restart his computer, when he received a message...

Cloud computing services require special attention in regards to information security and privacy. This is especially important when using credit card data while cloud computing in order to meet PCI-DSS ("Payment Card Industry – Data Security Standard") standards. To this end, the SSC ("Standard Security Council") published a document entitled “Information Supplement: PCI DSS Cloud Computing...

Nowadays, information security is a very common term used in the business world. Previously, security was simply a matter of installing a firewall to protect a corporate network by adding barriers to prevent intruders from access it. In the last few years, information has become electronic, or should I say virtual, in its primary form. What used to be on hard copy or paper form is now stored...

What is the value of the information stored on your computer equipment or paper documents? What would the impacts be if your personal or confidential information fell into the wrong hands (e.g. financial loss, loss of image / reputation, regulatory or legal non-compliance)? Can you be certain that a proper destruction method was used on the information (whether in digital or paper form) to ensure...