The beginning of the new financial year is a great time to analyze our biggest strengths and

weaknesses on the cybersecurity front. The March Cyber Brief places a special focus on the
need for diversity and inclusion in cybersecurity, which also emphasizing on the various new
threat areas that need more attention. We hope that this issue will address those questions
about cybersecurity that have remained unanswered, until now.

Access EC-Council's Cyber Brief - Feb 2021 here

Chief Information Security Officers

Webinar
Mansi Thapar

IT Leader, Head – Information Security

at Jaquar Group

HOW TO NAVIGATE YOUR

FIRST 90 DAYS AS A CISO

WATCH NOW

Blog
BUSINESS INFORMATION
SECURITY OFFICER (BISO) –
ALL YOU NEED TO KNOW

A Business Information Security

Officer (BISO) is a senior security
leader assigned to lead a group or
business unit’s security policy...

READ MORE

Blog Blog
WHAT IS IDENTITY AND REGULATORY COMPLIANCE:
ACCESS MANAGEMENT (IAM)? HOW TO STAY ON THE RIGHT
SIDE OF THE LAW

In enterprise IT, Identity and Access Every organization faces the

Management (IAM) is about key requirement of adhering to
identifying and... government-set guidelines and...

READ MORE READ MORE

Blog Blog
WHAT IS COMPLIANCE WHAT IS CISO? ROLES,
TRAINING? DOES IT REALLY RESPONSIBILITY, CAREER,
MATTER? SALARY AND REQUIREMENT
FOR BECOMING CISO

How often have you heard the Have you ever wondered what
term compliance training and... is CISO? What is their Job?...

READ MORE READ MORE

Ancillary Page
What Is
Risk Management?

READ MORE

Blog
WHAT IS VENDOR RISK MANAGEMENT
(VRM) AND WHY WE NEED THEM?
Third-party services are crucial to
every organization...

READ MORE

Whitepaper
WHY ORGANIZATIONS NEED STRONG
CYBERSECURITY RISK MANAGEMENT
CAPABILITIES
With the increase in usage of network and
cloud technology...

READ MORE

Incident Handlers

Infographics

CYBERSECURITY INCIDENT RESPONSE

5 DO’S & DON’TS OF EFFECTIVE INCIDENT RESPONSE

Collect volatile data and other

critical artifacts from the Panicking makes things worse
system using forensic tools

Collect external intelligence Never shut down compromised

based on Identified Indicators systems
of Compromise (IOC)

Secure systems and other Never discuss the incident with

media for forensic collection others unless otherwise directed

Never use domain admin

Gather appropriate logs at both
credentials to access the
network & end point level
systems environment

Communicate with potential Never execute any non-forensic

customers and stakeholders software on compromised systems

READ MORE

Slideshare HOW TO
TROUBLESHOOT HOW TO TROUBLESHOOT
SECURITY INCIDENTS SECURITY INCIDENTS IN A
IN A CLOUD CLOUD ENVIRONMENT?
ENVIRONMENT?
READ MORE

Blog Blog
WHAT IS INCIDENT RESPONSE HOW TO USE OSINT TOOLS FOR
LIFE CYCLE? EVERYTHING YOU BETTER INCIDENT RESPONSE
NEED TO KNOW

Incident response is a plan for Open-source intelligence (OSINT) is vital

methodically responding to a to understand incident response in
cybersecurity incident... today’s cyber world...

READ MORE READ MORE

Infographics
SKILLS REQUIRED TO BECOME AN INCIDENT RESPONSE ANALYST
SKILL REQUIRED TO
Forensic software Cloud computing
BECOME A SUC-
CESSFUL INCIDENT eDiscovery tools Network communication

RESPONSE ANALYST based on IP and TCP,

System monitoring UNIX

tools
READ MORE
Backup techniques Windows, Linux, etc.,

Blog

WHAT ARE THE TOP DO YOU KNOW HOW CLOUD INCIDENT RE-
CLOUD COMPUTING TO RESPOND TO AN SPONSE AND BEST
THREATS AND HOW INSIDER THREAT? PRACTICES
TO AVOID THEM?

An estimated 70% of This is the era of Most businesses have

businesses are using... technology, competition... started moving their...

READ MORE READ MORE READ MORE

PHASES TO BUILD A
ROBUST INCIDENT
RESPONSE PLAN
Ancillary Page READ MORE

Whitepaper
INCIDENT HANDLING AND RESPONSE FOR
BEGINNERS: A STEP-BY-STEP GUIDE
Computer security incident response systems
have not just become a backbone of IT
enterprises...

READ MORE

Blog
WHAT IS INCIDENT MANAGEMENT?
HOW DOES IT HELP?
Imagine a scenario where internet connectivity
is lost for a day due to a denial of service attack.

READ MORE

Blog Blog Blog

WHAT ARE THE TYPES WHAT ARE THE HOW TO CREATE A

OF INCIDENT SECURITY RESPONSIBILITIES OF A SUCCESSFUL INCIDENT
AND HOW CAN YOU SUCCESSFUL INCIDENT RESPONSE PLAN
MITIGATE SUCH RISKS? RESPONSE TEAM?

Detecting incident security There are many risk and The threat landscape is
events as soon as... threat management... evolving every day...

READ MORE READ MORE READ MORE

SOC ANALYSTs

Blog
WHAT IS CENTRALIZED LOGGING AND
WHY IS IT IMPORTANT?

In the event of a cybersecurity

breach, logs play a crucial role in
various activities...

READ MORE

Blog

WHAT IS THE ROLE OF A THREAT

INTELLIGENCE PLATFORM IN A
SUCCESSFUL SOC?
The rise of cybersecurity threats and the
large volume of data involved...

READ MORE

Blog

WHAT IS SOC 2 TYPE 2 CERTIFICATION?

Data security has always been

important for organizations,
especially so for business...

READ MORE

Infographics

EC-Council

ALERTS BY:

IT Dept's
Simplified
Help Desk (Users) SOC Analyst Roles
Security Intelligence Platform

TIER 1 ANALYST (Triage) TIER 2 ANALYST (Investigation) TIER 3 ANALYST (Threat Hunting)

Monitor event logs Finding nature of threat Support incident response &
looks for Forensic & telemetry
Basic Investigation and Co-ordinate a response to data
Mitigation remediate the issue
Prevention
Opens tickets, closes false Mitigation / recommends
positives changes
Mitigation / recommends
changes

Threat Hunting

Counter intelligence

Malware Reverser
READ MORE

Blog
WHAT IS A SOC AND HOW DOES A
SUCCESSFUL SOC WORK?
The primary function of a Security
Operations Center (SOC) is to prevent...

READ MORE

Blog
TOP 8 CHALLENGES FOR SOC
TEAMS IN 2021
Data protection is a major challenge
for organizations working online...

READ MORE

Infographics
WHY DO YOU NEED Why need a Security Operation Center for Healthcare Organization
SECURITY Since a SOC monitors everything that’s
going on with the network, most likely
via a SIEM, a SOC analyst can

OPERATIONS CENTRE investigate whether an anomaly is

malicious or not. If it is malicious, they
will be able to respond to it accordingly.

FOR HEALTHCARE Another aspect of greater network

visibility is seeing exactly what devices
Faster incident response
ORGANIZATIONS? are on the network and their status. If a
device has an out of date virus
definition or unauthorized software
If a healthcare organization just has
installed, that device can be
anti-virus software installed on every
quarantined until everything is resolved
device, an attacker can gain access to the
network outside of business hours. This
READ MORE Greater network visibility can be done via a multitude of ways,
including social engineering and/or an
APT. But if a SOC analyst is watching the
network 24/7/365, they can react
immediately to any kind of threat.

Infographics
Why there is a workforce gap in SOC?
WHY THERE IS A
Lack of planning
Many organizations lack strategic planning with WORKFORCE GAPIN
respect to cybersecurity. Right steps are not taken
to nurture the talent needed for these roles. Lack of understanding of the
career graph
SOC
Despite the predominance gained by this
domain, enterprises still lack the understanding
The skill and experience debate of proper role mapping in a SOC team. This often
leads to dissatisfaction in jobs which ultimately
There are mixed opinions on the career graph of a
results in a stressful situation.
SOC team. Many cyber professionals feel that they
do not have a well-defined career path as some of
them bank on the prowess of their skills
whileanother bunch vouches for hands-on Improper training READ MORE
experiencecoupled with the right certification.
The most common and most alarming reason for
this skill gap is the lack of training and relevant
certifications due to which cybersecurity
professionals feel constrained in their growth in
an organization.

Blog

3 PRIMARY ELEMENTS OF A CYBER-

SECURITY OPERATIONS CENTER

With so many headlines talking about

the rise of cyber threats, it’s no surprise
that organizations are looking to create
Cybersecurity Operations Centers

READ MORE

Threat Intelligence Analysts

Infographics Infographics

EC-Council
CYBER THREAT INTELLIGENCE PROFESSIONAL
– 4 KEY CAPABILITIES
Threat Motivations from Insider
Must be able to deal with the different types of threat
intelligence
strategic threat intelligence, operational threat intelligence, tactical
threat intelligence, and technical threat intelligence.
Personal Gain

Must have the skill to collect data from IoCs Business Financial Gain
Advantage
Possible only when they are aware of the different types of threat
intelligence tools, report writing tools, threat modelling tools and
methodologies

Must be proficient when collecting data

collecting data through the Google Hacking Database and other
search engines, web services, website foot printing, DNS Professional Professional
interrogation, and other techniques Sabotage Revenge

Must be able to form a report

One of the most crucial capabilities is being able to report this found
data to management so that appropriate action can be taken. Employee
No Motivation / Carelessness
Discontent

CYBER THREAT INTELLIGENCE COMMON INSIDER THREAT

PROFESSIONALS – MOTIVATIONS
4 KEY CAPABILITIES
READ MORE READ MORE

Slideshare

6 Most Popular Threat

Modeling Methodologies

READ MORE

Blog
PROTECT YOUR SECTOR: THE
IMPORTANCE OF THREAT SHARING
Essentially, threat intelligence is the
compiled data that can be circulated...

READ MORE

C T IA Infographics
Popular Open-Source Certified Threat Intelligence Analyst

Threat Intelligence Platforms

Talos Intelligence
Safe Browsing POPULAR OPEN-SOURCE
InfraGard Portal
THREAT INTERLLIGENCE PLATFORMS
Spamhaus
VirusShare Malware Repository
Ransomware Tracker
READ MORE
VirusTotal

Infographics Login Anomalies

Increase in database
read volume

Indicators of
INDICATORS OF COMPROMISE
Compromise (IOCs) C T IA Huge HTML response

(IOCS)TO WATCH OUT FOR to Watch Out For

Certified Threat Intelligence Analyst

Identifying web traffic

READ MORE
Mobile setting changes

Forensic Investigators

Slideshare Infographics

How to become a 4 Ways Digital Forensics Helps

Digital Forensics Investigator Solve Cybercrimes

READ MORE READ MORE

Blog
DO YOU KNOW WHAT IOT
FORENSICS IS AND HOW IT

With the introduction of the

Internet of Things (IoT)...

READ MORE

Blog
5 SKILLS YOU NEED TO BECOME A
CYBER FORENSICS EXPERT

Does the word “investigation”

give you goosebumps?...

READ MORE

5 OF THE HIGHEST- PAYING Infographics

COMPUTER FORENSICS JOBS
How to become a
Avg. Salary Jobs Available
Digital Forensics Investigator
Job Title
(PayScale) Worldwide (LinkedIn)

Forensic Engineer $85,825 / year 78,054

READ MORE
Cybersecurity
$76,626 / year 10,527
Analyst
Forensic
$69,202 / year 4,098
Accountant
Forensic Computer

Infographics
$74,388 / year 3,286
Analyst
Information Security
Specialist $76,846 / year 2,022

6 ANTI-FORENSIC TECHNIQUES THAT CYBER

*Updated numbers as of February 2021.
INVESTIGATORS FEAR
ENCRYPTION
1 The data is converted into an unreadable format (“encrypted
data” or “ciphertext”) using a pair of keys.

STEGANOGRAPHY
2 The act of concealing data in plain sight.

TUNNELING
3
How to become a This method uses encapsulation to allow private
communications to be exchanged over a public network.

Digital Forensics Investigator 4

ONION ROUTING
The process of sending messages which are encrypted in layers,
denoting layers of an onion, is referred to as onion routing.

OBFUSCATION
READ MORE 5 A technique that makes a message difficult to understand
because of its ambiguous language is known as obfuscation.

SPOOFING
6 The act of disguising communication to gain access to
unauthorized systems or data.
Network Defenders

Blog Blog Blog

5 REASONS WHY AN 3 ADVANTAGES A 5 NETWORK SECURITY

IT/NETWORK NETWORK DEFENDER BASICS FOR A SAFE
ADMINISTRATOR SHOULD HAS OVER A REMOTE WORK CULTURE
THINK BEYOND MCSE NETWORK ADMIN IN 2021

IT/network administration The internet and wireless Remote work is a risky

has always been... connectivity have so much... affair. While it has proven...

READ MORE READ MORE READ MORE

Penetration Tester

Blog Blog
9 SECURITY RISKS THAT WEB WHY KNOWLEDGE OF NMAP
APPLICATION PENETRATION IS IMPORTANT TO LAND GOOD
TESTING CAN FIX PENETRATION TESTING JOBS

Website penetration testing Penetration testing is one of

is the most secure... the most popular career...

READ MORE READ MORE

Blog Blog
WHY CPENT IS THE MOST 3 MISTAKES YOU SHOULD
COMPREHENSIVE AVOID WHILE CREATING A
PENETRATION TESTING PENETRATION TESTING
CERTIFICATION PROGRAM REPORT

If there is one practice that In a world where cybersecurity

businesses have started... threats are looming...

READ MORE READ MORE

Blog
HOW PENETRATION TESTING
CERTIFICATION CAN BOOST
YOUR CAREER AS AN IT
PROFESSIONAL
The last five years have seen
an exponential rise...

READ MORE

Whitepaper
HOW TO SECURE YOUR
CONTAINERS: A CLOSER
LOOK AT DOCKER AND
KUBERNETES
Containers technology is
currently trending in the...

READ MORE

Ethical Hackers

Blog
INTRODUCTION TO ETHICAL HACKING
AND PENETRATION TESTING

The demand for ethical hackers has

grown in the last few years...

READ MORE

Blog
PRETEXTING IN CYBERSECURITY:
WHY THIS SOCIAL ENGINEERING
THREAT IS DANGEROUS
Social engineering attacks have increased
as circumstances have changed...

READ MORE

Slideshare

Certified Ethical Hacker

CEH v11

READ MORE

Blog

BEST PLATFORMS TO 5 TIPS TO SELECT CYBERSECURITY

LEARN THE BASICS OF THE BEST ETHICAL THREATS: WHAT ARE
HACKING AND HACKING TOOLS DDOS ATTACKS AND HOW
PENETRATION TESTING CAN YOU AVOID THEM?

Cybersecurity has Ethical hacking has Cybersecurity threats have

emerged as one of the... become a popular career... become more...

READ MORE READ MORE READ MORE

Webinar
Irene Corpuz

Co-founder of the Women in Cyber Secu-

rity Middle East (WiCSME)

Why Risk Management Techniques

Are Important in Ethical Hacking

WATCH NOW

Blockchain Professionals

Blog
4 REASONS WHY DESIGNERS NEED
BLOCKCHAIN AND FAST
In the last few years, the blockchain
industry has been...

READ MORE

Blog
5 SKILLS THAT YOU NEED TO BECOME A
BLOCKCHAIN DEVELOPER

Blockchain technology is gradually

revolutionizing...

READ MORE

Blog Blog
HYPERLEDGER VS ETHEREUM TOP 4 BLOCKCHAIN RISKS
– WHICH BLOCKCHAIN A CIO SHOULD KNOW
PLATFORM IS GOOD FOR
YOUR BUSINESS?
Enterprises in every sector are
Blockchain is a revolutionary trying to adopt blockchain...
concept developed...

READ MORE READ MORE

Blog Blog
DESIGNING FOR BLOCKCHAIN: TOP 5 ENTERPRISE
THE 5 PRINCIPLES YOU NEED BLOCKCHAIN PROTOCOLS
TO KNOW YOU NEED TO KNOW

Blockchain is now regarded as Blockchain technology has

serious stuff... reached a milestone...

READ MORE READ MORE

Whitepaper Whitepaper

HOW BLOCKCHAIN MAKES IOT WHAT ARE FORKS AND

MORE SECURE COORDINATION IN BLOCKCHAIN?

IoT technology is increasingly Blockchain is a continuously

connecting multiple... developing technology...

READ MORE READ MORE

CISO MAG Interviews

Interviews

Interviews

Don’t be afraid to ask about

opportunities; fortune favors Never let anyone have you
the bold think that you cannot achieve
something because you are
READ MORE a woman

READ MORE

Interviews

Interviews

Empowering Marginalized
Voices in a Digital World
I personally believe girls are
naturally blessed analysts and
can make great research READ MORE
scholars

READ MORE

News from around the world

News
WhatsApp Trialing Encrypted
Chat Backups?

WhatsApp has been feeling the

heat of governments...

READ MORE

News
Wait! Read This Before You Post
a Story on Instagram

Instagram is currently hands-down

one of the most popular...

READ MORE

News

The Pandemic-hit World

Witnessed a 150% Growth
of Ransomware

READ MORE

News News

Is Google reCAPTCHA iOS Call Recording App

Really Secure? Allowed Snooping-in on Users
Conversations

Researchers found a security

Several cybersecurity experts have
vulnerability in the iOS...
reported an increase...

READ MORE READ MORE

News

NimzaLoader: Malware Written in

Rare Programming Language

Security experts uncovered a new kind

of phishing campaign in which threat...

READ MORE

News
Smart City Project in India Receives
a Ransomware Jolt

Based on an IBM security report,

India had recently gained...

READ MORE

Operation Diànxùn: Chinese Cyber News

Espionage Campaign Targeting
5G Operators
Cybersecurity experts discovered a cyber
espionage campaign targeting telecom...

READ MORE

News
Indian Transport Sector on Hackers’
Radar; CERT-In Warns

As a country with the second-largest

population and the third-largest economy...

READ MORE

Mamba Ransomware is Weaponizing

News
DiskCryptor: FBI

The FBI is warning users and organizations

about the Mamba ransomware...

READ MORE

ECCU

EC-Council Foundation Fellowship (ECCFF)

An openhanded tuition
assistance for students
pursuing a Bachelor of
Science in Cyber Security
(BSCS) or a Master of Science
in Cyber Security (MSCS) with
a minimum of 3.5 GPA.

LEARN MORE

President’s Scholarship for Women in Cybersecurity

A women-oriented program
that financially assists female
undergraduate and graduate
students to complete their
education.

LEARN MORE

CodeRed v2: The Experience Keeps

Getting Better and Better
Enhance your learning experience and truly take your career to the next level with
our latest features!

Pro: Gain unlimited access

Library: Access over 150+ courses
to our premium courses.
based on your preferences.
READ MORE
READ MORE

Microdegrees: 200+ hours of premium

Bundles: Pre-curated bundles videos and labs. 
created by our expert content team. 
READ MORE READ MORE

START YOUR LEARNING JOURNEY NOW!

Brought to You by EC-Council