• #Cybersecurity #Culture - #NCSAM

    Towards the end of his life, Benjamin Franklin penned a letter to a friend. Inside of it he coined one of his most popular phrases, “Nothing can be said to be certain, except death and taxes”. If he were living in our times Franklin would almost definitely add cybersecurity threats to the list. The news media has become a constant stream of reports regarding new breaches. This has in turn lead to a heightened awareness beyond the realms of IT security departments regarding the topic.

    This article is meant to serve as an introduction to the cultural mechanisms at work in the information security community. A number of elements assist in the development and spread of knowledge amongst the people that comprise it.


    There are a variety of compliance standards that are dedicated to many sectors of business. Whether your company is engaged in the exchange of money or financial services and must adhere to the Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX) as well as Gramm-Leach-Bliley Act (GLBA) or deals with medical records and must respect patient confidentiality through the Health Information Portability and Accountability Act (HIPAA) or is tasked with keeping the lights on by ensuring the integrity of the power infrastructure in accordance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP), there is a compliance standard that aids in keeping information safe. Even the federal United States government has its own set of regulations, Federal Information Security Management Act (FISMA), for agencies to conform with to work with it.


    While compliance standards are different from one industry to another, many of the basic concerns are the same. Protecting sensitive information and keeping systems secured are the critical functions of those employed and responsible for cybersecurity within an organization.

    Those that hold these types of positions should be looking to establish a formal security policy that is tailored to the organization’s needs. This process can’t be outsourced because it is unique and based upon objectives relevant to the company and industry it operates within to do business.

    Due in part to the publicity campaign surrounding the Heartbleed bug identified earlier this year, “Executives are now drilling down into information security staffs to inquire what is being done to maintain security,” remarked Robert Johnson, president and CEO of Cimcor. His company develops the file integrity monitoring software solution, CimTrak, and therefor deals regularly with many of the issues related to the compliance standards previously mentioned above.

    Those outside of the IT department need to understand what is at stake as well. So, employee training at any organization should be based on expectations for its usages of enterprise technology. “[We] need to welcome people to report that something is not correct in a system” Johnson noted.


    Conferences provide a great opportunity for those in the industry to meet as well as to learn about the methods and technology that provide the backbone to an enterprise’s networks and systems. For those looking to establish themselves as an authority in the industry, conferences become channels to position themselves as Thought Leaders. These events book professionals to become speakers as well as lead seminars, roundtables or become a member of a panel made up of experts. Another great advantage of these types of events is that vendors can connect with teams that are actively deployed in the field.

    Data Connectors is an organization that hosts events throughout North America in the United States and Canada. Their series provides a platform for product and service oriented information security industry businesses to connect with regional IT professionals within the context of an educational environment. For those in attendance, time spent in the conference room listening to speaker presentations is worth Continuous Professional Education (CPE) credit.


    As noted previously, each industry is different operationally on the ground. However, there are some common themes that exist amongst many of them. It is vital the IT teams stay aware of the best practices to protect a company’s IT infrastructure.

    “One of the biggest problems right now in companies are their networks being bogged down by employees that are online doing other things besides work,” said Dawn Morrissey Co-Founder and Managing Partner of Data Connectors. Risky online behavior can lead IT departments “to worry about spamming and phishing,” she added. Many organizations are looking for good methods to monitor what employees are doing and lock down networks to conserve bandwidth.

    One thing to begin with is to secure networked workstations so that social media sites are locked down. Another issue is that employees are looking to utilize their own tablets or smartphones on the company network. So generating a Bring Your Own Device (BYOD) policy would be valuable too. As users gravitate towards cloud services it will become important to put in place security measures to protect against threats that may emerge from their usage also.


    There certainly is a lot of development in this sector. It can seem daunting to know where to start in terms of learning the landscape of terminology and applications. Begin the process of becoming better informed about the industry by checking into Facebook and Twitter to search hashtagged terms such as #cybersecurity or #infosec. Through those platforms you will find a wealth of timely information from many companies and organizations that are committed to spreading the message of this quickly evolving and rapidly growing industry.



    Want to connect with other professionals? Look for a chapter in your region.

    ISACA: Founded in 1967, the organization is focused on IT governance. It serves more than 100,000 members in over 180 countries around the globe with certifications that are aimed at creating a community of well-informed professionals.

    ISSA: The Information Systems Security Association is a not-for-profit organization for IT professionals to network and learn about best practices in the field. There are regular meetings for members to increase their knowledge base. The organizations 10,000+ member come from more than 100 countries, internationally.


    To stay certified and well informed, many information security professionals must acquire continuing professional education (CPE) credits. 

    (ISC)2: The International Information Systems Security Certification Consortium is a non-profit organization founded in 1988. It awards 7 different certifications that require continuous professional education (CPE) to maintain a certification in good standing. 

    CISSP: More than 90,000 people hold a Certified Information Systems Security Professional certificate which is accredited and launched in 1994. It is even approved by the Department of Defense (DoD). There are ten different domains which include access control, network security, telecommunications, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity, disaster recovery, legal and regulations compliance as well as physical (environmental) security.

  • Cameron Banga | Cyberpunk Hacking & Security

    Cameron Banga Magnets Cyberpunk Security

    Keeping up with information technology can often be a tough and daunting task. In today's world of consistent and increasingly sophisticated online attacks it's essential for not only I.T. professionals, but essentially all users of technology to have some basic level of understanding with respect to internet data security.

    This harsh reality becomes difficult, as our dependence upon mobile phones, tablets and cloud services grows. In the past, due to limited internet access and rare access to mobile devices, individual users had very few ways in which attackers could gain priviledged access to a person's private information. But today, in an ever connected world of smartphones and wearable technology, the risk and available data has multiplied. Nearly every person today with a smart device of any sort lives in a world where personal banking information, private communications and detailed medical history are all available either on a physical device, or stored on a remote cloud server. And regardless as to where this data sits, it's often open for attack from many criminals across the planet.

    With these cold facts in mind, it's as important as ever for users to learn about how to best protect oneself on the internet. We live in a world that is becoming more connected every day, in so far that many people are now connecting their lightbulbs, garage doors, baby monitors, and even refrigerators on the Internet-of-Things (IoT). Not only will a potential robber know when you post pictures of your beach vacation on Facebook, but it will become inevitable that they'll be able to potentially know when the food in your house expires all through elaborate internet attacks, making it increasingly easy to avoid food poisoning when grabbing a quick snack while stopping to take valuables.

    As much as this sort of full out personal cyber warfare seems like science fiction and implausible, it's important to understand as an individual user, the gravity that accompanies a future where every private detail of our seemingly mundane lives is logged and tracked through smart devices. There is a lot of potential risk involved, which makes it increasingly important to become educated and remain current on internet privacy and security issues.

    As such, it was an honor and extremely enjoyable opportunity to talk about computer security, hacking, and our connected future during a Duneland Innovators Meetup. The most crucial key to personal information security is education. Technology moves extremely fast, and it's essential to remain current with potential risks and concerns. Thus, giving a talk to like-minded individuals locally was a great way to hopefully encourage others to take such considerations seriously. It's my hope that with continued discussions in the future, and increased interest and communication amongst technology enthusiasts locally, we can use such dialog to create a strong body of technology literate, security concerned computer users here in Northwest Indiana. And that over time such a group helps to keep fellow region citizens educated and safe.

    Cameron Banga | Cyberpunk Hacking & Security

    Cameron Banga speaks on Cyberpunk #Hacking & #Security in this #video#tech #nwIndiana #infosec

    Posted by Duneland Innovators on Thursday, January 7, 2016
  • Data Breaches & Modern Consumers

     Retail shopping consumer data security

    Information Security in the Public Eye 

    While IT security specialists have been diligently watching the industry evolve for years now, the average citizen has only recently become aware of the day- to-day risks. Residing in the most popular gaming devices, mobile apps & stores are threats that could compromise users’ personal data. Many times, without a second thought, people supply their information to these systems without thinking of the potential future consequences. 

    Over the course of the last year a number of stories have become almost common knowledge at the household level. Stories involving Edward Snowden, Target and Valve’s Steam gaming platform are making cyber security a regular topic of conversation in coffee shops and business environments where it previously was not a top concern. 

    When Retailers are Compromised, Consumers Pay 

    Payment card information security POS

    Hackers have been breaking into servers to steal consumer data for quite some time; it is not a new headline. However, the effects and public awareness are growing at an increasing rate. Adding to those threats are unscrupulous programmers that are releasing malicious software known as malware into the technology ecosystems of online retailers and physical enterprises that compromises information security as well. Point-of-sale (POS) have become headline making targets in the world of cyber-crime. 

    The Target breach that was announced in December of 2013 affected millions of buyers[1]. It has grabbed headlines across nearly all forms of media and pushed the issue into the collective conscious. The full ramifications of this incident are still being revealed as the story develops. 

    The Neiman Marcus breach affected a far smaller number of people than the previously mentioned one that hit Target buyers [2]. Over one million shoppers appear to have fallen victim to the data loss that hit this high-end retailer. 

    Robert JohnsonLuckily there are solutions available to aid in staying secure to comply with the Payment Card Industry Data Security Standards (PCI-DSS). CimTrak, a cyber security solution that helps to keep enterprise data secure, is developed and marketed by Merrillville, IN based Cimcor, Inc. Cimcor President and CEO Robert E. Johnson, III had the following to say about recent cyber-security threats. “As threats to IT security rapidly multiply, it is simply not enough for organizations to be compliant with standards such as PCI. They simply must go above and beyond, making IT security a key component of their business strategy.” 

    In the wake of the breaches that dominated the 2013 holiday shopping season, the FBI issued a warning to retailers in January of 2014. Some industry professionals expect to see approximately 1 major breach a month[3] 

    Mobile Apps are the Wild West

    New frontiers in the digital environment are smartphones and other mobile devices with apps designed to run natively on a variety of different operating systems. This creates opportunities for hackers to exploit a coding flaw. Recently the ephemeral media and communication app Snapchat suffered a security breach[4]. This particular situation made privacy and security seem to be untenable and equally fleeting as the photos that users shared. 

    A major concern that has evolved with the emergence of smartphones is the security of banking apps. Banks appeared to be ahead of the curve with all of their identity fraud awareness commercials over the last few years. However, mobile is a new frontier that will require additional efforts. Finance is always an appealing target, it seems Hollywood lifts their stories from the news sometimes. Even the crowd-funding startup focused community Kickstarter disclosed a recent breach. Though, at this point it seems as if no sensitive user data was taken. 

    Gaming Section 

    The April 2011 hack of the Sony PlayStation Network, considered the worst gaming data breach ever, involved more than 77 million gamers[5]. The people that were responsible for it gained access to a treasure trove of personal data and credit card information. The group of hackers that were responsible has not yet been discovered and in the meantime other sites such as Steam and Battle.net have suffered similar fates. 

    Towards the end of 2013 a number of new compromises were made public. Perhaps the most extraordinary occurrence happened to The League of Legends (LoL), a popular online game. The service was knocked out of commission for several hours on December 30[6]

    Allegedly, the attack was not malicious, just mischievous. It was also partially aimed at 25-year-old US pro-gamer James Varga, aka “PhantomL0rd.” By following the rest of the saga, it becomes apparent that the group responsible did cross the line. When James Varga shared his views about the attack on the gamer video- streaming platform Twitch.tv with his 367,000 followers, things got nasty. 

    The hackers took to Twitter taking credit for LoL and other game takedowns including Valve’s Steam platform, EA’s Origin network and Blizzard’s Battle. 

    net service (which supports online gaming for popular games such as StarCraft II). Additionally, the group leaked Varga’s personal information including his home address after he observed server issues and opened direct communications with one of the alleged hackers. 

    A phone call lead police to believe hostages were being held at Mr. Varga’s home. He was arrested and handcuffed as over one dozen armed police searched his home. Varga was finally released after the police determined the call was fraudulent[6]

    At this point, nothing seems to indicate that these attacks involved any user data exploitation, other than the personal information displayed on the web about Mr. Varga. However, they do expose the frailty of the gaming networks security standards. 

    What can consumer based companies do? 

    This type of cybersecurity breach can affect information about emails, user names, user data, home addresses, purchase history, credit cards and logins along with passwords. All these examples illustrate that having the strongest information security safeguards in place for consumer level products and services is critical. 


    [1] http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
    [2] http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/
    [3] https://blog.softmart.com/2014/01/29/report-fbi-warns-retailers-of-more-cyber-attacks/

    [4] http://blog.snapchat.com/post/72013106599/find-friends-abuse
    [5] http://www.telegraph.co.uk/technology/news/8475728/Millions-of-internet-users-hit-by-massive-Sony-PlayStation-data-theft.html
    [6] http://www.forbes.com/sites/insertcoin/2013/12/31/attack-on-twitch-streamer-shuts-down-riot-and-ea-servers-attracts-police/ 

  • Kim Hakim | Data Connectors Conferences

    On March 20th, Data Connectors brought their tech security conference to the Hyatt Regency at McCormack Place in Chicago, Illinois. The organization is a women-owned and operated company based in St. Louis, Missouri that hosts events all over North America including the United States and Canada.

    Though they do not host an event in northwest Indiana, their dates in Chicago and Indianapolis regularly attract attendees from the region. There are typically between 40 and 60 vendor booths from some of the largest tech security firms in the industry on display. Additionally, speakers from the host city are invited to give keynote presentations on topics such as cloud services, email security, VOIP, LAN security, wireless security and many other critical topics in the front of their peers.

    Co-Founder Kim Hakim sat down and gave Duneland Innovators some time to discuss Data Connectors origins and where they might go next. “We started about 15 years ago. The business really took off after 9/11. - We deal with all the major industry leaders in security, anyone you’d see on the shelves in Best Buy” Hakim continued with the follows comments, “Before this company I was in data sales, I was networking with some that was doing this. - We started with McAfee, they wanted us to do a series of events with them.” Things really took after after that, she added, “We do this conference in 52 cities all over the United States and Canada America, 1 or 2 shows a week.”

    When asked about further goals for the future Kim said, “We’ve pretty much tapped everything in North America. - I just had a few gentlemen walk up a few minutes and ask if we’d be interested in going to Saudi Arabia or Dubai. We’d probably continue to grow overseas."

    As mentioned in an earlier piece that focused on the CES event in Las Vegas, conferences that bring together industry professionals would be a valuable addition to the northwest Indiana region. These types of events would aid in putting our region on the map and make it a larger factor in discussions that go around the country. If you are interested in attending the next Data Connectors event near our area it will be August 21st in Indianapolis.


    Dawn Morrissey @MorrisseyDawn Managing Partner of Data Connectors @DataConnectors talks about how they got startedhttp://bit.ly/1sTooPo

    Posted by Duneland Innovators on Sunday, May 17, 2015
  • Meet Jeff Stoppa

    Hello internets! My name is Jeff Stoppa, a brand new face at Mystic Waters Media. I’ve grown up in the northern Virginia suburbs, living totally within the town of Woodbridge most of my life. I went to High School at Woodbridge, and during my junior and senior years was part of a program called Project Lead the Way which involved engineering and electrical projects. I attended Northern Virginia community college from 2007 to 2011 to obtain my associate degrees, one in Information Technology and a second in business administration.

    I've been trying to gain a well rounded knowledge base in everything from java programming, marketing, economics, accounting as well as a wide sampling of general technology classes. I’m currently attending George Mason University in the applied Information technology program, with a concentration of Information Security. I consider myself competent in many skill sets but an expert of only a few. What I do excel at is problem analysis and solving, given only a short period of time and instruction I'm able to divide and conquer!

    I’m really looking forward to expanding my knowledge with technology and what the world is going to develop with 3-D printing and “smart” devices. There is almost too much to try and focus on but I really would like to see what happens to the human landscape regarding the technology coming down the pipeline. 

  • Pursuing an IT Degree

    Going to college for Information Technology has been a daunting and lengthy task for me. However, the experience has prepared me to enter a field that is expanding rapidly. The classes at George Mason University specialize in a wide range of subject matter, such as IT in the Global Economy. That course examined the influence of globalization on information technology trends. Another singular class that followed this example is Computer Crime & Forensics, it took an in depth look at both the human aspects and engineering of these two sub topics. This particular class focused on decryption and analyzing problems rather than basic memorization. This can add a lot to the atmosphere of the classes, and makes the knowledge applicable to working in the field. That is one of the most enjoyable aspects: the engaging, thought provoking conversations. 

    On the other side of the coin are the non-core classes, those not directly related to security but required for a four year degree. The grading methods can be unforgiving in those classes.  The trend seems that classes of this nature are packed with memorization and are set up to weed out students. In some cases, 1% of the final grade is equal to a single question on an exam.  My experience with this type of environment has been hit or miss and depends heavily on the subject matter in question.

    However, studying other subjects has its benefits as well. Classes such as accounting and statistics allow students to better analyze and digest raw data from other sectors of the professional world. This gives students a broader understanding of how decisions are made within a business and an industry. Overall I feel as you go deeper into the curriculum, classes become a more stimulating experience and provide an overall better understanding of information security. 

  • Security & Privacy in the Mobile Age

    mobile device security privacy

    Setting the Scene

    It was a cool, brisk Autumn evening. My contact had agreed to meet and discuss the subject of this article in a well-lit, public space. After purchasing some smoothies, we sat down outside to conduct the interview.

    Cameron Banga is an app developer that works in both the iOS and Android platforms. Though he champions Apple's product line, Banga feels that both of the market-dominating mobile platforms are on equal ground when it comes to the data security of their customers.

    Cameron Banga 9MagnetsWith that said, the responsibility of data security and privacy starts with us as users. “Given the power with these mobile phones today we have an exponential conflict that’s occurring when it comes to keeping yourself private and secure versus the messaging abilities we have,” Banga noted before continuing, “the problem is we have a computer in our pocket that goes with us 24/7 and is always connected and knows everything we’re doing.”

    One of the most important components in the relationship between tech companies and their customers or users is the concept of transparency. In order to maintain trust, companies must be open about not only what data they are recording but also how they are putting it to use. In the wake of the revelations the former CIA system administrator Edward Snowden revealed last year, the typical mobile device user is now more aware of the government's access to their devices as well.

    “Users need to know, if you put something on a server that you don’t have control of and you didn’t encrypt yourself, if that ever ends up in the public access or domain, don’t be surprised,” Cameron remarked.


    HTTPS – Hypertext Transfer Protocol Secure adds an additional layer of protection with SSL/TLS to improve the security of browsing sites on the web. Also, this protocol encrypts communications between servers and clients communicating with them. So look to see if the sites you surf are using this standard.
    PGP – If securing data is a behavior you want to make second nature, then find an easy solution. Pretty Good Privacy (PGP) is a standard that has been around for 20+ years and allows users to encrypt their own data for storage or transmission purposes.

    It is important to note that accountability extends beyond the consumer base of gadgets as well. Companies have a responsibility to make sure their databases as well as the security measures of third party contractors or B2B relationships are aware of how to keep things such as APIs secure. With all of the data security incidents that have occurred through the last year, extending back to the Target breach in late 2013, there is a sense that on a consumer-level, cyber insecurity awareness is reaching a boiling point.

    “What is the scale of data breach that you think is going to make it hit that tipping point? If it’s not Target, if it’s not Home Depot…”, I asked him. “I think it’s a personal data breach. I really think what it’s going to be is a Snapchat having a whole database of photos leak. It would be huge”, Cameron replied. Soon after this declaration, we headed off in separate directions to attend to other commitments for the evening.

    Then it happened…

    Just a few days later it was announced online that a cache of Snapchat photos that had been backed up via the third-party service Snapsave had been compromised. The guilty party had revealed the hack bringing the debate regarding the concept of “ephemeral” media to the forefront. Within days thousands of “private” images flooded the Web.

    Are We Ready to Turn the Corner?

    It’s going to take a lot of continued efforts to create an improved understanding of the best practices that are necessary when it comes to protecting personal private data. The emergence of smartphones and mobile culture has generated an environment of lax personal identity security that is ripe for those with the skills to exploit it.

    Mobile Messaging

    FireChat - An app that allows device users to communicate with one another via Bluetooth or Wi-Fi. It does not need to utilize any cellular network to work. Therefore, users can still communicate if cellular networks are down for whatever reason.

    Protesters in Hong Kong used this messaging tool to stay off the overburdened grid and stay in touch with each other. The more concentrated the users, the stronger the network.

    Cyber Dust - An app that seeks to give text message users more privacy. The app works similarly to regular texting or messaging app for sending text. However, messages that are sent are not saved by the sender, and deleted automatically soon after they are red by the receiver. The information is not stored on any local drive or server, and no previous conversation gets saved. Championed by Mark Cuban.

    Screenshots are still possible, which has always been a contentious issue for and feasible with Snapchat as well. Like in the old mobster movies: if you want something to stay within the boundaries of the people involved (and perhaps the few people they whisper secrets to), do it in person.

    Dawn Morrissey Data ConnectorsHowever, there are measures that can be taken to improve our security posture at the personal level. Dawn Morrissey, Managing Partner of Data Connectors (a technology security event series), provided a few tips that she has picked up managing events on their event circuit.

    “When you’re installing apps make sure they are coming from recognizable companies because there are a lot of apps that can infect your phone. Be aware of what permission you’re granting. For example if it is asking for GPS information or access to all your photos,” Morrissey noted. “[Smartphones] should be treated like a wallet and be password protected.”

    Robert Johnson Cimcor CimTrakRobert Johnson, President and CEO of Cimcorand producer of CimTrak (an IT security software suite), added the following thoughts, “Mobile devices contain your most personal data but in essence they are computers. They are extremely complex operating systems. Those operating systems, just like all others, need to be patched. They need to be at the latest version at all times. That’s a critical part of a person’s strategy for their personal mobile devices.”

    The truth is that no matter whether it is a banking app, social media network or simply a messaging channel, we need to make sure that we take the steps that are necessary to keep ourselves and data safe. As it has always been, information in the wrong hands can be used against us.

    Furthermore, it is not just on individuals to improve. Companies and organizations must commit their efforts to transparency and disclosure regarding how they are storing and using client or users data as well. Perhaps one of more important undertones regarding the “Snappening” and the iCloud celebrity photo leak is that there needs to be a better and louder dialog between service providers and the population they serve about protecting information together.

    1 Extra Step

    As consumers and creators of content that travels the Internet, it is in our best interest to take one extra step to safeguard our presence online. How this manifests itself will vary for each person. It might be strengthening passwords or encrypting sensitive data. It could be teaching our parents to recognize social engineering scams or illustrating to our children why it’s a bad idea to sext their friends. Whatever the measures, we all need to go a little further to secure the future.

  • The CimTrak Compliance Solution

    The news headlines over the last calendar year have put cyber security front and center. Due to individuals like Julian Assange and Edward Snowden, the topic has increased traction in government and military circles. Breaches to retailers such as Target and Neiman Marcus are making it a major topic of conversation for the business community as well. As the effects trickle down, consumers are feeling the pain too. When their personal information is stolen, it is often the result of a hacker or malware that is compromising the integrity of computer servers or point-of-sale (POS) machines.

    One locally-based company is making an effort to protect these units and other systems to keep them secure. Cimcor produces the CimTrak file integrity monitoring software suite from their corporate offices in Merrillville. While it is an excellent solution for the Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, CimTrak is also used by the energy industry in North America to meet North American Electric Reliability Corporation (NERC) compliance and the healthcare industry for compliance with the Health Insurance Portability and Accountability Act (HIPAA).

    The most recent version of CimTrak, released in December of 2013, introduced the ability to track file reads and prevent file writes. This is in addition to a restore functionality, which automatically replaces deleted files from a saved backup copy. Imagine being able to instantly bring back a file you had accidentally deleted and you can start to understand the power of the CimTrak solution.

    CimTrak is used by organization around the world to secure their IT environments It is comforting to know that a local company like Cimcor is working to make sure our personal information stays secure.

    Visit their site to learn more: www.CimTrak.com