Connect with us

Cyber Security

Pending Data Protection and Security Laws At-A-Glance: APAC

Published

on

In our continuing quest to provide a global overview of cyber-related legislation and regulation we have focused on the latest laws protecting PII in the United States, Regulation through Global Data Protection and Security Laws, and APAC Data Protection and Security Laws. This is an overview of 3 soon-to-be-enacted regulations that will change the APAC data privacy legal landscape.

CHINA

On June 1, 2021, the National Standard of Information Security Technology – Guidelines on Personal Information Security Impact Assessment will go into effect. According to global law firm Detons, “The Guidance aims to guide the assessment of the potential impacts on individuals’ rights and interests as well as the effectiveness of security protective measures adopted when carrying out personal information processing activities, which is similar to the data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (GDPR).”

Draft PIPL

On October 21, 2020, a draft PRC Personal Information Protection Law (Draft PIPL) was published for review. Similar in many ways to GDPR, the PIPL, if passed, will require:

  • Organizations outside China that fall within the PIPL’s scope are required to appoint representatives or establish entities within China responsible for the protection of personal information
  • Personal Information Processors are required to perform and maintain a record of risk assessments where processing activity may have a significant impact on individuals, including international transfers of personal information, processing of sensitive personal information, automated decision-making, and disclosure of personal information to third parties.
  • That the processing of personal information must be lawful. In other words, there must be a legal basis for processing data such as consent
  • Individuals are informed that processing is happening, to restrict or object to the processing of their data, and to obtain a copy of, update, or delete their information.

Furthermore, it outlines strict requirements for international transfers of personal information. In addition, penalties for noncompliance have yet to be finalized but are so far rather austere. Proposed sanctions include the suspension of business activities and revocation of business permits or licences, the “blacklisting” of companies and fines up to 5% of a company’s yearly earnings. 

JAPAN

On June 5, 2020, the Japanese legislature passed several amendments (“Amendment Act”) to the Act on Protection of Personal Information of Japan (“APPI”) created to expand protections for personal data and impose new obligations on all businesses that use personal data for business purposes, including non-profit organizations.

Slated to go into effect the spring of 2022, one of the major changes it will bring about are new provisions expanding an individual’s rights to require the deletion or disclosure of personal information (‘PI’):

  • where there is a possibility of violating the data subject’s rights or legitimate interests
  • in the event of a breach of the APPI via transfer to a 3rd party
  • to include short-term data which is kept for 6 months or less; and
  • allowing the data subject to request the format of the disclosure of their data, including in a digital format.

India

Inspired by GDPR, India’s Personal Data Protection Bill (PDP) was introduced to overhaul India’s current data protection regulations outlined in the Information Technology Act of 2000. As that act was mainly concerned with ensuring the legal recognition of e-commerce within India, it does not include specific legislation on data protection aside from establishing the right to compensation for improper disclosure of personal information.

According to the bill’s preamble, the goal of PDP is to “create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation through digital governance and inclusion.” Similar to GDPR, PDP establishes data privacy as a fundamental right and calls for the creation of an independent new regulatory authority, the Data Protection Authority (DPA), to carry out this law. 

In terms of how PDP and GDPR differ, you can find a comprehensive comparison of the two laws here. In summary though, the differences can be boiled down into 3 key areas:

  • India’s central government retains the power to exempt any government agency from the bill’s requirements for reasons such as national security.
  • The government now has the right to order firms to share any of the non-personal data they collect with the government
  • Personal and sensitive data must be stored and processed in India. Though there are exceptions to these rules, PDP’s restrictive regulations pose a number of challenges for organizations looking to do business in India and are, therefore, one of the most hotly contested provisions in the bill. 

Though DLA Piper expects the law to go into effect in late 2021, other legal experts aren’t so sure. Ongoing backlash pertaining to a number of its more restrictive provisions have resulted in multiple revisions and delays.  In addition to the issues surrounding data localization mentioned before, the bill “has also attracted criticism on various grounds such as the exceptions created for the state, the limited checks imposed on state surveillance, and regarding various deficiencies in the structures and processes of the proposed Data Protection Authority,” according to The Hindu

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.cshub.com/executive-decisions/articles/pending-data-protection-and-security-laws-at-a-glance-apac

Cyber Security

How Much Does A Cyber Security Specialist Make?

Published

on

How Much Does A Cyber Security Specialist Make
How Much Does A Cyber Security Specialist Make

How Much Does A Cyber Security Specialist Make- It is well known that people in the information technology industry earn far more than those in most other professions. The median wage in the IT business is twice as high as the overall average wage in the US, according to the CompTIA Cyberstates guide to the tech economy. This is true across the board in the IT industry, including cybersecurity. But how much money does a cybersecurity expert make?

Cybersecurity is a broad phrase that encompasses a wide range of job titles in the technology industry. Each role has a separate compensation range, from pentester to information security analyst to security engineer to chief information security officer. Your personal earnings will be determined by a variety of criteria, including your degree of education and experience, the type of industry your company is in, its size, geographical location, and more.

All of the salary averages in this post come from Glassdoor, a popular site for comparing and contrasting companies and employers, Payscale, a startup that helps manage employee remuneration, and the US Bureau of Labor Statistics (BLS), which provides accurate wage records.

Table of Contents

Salary Factors

Education and experience

A cybersecurity specialist’s CV must include their education.

A cybersecurity specialist’s work is critical to a business since they deal with data loss prevention and data protection in general, security incidents, risk assessment, and fending off digital attacks. Employers prefer to know that their specialists have at least a bachelor’s degree in computer security or a similar discipline to ensure that they know what they’re doing. Computer science, data administration, network administration, and other related fields are examples of related fields.

While a bachelor’s degree may be required for entry-level positions in the IT security sector, a master’s degree is not required. Only 23% of tech workers with a master’s degree or higher felt that their advanced degrees helped them earn more money.

In comparison, even if you are just starting your cybersecurity job, having experience is always beneficial. Your initial wage will be minimal if you don’t have much experience. Your superiors will be more inclined to give you a raise if you improve your abilities and get more knowledge (both theoretical and practical).

Job titles in the IT business are typically classified as ‘junior’ or ‘senior’ based on experience. Even if their job descriptions are similar, a junior security analyst will be paid less than a senior security analyst.

Industry type

Despite the fact that this article focuses on the IT industry, a person can work in IT in a variety of other businesses. No matter what type of business a company undertakes, computer security is critical.

The aerospace and defence, communications, public relations, advertising, pharmaceutical, medical, biotech, government (military and homeland security), and system and VAR integration industries pay the highest average salaries for IT experts and, as a result, cybersecurity specialists. In these businesses, the identical IT job position is likely to pay more than in other areas.

Business size and revenue

Average salary estimations are also influenced by the organization’s size and profitability. At principle, finding a position in a relatively small firm with significant income (less than 100 or, even better, less than 50 employees) would be a terrific option. Most certainly, your cybersecurity compensation would be greater than the industry average.

However, no matter how successful a small business is, it will never be able to generate the same amount of profit as a large organisation.

The problem with large corporations is that they employ hundreds of thousands, if not tens of thousands, of people all over the world. As a result, they are more likely to provide lower starting pay than their smaller counterparts. The beginning compensation for a cybersecurity professional at companies like Google, CISCO, Amazon, and others is not outstanding.

Your yearly compensation at one of these conglomerates will be higher than at other organisations once you have enough experience and reach senior position. Not to mention that some of them, like Google, give their employees stock in the firm that they may sell at any time.

Business location

The IT business has a distinct advantage in this era of working from home and social isolation. As long as they have a strong internet connection, most computer workers can work from home without trouble. Remote IT work is slowly but steadily becoming the norm in the IT industry.

While where you work as an employee is unimportant, the magnitude of your salary will be determined by where your firm is located. A tech career in Washington, DC does not pay the same as a similar job in San Francisco, CA. In fact, because Silicon Valley is arguably the worldwide heart of technology, typical tech incomes are highest in the San Francisco area.

In 2019, the typical income for a tech worker in San Francisco was $145k per year, $138k in Seattle, WA, $133k in New York, NY, $117k in Denver, CO, and ‘only’ $113k in San Diego, CA.

Average IT Security Salaries

Finally, the income you earn will be determined by the cybersecurity position you occupy. Here are some of the most prevalent cybersecurity job titles and their median salaries:

Computer Forensics Analyst

Despite the fact that this job looks interesting and represents a dynamic work environment, it is one of the lowest-paid positions on our list. According to Glassdoor, a computer forensics analyst earns an average of $57,755 per year, and $73,892 per year according to Payscale.

Cyber Security Specialist

The post of cybersecurity specialist is considered entry-level. This occupation is also known as a computer security specialist or an information security specialist. In the United States, average incomes for this career range from $69,123 to $76,336 per year.

Information Security Analyst

The compensation of an information security analyst is usually higher than that of a cybersecurity professional. An information security analyst earns an average of $99,730 per year, or $47.95 per hour, according to the US Bureau of Labor Statistics. Based on 4.595 anonymous salary submissions from information security analysts across the United States, Glassdoor lists an average yearly income of $76,410 for the same position.

Penetration Tester (Pentester)

According to Payscale, a pentester’s income ranges from $52k to 137k. This corresponds to Glassdoor’s statistics, which show that the average pentester earns $69,123 per year.

Security Engineer

According to Glassdoor, cybersecurity and data security engineers earn an average of $99,834 per year. These figures match those found on Payscale, where the average yearly security engineer pay is $91,598.

Keep in mind that a network security engineer earns less than the positions listed above – on average, $79,686 per year.

Security Architect

Security architects earn six-figure salaries thanks to their highly specialised skills and broad list of responsibilities. The typical base compensation for a security architect is $106,362, according to Glassdoor, and $124,051 according to Payscale.

Chief Information Security Officer (CISO)

Given that the chief information security officer is a senior executive-level role, the average base compensation is $179,763.

Conclusion

The topic of how much a cybersecurity expert makes is a difficult one to answer. The typical compensation for this difficult work is determined by a number of factors. It is directly related to an employee’s level of education and years of experience. If you’re interested in working for a huge, well-known company, keep in mind that your beginning wage will be low at first.

Not every part of the United States has the same average income, which should be included into your decision. (Don’t forget to account for the cost of living in various parts of the country.)

Finally, a cybersecurity specialist’s position is just the beginning. You can then construct out your own professional path based on your preferences and skillsets. There’s no reason why you shouldn’t command a six-figure income in the future if you work hard, get computer security training, interact well with your team, and demonstrate that you’re a benefit to your company.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/how-much-does-a-cyber-security-specialist-make/

Continue Reading

Cyber Security

Google’s Ongoing Struggles With in-the-Wild Zero-Day Attacks

Published

on

Google

Google’s persistent battles with zero-day assaults against its Chrome browser in the wild aren’t going away anytime soon.

For the sixth time this year, Google has released a Chrome point-update to address code execution flaws that are already being exploited by malevolent hackers, according to the firm.

In a Thursday advisory, Google stated, “Google is aware that an attack for CVE-2021-30554 exists in the wild.” It’s a use-after-free flaw in WebGL, the JavaScript API for rendering graphics without the need for plugins.

The weakness has been classified as “high-risk” by Google, which has begun sending the latest patch to users via the browser’s automatic-update mechanism.

Google provided no other information about the attacks other than the fact that they were reported anonymously two days ago, on June 15, 2021.

Users of Microsoft Windows, Apple macOS, and Linux can download Chrome version 91.0.4472.114.

Google also corrected three other memory corruption vulnerabilities in WebAudio, TabGroups, and Sharing, in addition to the zero-day attack.

There have been a record number of zero-day assaults this year, with Google fixing six of them in its Chrome browser. A total of 47 in-the-wild assaults targeting software weaknesses unknown even to the manufacturer have been disclosed by zero-day trackers.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/googles-ongoing-struggles-with-in-the-wild-zero-day-attacks/

Continue Reading

Cyber Security

Using APIs for Better Cyber Security

Published

on

Computer internet cyber security background. Cyber crime vector illustration. digital
Computer internet cyber security background. Cyber crime vector illustration. digital

Table of Contents

What is an API?

What is an API? – For the general users of the internet and computer interface, it is normally understood that the screens, keyboards, monitors, etc. are the only computer interfaces in front of them. These are the visible computer interfaces with which we interact with the machine and the internet. There is another type of interface that we come across every day, but is hidden from our view. These interfaces enable software components to interact with each other. For a long time, this process was not standardized and developers of the operating system Unix made protocols for interprocess communication (IPC).

By the early 2000s, the need for a standard, open software-to-software interface was felt by the technology industry. This led to the development of the application programming interface, commonly known as API. API’s could provide a standardized interface through which software could communicate amongst themselves by sharing data and managing shared memory. APIs made software services available to workloads and applications. They facilitate bidirectional communication between two processes. An API includes all information needed to carry out a task and, unlike a web form, an API does not need multiple user transactions to successfully complete a process.

Cyber security and API

API security encapsulates integrity protection of the APIs you use or own. API’s are used by microservices and containers to communicate among themselves. With the development of API’s, we find ways to connect everyday things to smart devices, like a refrigerator with an android smartphone. As integration of computers increases, interconnectivity becomes more important, and so do APIs and their security. With the rise of the Internet of Things (IoT) applications, API security has become a growing concern.

Web scraping and APIs

Other than communicating within the software, an API is also used for providing access to the data of an application, web page, or operating system. Similarly, web scraping refers to the process of ‘scraping’ data from a webpage or multiple web pages.

Web scraping is used to extract data from a  given web page, whereas an API provides the data directly. This poses a problem where the developer has not provided the API with the data. Sometimes APIs can be given at a charge, and that fee might not be affordable. In these scenarios, web scraping is necessary to obtain the data you need.Web scraping with software written in Python is one of the more common methods used to extract data from web pages.

Security threats with API

Some common threats associated with APIs are:

    1. Man in the Middle (MITM): An MITM attract refers to an attacker secretly intercepting communication between two APIs to obtain sensitive information. MITM attacks can grant access to personal financial and credential details to the attacker.
    2. API injections: API injection refers to the insertion of malicious code into vulnerable software. Malicious commands can also be inserted into an API message, like a SQL command. All web APIs that require parsers and processors are susceptible to API injections.
    3. Distributed denial of service (DDOS): DDoS attacks lead to the crashing of a website by flooding the bandwidth or resource of the attacked system. A DDoS attack topples the functioning of the memory and bandwidth by injecting a huge number of concurrent connections and sending/requesting huge amounts of data with every transaction. The machine resource will eventually crash under such pressure.

SOAP and REST API

SOAP and REST are the two most common approaches to implement APIs.

SOAP (Simple Object Access Protocol) is based on XML and used for communicating among computers. SOAP uses a built-in WS security standard that utilizes XML Encryption, XML Signature, and SAML tokens for messaging security considerations.

REST (Representational State Transfer) makes use of HTTP to get data and perform operations on remote computers. SSL authentication and HTTPS are used in REST for securing communication. It is easier to track and maintain all of these security protocols if you deploy to a centralized cloud deployment platform suited to creating and hosting APIs.

How to improve cyber security

A hacked API can cause a serious data breach. Owing to their vulnerability, it is important to take additional steps to ensure security.

    1. Using tokens: Assigning tokens to trusted identities and controlling access to data can protect your machine from malicious attacks.
    2. Authentication verifies the identity of the end-user. Authentication is implemented using the TLS protocol in REST APIs. OAuth 2 and OpenID are even more secure than the TLS protocol.
    3. Using an API gateway can secure your APIs. These gateways check the API traffic. A good gateway allows you to authenticate traffic. You can also control and analyze how your APIs are used.
    4. Using sniffers to detect vulnerabilities is a safe practice to secure your APIs. In addition, be updated about your API components and major leaks and threats.
    5. Authorizing what data a user can access from the API prevents malicious users from accessing data that is beyond their role. This keeps them away from being able to access admin functionality.

Conclusion

This article covered everything you need to know about API’s and cybersecurity. API security protects the integrity of APIs and is something that should be a concern for organizations and individuals with the evolution and constant development of IoT.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/using-apis-for-better-cyber-security/

Continue Reading

Big Data

Konsentus Verify supports checking of UK-RTS compliant certificates

Published

on

Konsentus Verify supports checking of UK-RTS compliant certificates

Konsentus today confirmed that its open banking third party provider (TPP) identity and regulatory checking solution, Konsentus Verify, can validate the identity of TPPs regardless of whether a UK-RTS compliant digital certificate or EEA issued eIDAS certificate is presented. 

This follows OBIE’s recent announcement that UK-regulated TPPs must complete their migration from OBIE Legacy Certificates to UK-RTS compliant certificates (OBWACs/ OBSEALs) no later than 30 June 2021 by which time they must also have revoked any active OBIE Legacy Certificates. 

From the end of June 2021, ASPSPs must reject the use of OBIE Legacy Certificates for PSD2 identification purposes ensuring they only accept certificates that are compliant with the UK-RTS. 

Konsentus Verify provides TPP identity and regulatory checking services to protect Financial Institutions from the risk of open banking fraud.  The identity checking element of the Konsentus solution is based on the validation of a TPP’s digital identity certificate.  

Konsentus Verify checks in real-time a certificate’s validity and whether it has been issued by a trusted certificate issuer. In addition, Konsentus Verify checks the Payment Services a TPP is authorised to provide by its home country National Competent Authority.

However, digital identity certificates are not usually updated over a certificate’s lifespan and do not list the roles a TPP can perform outside the TPP’s home country. Any ‘Passporting’ information must be obtained for each country the TPP wants to provide services into.

Any EEA TPP wanting to access accounts held by a UK-based ASPSP must either be on the FCA’s Temporary Permissions Regime list or registered directly with the FCA. Konsentus Verify validates in real-time the legitimacy and current authorisation status of TPPs providing payment services in the UK regardless of whether an eIDAS or UK-RTS compliant certificate is presented.

Mike Woods, CEO Konsentus commented, “With over 200 UK TPPs regulated to provide open banking services in the UK, we can offer our customers a single solution that means both UK-RTS compliant certificates and eIDAS certificates can be checked without having to introduce additional processes or delays. No matter where the transaction is taking place or where the TPP is located, we offer our customers a single solution providing identity and regulatory checking at the time of the transaction.”

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.fintechnews.org/konsentus-verify-supports-checking-of-uk-rts-compliant-certificates/

Continue Reading
Aviation7 mins ago

Qatar Airways Innaugurates New Abidjan Route

Blockchain23 mins ago

Sam Bankman-Fried Claims Institutional Demand for Crypto is Growing

Payments37 mins ago

Alt Lending week ended 18th June 2021

Aviation48 mins ago

Air New Zealand offers employees NZ$1,000 worth of shares

Aviation1 hour ago

Five Passenger Jets Damaged In Unexpected Ahmedabad Thunderstorm

Aviation1 hour ago

RAAF to perform ‘high-complexity’ combat training in the NT

Cyber Security1 hour ago

How Much Does A Cyber Security Specialist Make?

Energy1 hour ago

Electric Car Chargers Market will have an Incremental Spend of USD 24.47 Billion by 2025 | SpendEdge

Crowdfunding2 hours ago

UK’s Invoice Financing Platform MarketFinance Shares how they Helped Bantham Technologies Access Affordable Financing

Cyber Security2 hours ago

Google’s Ongoing Struggles With in-the-Wild Zero-Day Attacks

Blockchain2 hours ago

PINASining II: More Advice from Past Winners as Contest Deadline Draws Near

Crowdfunding2 hours ago

Swedish Firms Collaborating on Green Crytpo

Blockchain2 hours ago

Blockchain Intelligence Firm TRM Labs Secures $14 Million in Funding

Blockchain2 hours ago

The Winklevoss Brothers Have Formed a Musical Band

Blockchain2 hours ago

New Crypto Venture Fund to Invest in African Startups

Esports2 hours ago

New Apex Legends Trick Bounces Players ‘To The Moon’

Esports2 hours ago

Can You Pre-Order Jurassic World Evolution 2?

Blockchain2 hours ago

Miami Mayor Sets Up Stage to Attract Bitcoin Miners With Low-Cost Nuclear Power

Blockchain2 hours ago

Mark Cuban calls for stablecoin regulation in wake of Iron Finance ‘bank run’

Bitcoin Price
Blockchain2 hours ago

TA: Bitcoin Trims Gains, What Could Trigger Fresh Drop To $35K

Aviation3 hours ago

Central Mountain Air Adds Campbell River to Network

Blockchain3 hours ago

Shiba Inu: Subreddit Grows by 59, 381%, Coinbase Listing and ShibaSwap

Blockchain3 hours ago

Bitcoin Crowd FUD ‘Begin to Take Hold’, Signalling Potential Buying Opportunity: Santiment

Aviation3 hours ago

An airline lobbyist may have influenced the government’s decision on refunding passengers, Quebec MP charges

CNBC3 hours ago

‘Cyberpunk 2077’ gets more crash fixes before heading back to the PS Store

Aviation3 hours ago

KLM Scales Up Operations In Asia & The Middle East

Blockchain3 hours ago

Digital land in Decentraland sells for $913K… to a virtual property developer

Blockchain4 hours ago

Rick and Morty creator joins Fox’s new $100 million NFT and blockchain effort

Esports4 hours ago

LCS commissioner Chris Greeley denies report that NA teams voted to remove requirement to field Academy League teams

Blockchain4 hours ago

Mark Cuban Backs Ethereum-Based Data Marketplace dClimate

Trending