 Your new post is loading...
Security executives are stepping in line and forming their own strategies, approaches, and use cases to achieve that new competitive edge. CISO’s are conquering this frontier by reducing risk and fraud, whether it stems from cyber data loss or questionable customer transactions. In general, businesses have made progress in laying the foundations for the required technical data-mart infrastructure and the organization structure to support big data security initiatives. And yet, there is much work to be done in other component areas of the complex journey of building the successful security program. Organizations can benefit by leveraging existing skilled and proven data scientists from within the core business community to propel the journey forward. Here are seven ways that CISOs of banking institutions can leverage the Security Data Scientist.
Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement involves the breach of unsecured electronic protected health information (ePHI) of approximately 17,500 patients at ISU’s Pocatello Family Medicine Clinic. ISU operates 29 outpatient clinics and is responsible for providing health information technology systems security at those clinics. Between four and eight of those ISU clinics are subject to the HIPAA Privacy and Security Rules, including the clinic where the breach occurred. The HHS Office for Civil Rights (OCR) opened an investigation after ISU notified HHS of the breach in which the ePHI of approximately 17,500 patients was unsecured for at least 10 months, due to the disabling of firewall protections at servers maintained by ISU. OCR’s investigation indicated that ISU’s risk analyses and assessments of its clinics were incomplete and inadequately identified potential risks or vulnerabilities.
Are we creating a cyber professional salary bubble that will eventually burst, asks Holly Ridgeway, SVP and CISO enterprise systems at PNC. "It is a great time to be in the cyber security field. But, have you noticed the growing challenges of recruiting and retaining good cyber talent? Six-figure salaries used to take years to achieve. Now, if you have a specialized cyber skill set, you can attain that figure with only a few years of experience. So, the question is: Are we growing cyber professionals who do not have the foundation needed to perform at a sustained level? Are we so desperate for these skill sets that we are willing to outbid each other?"
Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway. The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardized—including LivingSocial, dating site Zoosk, Evernote, Twitter, LinkedIn, and eHarmony to name just a few from the past year. Because these dummy accounts don't belong to legitimate users of the service and are normally never accessed, they can be used to send a warning to site administrators when attackers are able to log in to them. The new, complementary honeyword measure—proposed in a research paper titled "Honeywords: Making Password-Cracking Detectable—was devised by RSA Labs researcher Ari Juels and MIT cryptography professor Ronald Rivest, the latter who is the "R" in the RSA cryptography scheme.
Each year, the Executive Women's Forum announces their "Women of Influence" Awards at their annual EWF event. The awards, co-presented by Alta Associates and CSO Magazine, recognize outstanding women in several categories: one winner from the public sector, a private solutions provider from the security industry, a corporate practitioner from the private sector, and a "One to Watch," a future leader in the security field. This year, a lifetime achievement award was also given. The winners were nominated by peers in the security community. CSO asked each winner of the 2012 WOI awards to give us their perspective on their success, lessons learned in their careers — and how women are making their mark in the security industry today.
Thanks to an exploding number of wellness apps and wearable devices, you may be beaming biodata into the cloud right now. As the Quantified Self movement picks up steam, who stands to profit? (Hint: not you.) And can those cashing in on Big Data use your heart rate against you? (Take a guess.)
Facebook Thursday announced a new security tool called Trusted Contacts for users who suspect they've been hacked.
It was hard to believe, but the student insisted it was true. He had discovered that compact discs from a major record company, Sony BMG, were installing dangerous software on people’s computers, without notice. The graduate student, Alex Halderman (now a professor at the University of Michigan), was a wizard in the lab. As experienced computer security researchers, Alex and I knew what we should do: First, go back to the lab and triple-check everything. Second, warn the public. But by this point, in 2005, the real second step was to call a lawyer. Security research was increasingly becoming a legal minefield, and we wanted to make sure we wouldn’t run afoul of the Digital Millennium Copyright Act. We weren’t afraid that our research results were wrong. What scared us was having to admit in public that we had done the research at all. Meanwhile, hundreds of thousands of people were inserting tainted music CDs into their computers and receiving spyware. In fact, the CDs went beyond installing unauthorized software on the user’s computer...
If we want to protect privacy, we should be more clear about why it is important. ... [Privacy] is better understood as an important buffer that gives us space to develop an identity that is somewhat separate from the surveillance, judgment, and values of our society and culture. Privacy is crucial for helping us manage all of these pressures -- pressures that shape the type of person we are -- and for "creating spaces for play and the work of self-[development]."
No more excuses! Microsoft, Google, and Facebook make it easy to improve your account security with two-factor authentication. Here's how.
Don't wait until you decide to leave your current job to update your LinkedIn profile. Take a few minutes now to make sure your profile showcases your accomplishments and skills. Here are some common mistakes to avoid, as well.
The US National Institute of Standards and Technology (NIST) is planning to sponsor a federally funded research and development center (FFRDC), a nonprofit organization that will act in support the National Cybersecurity Center of Excellence (NCCoE). NIST announced that this is the first FFRDC solely dedicated to enhancing the security of the nation's information systems. It will work in conjunction with NCCoE, a public-private information-sharing collaboration that brings together experts from industry, government and academia – it was established in partnership with the state of Maryland and Montgomery County in February 2012.
Will BYOD lead to a rash of lawsuits from employees who feel violated? Or maybe a headline-grabbing, class-action lawsuit? Your company better make sure it has an explicit terms-of-use BYOD agreement.
|
When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. So Network World Editor in Chief John Dix asked two of the experts on that panel to hash out in an email exchange why these programs don't tend to work. Alexander Hutton is director of operations risk and governance at a financial services firm (that he can't name) in the Greater Salt Lake City area, and Jack Jones is principal and Co-Founder of CXOWARE, Inc., a SaaS company that specializes in risk analysis and risk management. Jones: "Risk management programs don't work because our profession doesn't, in large part, understand risk. And without understanding the problem we're trying to manage, we're pretty much guaranteed to fail."
The gleefully sarcastic online game about collecting and selling personal data. Also available on Facebook!
The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail. The IRS, on the other hand, publicly said last month that it would abandon a controversial policy that claimed it could get warrantless access to e-mail correspondence.
The rapid proliferation of smartphones, tablets, and other mobile devices has created a new challenge for college and university IT administrators. With the use of personal mobile devices now mainstream, users of software increasingly expect to get things done on their smartphones. Unlike first-generation applications, such as campus bus schedules, a growing number of new offerings touch enterprise data. The time has come for IT managers to put measures in place that ensure mobile data security across the enterprise. Security issues throughout the enterprise mobile ecosystem, from physical devices to app distribution to the actual code being executed on smartphones, must be systematically addressed. A number of new open-source and community-source technologies can help, including the Kurogo Mobile Platform and the Kuali Mobility for the Enterprise (KME) platform.
A 2002 CSOonline article reminds us that despite what progress and advances we witness in the industry, security's mission doesn't change
Did you know that there are 13 million Facebook users who have never touched their Facebook privacy settings? That may seem like a small number when taken in light of the 751 million monthly active users the company recently reported but 13 million is still a number which should not be dismissed. According to this infographic, 28 percent of all Facebook users share all, or almost all, of their wall posts with an audience wider than just their friends. Furthermore, 11 percent of Facebook users said that someone else has tried to use their login without their permission.
What is a good BYOD policy? Step one is to clarify the rights of both company and employee and state upfront what's business and what's personal. But there's a lot more to it. In this interview with a technology transactions lawyer, CIO.com explores the do's and don'ts of BYOD policies.
The best higher ed information technology blogs on MOOCs, cloud computing, mobile learning, social media, digital pedagogy and more. (Submitted and voted on by EdTech readers.)
When I was asked by EDUCAUSE to write a blog about the experiences of a first-time CIO, I was concerned that I wouldn't have enough to write about that would be of interest to the EDUCAUSE community. It then occurred to me that I'd like to approach this the way I approach many situations like this - ask and listen! What would you like to see me write about in future blog posts? Please suggest topics that you'd like to see covered in the areas of being a first-time CIO and/or how to prepare to get a first CIO job in higher education...
Phishing attacks on enterprises can be calamitous in terms of compromised networks or damaged brand names, and the Anti-Phishing Working Group (APWG), which aggregates and analyzes phishing trends data worldwide, offers some of the best insight from industry into what's occurring globally in terms of this cybercrime. The following list of frequently asked questions about phishing is derived from the APWG's April report that covers the period July-December 2012 worldwide.
Indiana University Vice President and CIO Brad Wheeler and Internet2 President and CEO David Lambert today announced a $2 million initiative to stimulate collaboration in cybersecurity efforts by higher education institutions and to provide thought leadership on strategic cybersecurity issues nationally and globally. Speaking at the Internet2 Annual Meeting in Arlington, Virginia, Lambert and Wheeler invited the presidents and CIOs of other colleges and universities to join as investors and sponsors of this initiative. They noted that the higher education sector is unique in having significant cyber activities in research, education, and operations. This initiative is intended to stimulate more collaboration among these activities to enable the higher education sector to make further contributions to the national efforts. This new collaboration will immediately launch a national search for an executive director with significant operational experience in cybersecurity in the higher education community.
Facebook's recently launched Facebook Home app makes using the social network on Android smartphones much easier and smoother — but might also open up some important security holes.
|
