Security blanket Nov 15, 2009
Of the myriad executive-level positions that have entered and moved up the organizational charts of government agencies, the chief information security officer (CISO) ranks as one of the newest and, increasingly, one of the most complex. The CISO job is largely an outgrowth of the Federal Information Security Management Act of 2002, which requires each federal agency to develop a plan for securing the information and systems within its purview and file annual security reports with the Office of... (FCW.com)
CISOs reveal what scares them Nov 15, 2009
Chief information security officers answer 4 burning questions -- Federal Computer Week ... Chief information security officers answer 4 burning questions ... 6 chief information security officers share how they plan to keep government data and computers safe in the face of constantly changing risks, red tape and tight budgets. (FCW.com)
Network Security: 15 Tips to Protect Your Network Nov 14, 2009
Speaking at the Gartner Information Security Summit 2009 in London, SANS instructor Stephen Armstrong outlined 15 "quick wins" based on these controls: simple steps you can take to make an immediate difference to your security. Here are the 20 controls, and Armstrong's quick wins and other advice. (SmallBusinessComputing)
How to prepare for a secure network hardware upgrade Nov 13, 2009
are common in today's information security market. In this SearchSecurity. (Search Security, MA)
Full Story » Nov 11, 2009
But while Microsoft has its own house in order, security is still a problem on the Windows platform, according to Melson, a manager of information security with Priority Health. "As long as third-party patching continues to be a challenge, client security will continue to be at the forefront of information security defense and incident response," he said via e-mail. (Yahoo News -- Technology)
NARA admits violating internal policy on personal info Nov 7, 2009
violated its information security policies by returning failed hard drives from systems containing personally identifiable information of current government employees and military veterans back to vendors. By agency policy, NARA is supposed to destroy the hard drives rather than return them, according to a top NARA official. (FCW.com)
NIST releases specs for automated IT security protocol Nov 7, 2009
SCAP is achieving widespread adoption by major software and hardware manufacturers and has become a significant component of large information security management and governance programs, the publication says. The protocol is expected to evolve and expand in support of the growing needs to define and measure effective security controls, assess and monitor ongoing aspects of that information security, and successfully manage systems in accordance with risk management frameworks. (FCW.com)
China Consulting Nov 7, 2009
And it is estimated that the information security business will offer the most potential market for the China IT consulting industry. In the China business consulting market, management consulting takes the biggest share. (Suite101.com)
Chun: Cyber Attacks Demand Strong Public-Private Response Nov 7, 2009
Additional measures target improvements in the Federal Information Security Management Act and protecting citizens from data breaches. Given the paramount importance and high stakes of cybersecurity, technology companies are continuously developing more secure, robust technology products, integrating and increasingly managing them securely as a service on behalf of our customers. (Roll Call)
FTC Red Flags Rules: How to create an identity theft prevention plan Nov 6, 2009
Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and led up Siebel's product security and privacy efforts. (Search Security, MA)
Innovation headlines first TEDx conference Nov 6, 2009
That emergence, said information security expert Marcus Ranum, can be traced to an unforeseen weakness in the development of the file transfer protocol software language for computer networking. Joel Salatin, a Virginia farmer well known in the sustainable agriculture movement, described how his work raising livestock with cutting-edge techniques led him to become the primary egg supplier for dozens of restaurants wanting to serve food made with locally grown products. (Baltimore Business Journal, MD)
Indian enterprises face data loss risk Nov 5, 2009
"About 80 percent of Indian enterprises have agreed that loss or theft of critical data is a serious information security risk they face after threats from viruses and hackers," the survey, commissioned by security solutions provider Symantec India, said in its latest report. Though enterprises have been sanguine on investing heavily in building their IT infrastructure for end-to-end efficient operations, adoption of technologies to prevent or detect data loss has been abysmally low due to lack... (India Times)
Information Security Systems Engineering - DoD Secret Nov 4, 2009
You must demonstrate complete mastery of hands-on information security and incident response processes and procedures to be considered for this position. Some travel may be required. (Florida Today)
Coming events Nov 3, 2009
INFORMATION SECURITY ARCHITECTURE lunch meeting 11:30 a.m.-1 p.m. Nov. 12 at the Plaza Club, 20th floor; topic: from risk assessment to compliance and everything in between; members $25, non-members $30, buffet lunch included. RSVP by Nov. 9: , 694-4041. (Honolulu Advertiser)
Microsoft questions Google Apps' momentum as it touts 1M online business... Nov 3, 2009
GovCloud will also be certified under the Federal Information Security Management Act (FISMA). Capossela said that Microsoft already had allowed larger customers (those with 5,000 employees or more) to have their data stored on separate servers through. (San Francisco Chronicle -- Technology)
Electronic Privacy Information Center: Privacy Nov 1, 2009
Information about the 2006 information security breach by a Veterans Affairs employee resulted in the theft from his Maryland home of unencrypted data affecting 26. 5 million veterans and current service members and their families. (Yahoo News -- Online Privacy)
Security Content Automation Protocol backgrounder Oct 31, 2009
Limitations: SCAP doesnt address the full scope of compliance with the Federal Information Security Management Act, particularly operational controls. Supported platforms: Although FDCC is geared toward Microsoft Windows XP and Vista, SCAP has enabled standardization across a number of platforms, including Red Hat Enterprise Linux, Sun Microsystems Solaris, HP-UX and IBM AIX. More details on platform support are available at. (FCW.com)
Taking some sweat out of security compliance Oct 31, 2009
When it comes to complying with federal security mandates, chief information security officers contend with a set of arduous tasks that could rival the 12 labors of Hercules. Under the , agencies must to Congress that outline their compliance with more than a dozen categories of security controls that span technology, management and operations. (FCW.com)
Mobile phones pose a phishing risk Oct 30, 2009
"Mobile phones are becoming a bigger part of our lives," says Andy Jones, head of information security research at British Telecommunications. "We trust and rely on them more. And as we rely on them more, the potential for fraud has got to increase.". (Xinhuanet, China)
NIST seeks help in revising contingency planning guide Oct 30, 2009
Human nature and technology being what they are, the best laid plans of chief information officers, chief information security officers and systems administrators are bound to go awry from time to time, and agencies are required to have plans in place to deal with these contingencies. The National Institute of Standards and Technology is updating its seven-year-old planning guidelines and has released a draft of for public comment. (FCW.com)
Worldwide Spend for IT Security Continues to Increase Oct 29, 2009
More than 7,200 executives from 130 countries across all industries were asked about their information security expectations ... "The increased risk environment has visibly elevated the role and importance of the information security function to the entire business organization," said Mark Lobel, an Advisory principal at PricewaterhouseCoopers ... - Seventy-five percent (75%) of financial services respondents have an overall information security strategy in place, compared to 74% in 2008. (CIO Information Network)
Creating a personal brand in information security Oct 28, 2009
INFORMATION SECURITY CAREER ADVISOR ... Unfortunately it's not that easy for information security professionals ... Currently, there are more than 65,000 CISSP-certified information security professionals. (Search Security, MA)
Federal student aid data isn't secure, IG says Oct 22, 2009
IG makes seven recommendations to improve information security. By. (FCW.com)
Networking with the bigwigs to gain support for IT Oct 22, 2009
Kevin has authored/co-authored seven books on information security, including and (Wiley). He's also the creator of the Security on Wheels and providing security learning for IT professionals on the go. (SearchWindows2000.com)
Story » Oct 21, 2009
An appropriate secret, as after all, John Mullen is in the business of protecting the nation's information security. . (ESPN -- Outdoors)
Barracuda buys Purewire Inc. Oct 21, 2009
Deal boosts city's role as mecca of information security ... Barracuda sees Atlanta as a mecca for information security, Noonan said. (Atlanta Business Chronicle, GA)
NASA info security controls are broken, GAO concludes Oct 18, 2009
Audit finds NASA information security weaknesses put space agency networks, information at risk ... Although controls are being implemented as part of a risk-based information security program, required under the Federal Information Security Management Act, controls were not always adequate or consistently enforced, resulting in security gaps in physical and logical perimeters and leaving vulnerabilities in networks and systems ... A key reason for these weaknesses was that NASA had not yet... (FCW.com)
Virtualization, SRM and FCoE Are Hot at SNW Oct 17, 2009
He cautioned that moving to a virtual data center implies no physical perimeter or physical controls and demands a greater reliance on information security. Users must assume that cloud resources are publicly accessible for compliance laws, and that access typically uses encryption as enforcement. (EnterpriseStorageForum)
Field experiment on a robust hierarchical metropolitan quantum cryptography network Oct 16, 2009
During the process of economic globalization, information security has become more and more important for both organizations and individuals. The secure communication is the basic requirement for all the confidential solutions to defend illegal eavesdropping and tampering. (EurekAlert!)
DHS agencies don't sustain info security programs, IG says Oct 16, 2009
Homeland Security Department agencies dont sustain their information security programs year-round or perform continuous monitoring to maintain systems accreditations and action plans. The IGs findings come from an annual independent evaluation of the departments information security programs required by the The law requires agency IGs to conduct the evaluations and agencies themselves to also conduct an annual information security evaluation ... Overall monthly FISMA information... (FCW.com)
Cyber warfare: Sound the alarm or move ahead in stride? Oct 16, 2009
This is a complicated threat with a lot of money at stake, said Steve Hawkins, vice president of information security solutions at Raytheon. Policies always take longer than technology. (FCW.com)
Content-aware IAM: Uniting user access and data rights Oct 16, 2009
Recently there's been a new development in the information security world: content-aware identity and access management (CA-IAM). CA-IAM is the integration of two established, usually separately administered security domains -- identity and access management (IAM) and data protection. (Search Security, MA)
CAC information assurance manager wins award Oct 16, 2009
Pearson placed second in the annual Government Information Security Leadership Awards' Senior Information Security Manager category ... A Combined Arms Center information assurance manager placed second in the annual Government Information Security Leadership Awards' Senior Information Security Manager category ... The awards are sponsored by International Information Security Systems Security Certification Consortium Inc., a nonprofit organization that certifies information security... (Leavenworth Lamp, KS)
New twist on government control of data: use of subpoenas Oct 15, 2009
In 2005, more than 15 million additional documents were classified, a record amount, according to the Information Security Oversight Office of the National Archives. It cost the United States an estimated $7. (Yahoo News -- Privacy Issues)
SafeNet Inc. taps former IBM executive as chief financial officer Oct 15, 2009
SafeNet manufacturers a line of information security products. Most Read Stories. (Baltimore Business Journal, MD)
Electronic Privacy Information Center: Privacy Oct 15, 2009
Information about the 2006 information security breach by a Veterans Affairs employee resulted in the theft from his Maryland home of unencrypted data affecting 26. 5 million veterans and current service members and their families. (Yahoo News -- Online Privacy)
Community clinics crucial in health reform Oct 15, 2009
Wendi Niehuis, an information security analyst from Walnut Creek, lost her job with Washington Mutual in February. Eight months later, she has cashed in her retirement plan, but feels she is one serious illness away from financial ruin. (MSNBC -- Health)
Contractors go toe-to-toe over mobile radio business Oct 14, 2009
Its been certified by the National Security Agency for Type-1 information security. The GMR radio, the program-of-record radio for the JTRS program for the ground domain, is now entering the testing phase of its development, and is expected to enter limited user testing sometime next year, according to Boeing officials. (FCW.com)
Leaders commended for contributions to info security Oct 14, 2009
Four persons have been recognized for their leadership in federal information security at the sixth annual 2009 Government Information Security Leadership Awards, presented by , a not-for-profit association that certifies information security professionals ... McConnell said as part of cybersecurity, information security is a shared responsibility and it is increasingly vulnerable as government IT progresses. (FCW.com)
Five things you need to know about politics in IT Oct 13, 2009
This is especially true for management and people who haven't a clue about IT and information security ... Kevin has authored/co-authored seven books on information security, including and (Wiley). (SearchWindows2000.com)
IIJ Strengthens Compliance Function of IIJ Secure Web Gateway Service Oct 13, 2009
As corporate use of the Internet continues to increase, it is vital to address the issues that may impact information security and productivity, such as Web-born viruses, information leaks, and personal Internet use leading to lower productivity. The addition of the Authentication Server Connection Option makes the IIJ Secure Web Gateway Service the industry's first SaaS Web security service that enables administrators to control individual access without the need for complicated configurations... (Primezone Releases)
Cyber-security expert sees holes in system Oct 12, 2009
where he had developed a masters degree program and a doctoral specialization in information security. When he was offered a leadership role in developing the ICS in San Antonio, he jumped at the chance. (San Antonio Business Journal, TX)
West publishing nearly 30 books for Kindle Oct 9, 2009
Information Security and Privacy: A Guide to Federal and State Law and Compliance. International Taxation in a Nutshell, 8th ed.. (Twin Cities Business Journal, MN)
Hoax FBI E-Mails Play On Fear Oct 9, 2009
Scarborough works as an information security officer at Rice University. He watches for viruses on campus every day. (Click2Houston, TX)
Data protection tips for corporate compliance leaders Oct 9, 2009
If you're a chief compliance officer, however, and you've done your job, it's not just up to IT and information security to deal with data protection ... Download other information security book chapters from ... Data Protection Responsibilities of Compliance Practitioners A few years ago, a large manufacturing organization created a Chief Privacy Officer (CPO) with enterprise privacy responsibility within the law office, reporting directly to the CEO. The information security responsibility was... (Search Security, MA)
Aligning network security with business priorities Oct 9, 2009
Remember, as with any support function, information security should always exist to serve the needs of the business, rather than the other way around ... He previously served as an information security researcher with the National Security Agency and the U.S. Air Force ... Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.... (Search Security, MA)
BlackBerry better than this Apple Oct 8, 2009
He also quoted a study by SecurityFocus, a website on information security. The research shows that the BlackBerry is significantly more secure than the iPhone, he said. (The Star Online, Malaysia)
FBI Warns Of Fraudulent E-Mails Oct 8, 2009
He works at Rice University as an information security officer, watching for viruses on campus every day. He said the sender in this case is actually a hacker in disguise. (Click2Houston, TX)
New computer security guide can help safeguard your small business Oct 7, 2009
The guide, Small Business Information Security: The Fundamentals, was authored by Richard Kissel, who spends much of his time on the road teaching computer security to groups of small business owners ranging from tow truck operators to managers of hospitals, small manufacturers and nonprofit organizations ... Small Business Information Security: The Fundamentals can be downloaded from the Small Business Corner Web site at. (EurekAlert!)
Android Finally Invades Verizon Oct 7, 2009
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as and provides tips, advice and reviews on information security and unified communications technologies on his site at. (Yahoo News -- Technology)
UTS provides security tips throughout awareness month Oct 7, 2009
We are trying to inject security awareness and consciousness into the university, said Marcos Vieyra, information security director for UTS.. UTS encourages students to take simple steps as preventative measures to keep their computers and their data safe. (Gamecock Online, SC)
Interior developing cloud infrastructure services Oct 7, 2009
Security-wise, both of NBC's data centers are fully compliant with the Federal Information Security Act. For the service, the agency is implementing security zones. (FCW.com)
Pentagon authorizes outside firm to manage access to some DOD systems Oct 7, 2009
PKI is a system of identity management and information security developed over the last decade. PKI entities enter into trust relationships with each other and agree to trust one anothers credentials. (FCW.com)
UN: Threat of next world war may be in cyberspace... Oct 7, 2009
Pointing out the infrastructure weakness, Carlos Moreira, who founded and runs the Swiss information security firm Wisekey, said legislation is needed to bring cybersecurity up to international standards. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. (The Drudge Report)
Top 10 ways to derail your IT career Oct 7, 2009
Kevin Beaver, is an information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) ... He's also the creator of the Security on Wheels information security audio books and blog providing security learning for IT professionals on the go. (SearchWindows2000.com)
Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database Oct 6, 2009
Effective information security starts by protecting data at the source the databases in which it resides. Historically most organizations have relied on network perimeter and application level security to restrict access to sensitive data, leaving their databases and the sensitive information inside exposed. (IntranetJournal)
Fielding hackers against hackers Oct 6, 2009
David Michaux, managing director of HITB Jobs, said many companies are realising that having information security specialists inhouse is more cost effective than hiring outside resources ... The subsidiary is a joint venture between HITB and Bulgaria-based NDMTeam, an information security company. (The Star Online, Malaysia)
Integral Energy virus outbreak threatens grid Oct 2, 2009
A spokesman for Integral Energy, a major energy supplier, confirmed that the company had called in external information security experts to "rebuild all desktop computers to contain and remove the virus". The malware had not affected power supplies to customers or business data and was "contained within Integral Energy's information technology network", the spokesman said. (Sydney Morning Herald -- Technology)
Understanding the politics of information security Oct 2, 2009
Information security is so complex that it's often done the wrong way or not done at all ... Interestingly, many executives are this way when it comes to funding information security initiatives ... Managing information security goes way beyond checklists and a snapshot-in-time status. (SearchWindows2000.com)
Six companies up for $25 million in USDA contracts Sep 30, 2009
"This contract, which will enhance information security for one of our country's most important agencies, is an excellent example of how cyber underpins virtually every aspect of our lives," said Dale Meyerrose, vice president and general manager for the Cyberspace Solutions business at Harris. CSC ranks Harris ranks , Verizon ranks , Unisys ranks and Mantech ranks on Washington Technologys list of the largest federal government prime contractors. (FCW.com)
100-day plan: Security manager success Sep 30, 2009
com's expert-in-residence on information security management. Get more information about the , read his , or reach him via. (Search Security, MA)
Don't click on that! Sep 30, 2009
A company may tell you in that policy it will share your data with its "trusted partners" and however it deems appropriate in the course of business, said Matwyshyn, editor of the upcoming book "Harboring Data: Information Security, Law, and the Corporation." "That's a signal that your data is going to be licensed many times over, and it's going to be touched by a greater number of hands.". That becomes a problem, Matwyshyn said, because "you're only as good as the weakest link in the chain."... (CNN -- US)
NEC Deploys One of Japan's Largest Thin Client Systems for Tokio Marine Sep 30, 2009
Tokyo, Sept 29, 2009 - (JCN Newswire) - NEC Corporation today announced the beginning of construction of one of Japan's largest virtual PC thin client systems as part of strengthening information security and reducing total cost of ownership (TCO) for Tokio Marine do Fire Insurance Co., Ltd. (Tokio Marine; President: Shuzo Sumi) ... Tokio Marine has implemented comprehensive internal security controls in order to constantly monitor and comply with each of the wide reaching management regulations... (JCN Network, Japan)
When custom software was king Sep 30, 2009
The requirements under the Federal Information Security Management Act are similar to the security requirements of commercial standard ISO 27001, Adams said. If you look at the requirements for government and commercial, even from a security perspective, they are very similar, but the government just calls them something different than the commercial world, she said. (FCW.com)
How much government control in cybercrisis? Sep 30, 2009
Shutting down a compromised system may sound like a good idea, but "it's not like the Internet has an on-off switch somewhere you can press," said Franck Journoud, manager of information security policy for the Business Software Alliance. Most industries are federally regulated, so the government should work within those systems to plan for disasters, said Journoud, whose group has met with lawmakers and the White House on cyberpolicies. (MSNBC -- Politics)
