tagged w/ Cyber Czar
-
A plan to create a new Pentagon cybercommand is raising significant privacy and diplomatic concerns, as the Obama administration moves ahead on efforts to protect the nation from cyberattack and to prepare for possible offensive operations against adversaries' computer networks.A plan to create a new Pentagon cybercommand is raising significant privacy and... more
-
-
T-mobile customers are awakening this morning to reports that hacker/extortionists have victimized the cellular carrier through a massive network breach resulting in the theft of untold amounts of corporate and customer data, which they’re threatening to sell to the highest bidder.T-Mobile says it is investigating.T-mobile customers are awakening this morning to reports that hacker/extortionists... more
-
-
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.A large internet service provider said data for as many as 100,000 websites was... more
-
-
There is something wrong here and PCI DSS is exposing it, not causing it. “When people say PCI is too hard, many really mean to say compliance is not cheap. The business risks and ultimate costs of non-compliance, however, can vastly exceed implementing PCI DSS – such as fines, legal fees, decreases in stock equity, and especially lost business. Implementing PCI DSS should be part of a sound, basic enterprise security strategy, which requires making this activity part of your ongoing business plan and budget.”There is something wrong here and PCI DSS is exposing it, not causing it. “When... more
-
-
By Steven Fox, Founder of SecureLexicon: A cross-industry survey of 150 IT managers and technical staff showed that 20% of that population either admitted to cheating on an IT audit or knew someone that did. Ruvi Kitov, CEO of Tufin Technologies, noted that the rate of auditor deception is likely higher than the survey suggests. Andy Bokor, COO of Trustwave, added that some IT professional respond to compliance pressures by describing their environments in a positive, yet false light.By Steven Fox, Founder of SecureLexicon: A cross-industry survey of 150 IT managers... more
-
-
By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that there has been a major spike in fraudulent pharmacy sites just this past week. Much like the fake SpySweeper site these pharma-fraud sites present a convincing storefront that appears to sell Viagra and Cialis. They have a sophisticated shopping cart system and take your money but do not bother with actually fulfilling orders. eSoft provided me with data on seven different templates they have discovered. The quantity is amazing.By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that... more
-
-
From The Internet Security Alliance: The current technologies are woefully inadequate. They can deter the average script kiddies but provide little defense against foreign state sponsored attacks and espionage, which represent 5% of the threat responsible for some of the most serious damage. Signature-based intrusion detection, firewalls, and anti virus technologies are all deployed, but they do little to identify or prevent more sophisticated adversaries.From The Internet Security Alliance: The current technologies are woefully inadequate.... more
-
-
By Kevin M. Nixon, Information-Security-Resources.com Security Editor
I served on the Executive Board of Directors for the Internet Security Alliance (2001 - 2004) and supported the creation of the Department of Homeland Security. I continue to make the rounds on Capitol Hill meeting with US Senators and Representatives and their Congressional Staffs as a subject matter expert on all types of IT Security, Data Privacy, Cybersecurity and GRC issues to provide our elected officials with a real worldview into the impact their legislative actions can have, both positive and negative.By Kevin M. Nixon, Information-Security-Resources.com Security Editor
I served on... more
-
-
“Protecting our nation’s computing systems that control critical cyberinfrastructure is crucial,” Fred Chang, lead investigator and director of the CIAS, said in a statement.“Protecting our nation’s computing systems that control critical... more
-
-
There are many efforts to create meaningful security metrics, which is a worthy goal. After benchmarking over 1000 IT operations and security organizations in the past four years, I’ve formed some very strong conclusions and opinions, some of which goes against security common wisdom.There are many efforts to create meaningful security metrics, which is a worthy goal.... more
-
-
“Centralizing our cybersecurity efforts under Phil’s leadership will help create a unified DHS as we continue to adapt to an ever-changing array of threats. Together, Phil, Bruce and Greg will guide the Department’s efforts to prevent cyber attacks and protect the nation’s critical information systems and networks.”“Centralizing our cybersecurity efforts under Phil’s leadership will help... more
-
-
We can share many horror stories ranging from competitors attempting to steal a client’s customer data, to outright corporate espionage to gain information on new product debuts and stealing technology and other proprietary information that may still be under development.We can share many horror stories ranging from competitors attempting to steal a... more
-
-
Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White House Blog, at the moment that the President was speaking, I also noticed something very interesting: “Why would Raytheon remove Rear Admiral Williamson’s distinguished service Bio from the corporate website?”Just as I had noticed the mysterious change in Melissa Hathaway’s title on the... more
-
