Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

By Bob Gourley The agenda for the 3rd Annual Cloudera Federal Forum (6 Feb 2014, Hanover MD) has firmed up and will no doubt lead to an incredible event. This will be a great venue for thought leaders from the federal government, great tech firms and very talented integrator firms. The speakers are a world-class-best mix of data and analysis practitioners, and from what I can tell the attendees will be the real action-oriented professionals from government really making things happen in Big Data analysis. This will be the perfect place to share lessons learned, exchange use-cases, meet others working similar challenges, and help advance the state of analytics in the government space. If you have not registered yet please do so now. Sign up at: http://ctolink.us/1l2h9AN Here is more: Agenda: Registration Open 7:00 AM Registration, Networking and BreakfastGeneral S... (more)

Effective SOC and an Automated Process | @ThingsExpo #IoT #M2M #Cybersecurity

Why 2017 Is the Time to Invest in an Effective SOC and an Automated Process Every Security Operations Center (SOC) manager and security analyst is struggling to some degree to stay one step ahead of the dramatic growth in cybercrime and the ransomware epidemic. In fact, according to the Cybersecurity Market Report published by Cybersecurity Ventures, a cyber security research and publishing firm, spending on cybersecurity is predicted to top $1 trillion between 2017 and 2021. There are plenty of very real and costly examples that show why organizations are increasing their spending for cybersecurity. While the high profile Mirai attacks with the Dyn IoT botnet attack affecting more than 100,000 endpoints is just the latest, the reality is that this is just the tip of the emerging iceberg. With a developing reality of billions of under-protected Internet of Things (... (more)

Insource or Outsource the SOC | @CloudExpo #AI #SOC #Security #Analytics

These days attacks are becoming more sophisticated and more common. Mobile devices, cloud computing and the Internet of Things have increased the number of access points that must be secured. To complicate matters, CISOs are been directed to secure system without compromising the seamless experience that customers expect across channels, and if the organization is in a regulated industry, compliance issues likely increase the team's workload. To best detect threats and respond to incidents quickly, many organizations decide they need a security operations center to provide proper protection and continuous prevention. Then they must decide whether to build an internal Security Operations Center (SOC) or outsource. Advantages and Disadvantages of an Internal SOC The advantages of building an internal SOC include: A dedicated staff that knows the particular environment a... (more)

SMAC News Weekly – Week of June 23, 2013

Welcome to SMAC News Weekly, featuring the latest news and numbers relating to SMAC (social, mobile, analytics and cloud) that I come across each week. Also read Enterprise Mobility Asia News Weekly Also read Field Mobility News Weekly Also read Kevin Benedict’s What’s New in HTML5 Also read M2M News Weekly Also read Mobile Commerce News Weekly Also read Mobile Health News Weekly Also read Mobility News Weekly Analyst firm Gartner predicts enterprises adopting Big Data technologies will "outperform competitors by 20 percent in every available financial metric."  Read Original Content The U.S. Air Force has recruited a team of engineering and software companies to develop a new energy management system for Eglin Air Force Base in Florida that brings the benefits of big data to enhancing the military’s operating environment.  Read Original Content Adobe is now offering the Adob... (more)

The UEFI Secure Boot Debate

One of the first initiatives for secure booting has been the Unified Extensible Firmware Interface (UEFI) Initiative. This is a superior replacement of the Basic Input Output System (BIOS) and a secure interface between the operating system and the hardware firmware. The UEFI Initiative was a joint effort by many companies to minimize the risks of BIOS attacks from malware that may compromise the system. It was started by Intel and termed as Extensible Firmware Interface (EFI) for its Itanium-based systems since BIOS lacked the inherent capability to secure vulnerable firmware. One of the aforementioned BIOS attacks was the Mebromi rootkit, a class of malware that focused on planting itself in the BIOS. Similar to the BIOS, the UEFI is the first program in the booting process and is installed during the manufacturing process of the hardware. UEFI has the inbuilt cap... (more)

Keeping Digital Health Organizations Safe from Cyber Attack | @CloudExpo #DX #Cloud #Security

For health organizations, breaches are a constant threat, due to the high value of healthcare data - Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII). And the cost of a breach to a health system or hospital can be devastating. And the health care industry has seen its share of breaches in the past quarter alone. For example, the National Health Service in England and Scotland was hit by a Wanna Decryptor ransomware attack affecting at least 16 of its organizations. Within two days 150 countries were affected. Also last quarter, up to millions of patient records at Bronx-Lebanon Hospital Center in New York stored on a backup system managed by iHealth Innovations were exposed to a data breach. Despite all the focus on preventing protected health information (PHI) theft and thwarting the next ... (more)

[video] #IoT Security with @SecureChannels | @ThingsExpo #BigData #AI #M2M

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researcher... (more)

Equifax Is an Enron Moment | @CloudExpo #AI #DX #SDN #Cybersecurity

Equifax Is an Enron Moment, But Not the Way You May Think Enron changed how U.S. public companies audit and report their financial data. There is also an opportunity to use the Equifax data breach to create a framework for better protection of our data in future. The credit reporting agency reported one of the largest data breaches in the history. Hackers were able to steal sensitive information from its internal servers. The stolen data include name, Social Security Number (SSN), date of birth, and also credit card numbers and driver license numbers in some cases. A massive breach like this can haunt the victims for years to come. What makes this specific breach even more damaging is the type of the stolen data. If someone steals your credit card number, you call your bank and get a new card hopefully before the hacker is able to make use of the stolen card. But, if... (more)

BIOS: Overview and Security

Computer security has become much harder to manage in recent years, and this is due to the fact that attackers continuously come up with new and more effective ways to attack our systems. As attackers become increasingly sophisticated we as security professionals must ensure that they do not have free rein over the systems that we are hired to protect. An attack vector that many people forget to consider is the boot process, which is almost completely controlled by the BIOS. The BIOS is a privileged piece of software that is generally ignored by day-to-day users and thus they are usually unable to comprehend the importance of it in our computers. The Basic Input/Output System was first invented by Gary Kildall for use in his operating system CP/M and this became what we now know as the conventional BIOS system. The BIOS appeared in IBM-compatible PCs around 1975 an... (more)

Internet of Things: Great for Critical Infrastructure Connectivity, but What About Cybersecurity? | @ThingsExpo #IoT

With modern industrial technology, an organization can make intelligent operating decisions because it can establish connectivity to all of its assets in industrial facilities or in the field across any distance. When industrial automation was first picking up speed in industries like oil and gas, there was a heavy focus on how supervisory control and data acquisition (SCADA) systems helped collect and transfer critically important data. SCADA systems are still very relevant today, but communications technology has evolved, especially with the adoption of wireless Machine-to-Machine (M2M) communications becoming important in allowing operators to access more data from more access points. Complete connectivity through Industrial IoT (IIoT) technology can further help organizations connect and collect more data. With wireless technology in particular, it is now possi... (more)

Micro-Second Synchronicity | @CloudExpo #Cloud #BigData #IoT #M2M

Nanokrieg© in Cloud Computing: Battles with Micro-Second Synchronicity If we are involved in a cyber-war, where are the frontlines? Should we be spending more time (and money) in figuring out cyber-warfare, instead of conventional warfare? (Part of this article is an excerpt of Carlini's upcoming book, NANOKRIEG: BEYOND BLITZKRIEG) In the middle of World War II, very basic and primitive computers were designed to improve accuracy for naval gunfire. The first computers ran complex mathematical applications to calculate trajectories and gunfire from large battleships. The size of the computer was huge and was made up of vacuum-tube technology. You could literally walk into the computer. (And needed to, when a tube went bad and you had to replace it.) Since then, computers shrank in size and costs, but their computing power and applications to various industries grew e... (more)