Cyber Security Institute

Wednesday, April 22, 2015

Newsalert - 2015 Apr 22

**RSA Conference: ThreatStream Announces First Apple Watch App for Managing Threat Intelligence On-the-Go** 
SAN FRANCISCO AND REDWOOD CITY, Calif., April 21, 2015 /PRNewswire/—ThreatStream® (RSA booth #S2727), the leading provider of an enterprise-class threat intelligence platform, today announced the first iOS threat intelligence app for the Apple Watch. The app, which is also available for the iPhone and iPad, provides full access to the ThreatStream Optic threat intelligence platform dashboard and displays, and enables users to take action with a simple tap of the screen or voice command. The new Apple Watch app will be demonstrated in the ThreatStream booth during the RSA Conference (@rsaconference) this week. ThreatStream will also be giving away one Apple Watch a day to visitors who come by their booth. 
**Link:** [  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ] (  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ) 

**Corporate privacy policies are out of step with protecting sensitive data** 
Data protection specialist Druva has released the results of a new study conducted by Dimensional Research which examines companies’ efforts to protect sensitive data, the challenges they face ensuring data privacy and gathers respondent views on protecting data privacy in the cloud. 
Among the findings are that 99 percent of respondents reported having some for of sensitive data, including personal financial, healthcare and authentication-related data, they needed to manage. 84 percent reported plans to boost their efforts to protect the privacy of sensitive data. There are problems with enforcement, however, with almost 84 percent of respondents reporting that employees don’t follow data privacy policies. 
**Link:** [  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ] (  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ) 

**Corporate privacy becoming a top business concern in 2015** 
(BPT) – As many as 43 percent of companies experienced a data breach in the past year – a 10 percent increase from last year, according to an annual study conducted by the Ponemon Institute. As companies scramble to keep their names out of the headlines by bolstering up security practices and protocols, it’s important to take a deeper look into the little things you can do to better manage privacy and security within your own company. 
**Link:** [  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ] (  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ) 

**Governor Terry McAuliffe announced today that the Commonwealth of Virginia is establishing the Nation’s first state-level Information Sharing and Analysis Organization (ISAO). ** 
“As Governor McAuliffe’s homeland security advisor, I’m excited that Virginia is leading the ISAO movement and look forward to working alongside our DHS, state, and other cybersecurity partners to help develop standards and best practices for information sharing with the private sector,” said Secretary of Public Safety and Homeland Security Brian Moran. 
**Link:** [  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ] (  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ) 

**This month’s second Patch Tuesday brings 34 Windows updates, all optional** 
Today’s list is much larger than normal, with 34 patches all rated Optional, meaning they will not be installed automatically. You have to open Windows Update and manually select one or more updates to install them. 
**Link:** [  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ] (  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ) 

**CIO-CSO tension makes businesses stronger** 
“There’s a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority,” says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates. 
One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business’ needs ahead of any personal need for career advancement or recognition, he says. 
**Link:** [  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**Report: Need better breach crisis? IT manager may not be best bet** 
Companies must have a strategy in place when a data breach occurs, and it looks like IT managers may not be best to handle a breach crisis, according to a new report by Booz Allen Hamilton. Instead, a business savvy leader at the company is better prepared to handle the problem, as they will be prepared to address crisis communications, legal issues, disaster recovery, and other strategic decisions that must be made. 
**Link:** [  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ] (  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ) 

**Webroot 2015 Threat Brief Reveals Smarter Threats and Rising Complexity of Cybercrime** 
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defense-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use. 
**Link:** [  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ] (  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ) 

**Standard Chartered hires former UK surveillance chief to combat cybercrime** 
The Asia-focused bank said Iain Lobban would become a member and senior advisor to the committee responsible for matters including anti-money laundering, sanctions compliance and prevention of corruption. 
**Link:** [  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ] (  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ) 

**NATO cybersecurity drill to focus on hackers** 
TALLINN, Estonia — About 400 computer experts will participate in a major cybersecurity drill in Estonia this week as part of NATO’s efforts to upgrade its capability to counter potentially debilitating hacker attacks, organizers said Tuesday. 
**Link:** [  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ] (  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ) 

**Honeywell : Technology First To Proactively Manage Cyber Security Risk For Industrial Sites; Honeywell’s Cyber Security Risk Manager Gives Industrial Users Real-Time Visibility** 
The Honeywell Industrial Cyber Security Risk Manager, is designed to simplify the task of identifying areas of cyber security risk, providing real-time visibility, understanding and decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments. 
**Link:** [  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ] (  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ) 

**Nation’s First Incident Management Center for Utilities Launched** 
A new training center to support incident management for the utility industry was announced today at the Western Energy Institute (WEI) Spring Operations Conference in Las Vegas. 
**Link:** [  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ] (  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ) 

**Google, Microsoft serve up security treats for productivity suites** 
Microsoft announced a trio of Office 365 security features, including a new API to feed data into SIEM systems and finer grain encryption for email, while Google has announced new a way for Drive admins to manage two-factor authentication keys for Google Apps at work. 
**Link:** [  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ] (  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  )