[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* Dropbox takes the reins, moves off AWS and onto its own infrastructure
* Here’s How Cyber Security, Big Data Are Edging Their Way Into Elite MBA Programs
* How to get started in IT security consulting
* Chinese hackers behind US ransomware attacks
* Cyber security is an enterprise risk: FERMA tells EC
* 5 Hot Security Job Skills
* UK surveillance bill might open a door to hackers
* Atiur Rahman, Bangladesh Central Bank’s Governor, Quits After Hackers Steal $101M From Foreign Reserves
* Could FTC Play Bigger Role in Card Security?
* Tech Diversity: Female Software Engineers Earn $10,000 Less Than Male Counterparts
* Congresswoman Katherine Clark announces cybercrime enforcement training bill at SXSW
* A Big Driver For Cybersecurity Spending? Wary Cyber Insurance Vendors
* Bank of England Faces ‘Advanced, Persistent & Evolving’ Cyber Threats
* What you need to know about Zombie servers
* Businesses still coming to grips with cyber impacts even as IT security spend beefed up
* Behaviometrics: A new era of cyber security!
* ASC cybersecurity: Developing an effective breach prevention program
* New Verizon survey identifies the worst phone owners in America
* Attackers Honing In On Teleworkers? How Organizations Can Secure Their Data
* Cyber security study reveals lack of boardroom governance across UK industries
* 6 Tips for CISOs Selling Security to the Board
* FCC Proposes Stringent Data Privacy and Security Rules for Internet Service Providers
* A rogue access point at RSA Conference? Here’s what happened
* IDC: Cyber Insurance Will Be Commonplace In The Future
Dropbox takes the reins, moves off AWS and onto its own infrastructure
After years of relying on the Amazon cloud to store its users’ files, Dropbox has shifted gears and begun using primarily its own technology instead.
“We’re excited to announce that we’re now storing and serving over 90 percent of our users’ data on our custom-built infrastructure,” the company said in a blog post Monday.
Dropbox stores two kinds of data: file content and metadata about files and users.
The service always had a hybrid architecture, whereby metadata was stored on Web servers in its own data centers while file content was stored on Amazon.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1593a98dd9&e=20056c7556
Here’s How Cyber Security, Big Data Are Edging Their Way Into Elite MBA Programs
Stuart Madnick, professor of information technology and director of (IC)3, MIT Sloan School of Management’s cyber security initiative, says there is a huge culture gap between those who make money and those who count it.
As a result, “companies need people in decision making roles that understand the consequences of cyber attacks. [But] that expertise is lacking,” he says.
The trend for business schools to jump on the big data bandwagon began in 2008.
Warwick Business School and NYU Stern for example are among those pioneering specialist master’s degrees in business analytics.
But now they are exploring more trendy information management topics.
Chief among them cyber security.
EDHEC has rolled out an elective course for its MBAs.
Others like Harvard, Oxford, and Stanford run full programs.
Coventry University Business School is pioneering an MBA degree in cyber security, which is backed by Sir Kevin Tebbit, the former director of Britain’s intelligence agency, GCHQ.
Given the explosion of high-profile hacks on companies from JPMorgan to Sony, schools say others will follow suit. “As it’s become a permanent part of the landscape for corporations it’s becoming a permanent part of the landscape for business schools,” says Jean-Pierre Auffret, director of the MSc in Secure Information Systems at George Mason University’s School of Business.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cb16e4a506&e=20056c7556
How to get started in IT security consulting
“Migrating security services to the cloud, incident response, forensics and security risk assessments are areas in high demand,” comments Brian Honan, founder of BH Consulting.
Aspiring consultants need to understand the various firms involved in the security business.
Each type of organization will vary by specialization, geographic emphasis and growth prospects.
Large consulting firms such as Accenture, Deloitte, KPMG, PWC and EY all have technology and security groups at their organization.
At a large multi-service firm, consultants benefit from strong institutional support (e.g.
Deloitte runs Deloitte University to support professional development).
The trade-off to these firms is that IT security may not always be a focus of the firm.
The future is bright for security consultants. “We expect to do a lot of hiring for security talent in Canada this year and in 2017,” he added.
Deloitte is currently hiring for a variety of cybersecurity consulting roles.
As of March 2016, the firm was looking for interns, analysts and consultants across the United States.
Typical job titles include IT security solution developer, cyber risk assessments consultant and cyber risk technical architect.
“Achieving success in this industry requires two skillsets: consulting and IT security capabilities,” explains Reg Harnish, CEO of GreyCastle Security.
Established in 2011, GreyCastle has over 20 security consultants and had six open job roles as of March 2016. “Finding qualified consultants is challenging so we take several approaches.
We recruit at trade shows, conferences and from local colleges and universities,” Harnish explains.
Large technology companies also offer cybersecurity consulting services to their clients. “Every morning, I face new problems to solve and research.
That constant variety and change makes the work exciting,” commented John Kuhn, senior threat researcher at IBM Managed Security Services. “IBM hires a variety of security professionals in different areas and we have partnered with universities to develop the next generation of security talent,” Kuhn explained.
Becoming an independent security consultant is often an excellent option for those keen to break into the field.
Running an independent practice requires several capabilities beyond technical knowledge.
Sales and marketing skills represent the stumbling block for most novice consultants.
Fortunately, there are ways to overcome this approach.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=729d57b4ec&e=20056c7556
Chinese hackers behind US ransomware attacks
Ransomware operators generally set modest prices that many victims are willing to pay.
Ransomware operators generally set modest prices that many victims are willing to pay.
Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cyber crime industry of ransomware, said four security firms that investigated attacks on US companies.
“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, who heads an incident response team at Dell SecureWorks.
Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers.
From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs.
Although they cannot be positive, the companies concluded all were the work of a known advanced threat group from China, Attack Research chief executive Val Smith told Reuters.
It is also possible, Burdette said, that companies which had been penetrated for trade secrets or other reasons in the past were now being abandoned as China backs away, and that spies or their associates were taking as much as they could on the way out.
In one of Dell’s cases, the means of access by the team spreading ransomware was established in 2013.
Dell said some of the malicious software had been associated by other security firms with a group dubbed Codoso, which has a record of years of attacks of interest to the Chinese government, including those on US defence companies and sites that draw Chinese minorities.
“The tactics of getting access to these networks are APT tactics, but instead of going further in to sit and listen stealthily, they are used for smash-and-grab,” Alderson said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a44eb2cffe&e=20056c7556
Cyber security is an enterprise risk: FERMA tells EC
Cyber security requires an enterprise-wide approach, and the risk manager’s role is to help the company achieve effective, data-based enterprise risk management, the Federation of European Risk Management Associations (FERMA) has told the European Commission.
In its response to the Commission’s consultation on public-private partnerships in cyber security concluded last week, FERMA stated:
“Businesses have difficulties with reaching a basic level of protection often due to a lack of risk insights and data driven risk mitigation.”
FERMA stressed that this overview of cyber risks across an organization, including into the supply chain, is critical especially with the development of the Internet of Things.
Using scenario-based analysis, the risk manager can quantify the overall cyber risk exposure and validate mitigation strategies on an enterprise basis.
FERMA also argues that public intervention is necessary in order to help organizations cope with the challenge of cyber risks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d64f994845&e=20056c7556
5 Hot Security Job Skills
The latest increases in demand for cybersecurity professionals are in industries managing high volumes of consumer data such as finance, up 137% over the past five years; healthcare, up 121%; and retail trade companies, up 89%, according to data from Burning Glass Technologies’ report “Job Market Intelligence: Cybersecurity Jobs, 2015,” which published last summer.
Here are five of the professional skills most in demand today for cybersecurity jobs:
1) Threat Intelligence/Security Operations Center Professionals
2) Product Development: Security software and security infrastructure developers
3) Cloud Security Specialists
4) Cybersecurity/IT Auditors
5) Big Data Analysis
Demand for analysts who are knowledgeable about Python, a programming language based on C and C++ languages, has grown 300% between 2010 and 2014, according to Markow.
Python supports rapid application development, allowing analysts to quickly create and customize tools.
There is also a healthy demand for people who understand the Apache Hadoop open-source programming framework for big data analysis and MongoDB, which delivers fast query speeds across large volumes of data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=69c3d57775&e=20056c7556
UK surveillance bill might open a door to hackers
NordVPN, which provides encryption services to clients worldwide, has seen an increase in enquiries from British Internet users as the UK Investigatory Powers Bill (otherwise known as Snoopers’ Charter) is scheduled to move to House of Commons on 14 March.
British users are afraid that their online activity and data will not be safe anymore if the Bill passes, and are looking for alternative ways to protect themselves – such as VPNs (Virtual Private Networks).
Similarly, NordVPN has already seen its users in Australia grow fivefold after Australian government started enforcing data retention law on October 13, 2015.
The company predicts a similar frenzy to get encrypted in Britain as well.
British online users are growing concerned, as their everyday tech devices that come with built-in protections will have their security weakened if the IP Bill passes and backdoors to encrypted devices become mandatory.
Apple and other tech firms warned not to pass the Bill, as it would endanger the Internet users’ security.
Online privacy advocates and even the UN privacy chief argued that the UK was setting bad example on surveillance.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1372788d67&e=20056c7556
Atiur Rahman, Bangladesh Central Bank’s Governor, Quits After Hackers Steal $101M From Foreign Reserves
Rahman told Reuters that Prime Minister Sheikh Hasina accepted his resignation.
Muhith had asked 64-year-old Rahman to submit his resignation, according to Agence France-Presse (AFP).
The theft in question happened between Feb. 4 and Feb. 5, when hackers broke into Bangladesh Bank’s computer systems and transferred millions from its account at the Federal Reserve Bank of New York to casinos in the Philippines.
The cyberheist sent officials in Bangladesh, Sri Lanka and the Philippines into frenzy where most of the stolen money was found.
Of $101 million, the central bank said it recovered $20 million and $81 million is outstanding, Bloomberg reported Tuesday.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dac0beac0b&e=20056c7556
Could FTC Play Bigger Role in Card Security?
The Federal Trade Commission’s review of how nine qualified security assessors scrutinize merchants’ compliance with Payment Card Industry security standards could be a sign that more federal oversight of payments security is on the way.
On March 7, the FTC issued orders to nine companies that serve as QSAs, asking them to provide information about how they audit merchants’ compliance with the PCI Data Security Standard.
The FTC says it plans to use the information it collects to compile a study that reviews PCI-DSS compliance and assessments.
But industry experts say this could be the FTC’s first step toward ensuring all companies are assessed for PCI compliance in the same way.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f05d14da1a&e=20056c7556
Tech Diversity: Female Software Engineers Earn $10,000 Less Than Male Counterparts
AUSTIN, Texas — While Silicon Valley has spent the past three years grappling with its lack of staffing diversity, one underlying matter has largely remained unspoken: the pay gap between men and women, one of the key barriers preventing the tech industry from hiring and retaining more women.
Across the U.S., women earned 79 percent of what men did in 2014, according to the American Association of University Women, and even in tech, the pay gap persists.
Women in engineering are paid just 82 percent of what men are paid, while women in computing earn just 87 percent of what their male counterparts earn.
Among software engineers, the gap appears to be as wide as $10,000 per year, say new findings by Hired, a startup that specializes in helping tech companies recruit candidates.
Hired found that in 2015 female software engineers set their salary requests at $115,000 per year on average, while men set their requests at $125,000.
Candidates typically set their requested salary based on increases from their current salaries, so the data provides a peek into where the salaries of women in tech stand compared to those of men.
Recently, some companies in the tech industry have begun to get serious about the matter.
Salesforce, for example, has loudly been touting the issue and claiming that it has spent $3 million to bring women’s salaries to parity.
Additionally, tech giant Cisco Systems and hot startups Slack and Pinterest all pledged their commitments toward pay parity last year, and most recently, Elon Musk, CEO of the rocket-building startup SpaceX, said his company would audit pay as well.
As it stands, women hold just 33 percent of all jobs in the tech industry, according to an analysis of company reports provided by 500 Miles, a startup that helps candidates make informed decisions about where to work and helps companies find talent.
Additionally, 52 percent of women in tech leave their jobs after a few years in the industry, the Harvard Business Review reported.
Proponents of tech diversity say that closing the gender pay gap is critical if the industry hopes to hire and retain more women.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=959bf43a89&e=20056c7556
Congresswoman Katherine Clark announces cybercrime enforcement training bill at SXSW
Representative Katherine Clark (D-MA) has announced a new federal bill to ramp up cybercrime enforcement training for police departments and create a national resource center that hosts a cybercrime-specific library.
Clark announced the bill at a SXSW panel about how law enforcement and the tech industry can work together to bring down online trolls.
The proposed legislation, called the Cybercrime Enforcement Training Assistance Act, would establish a $20 million annual federal grant for state and local law enforcement agencies to train police officers, prosecutors, and emergency dispatchers in identifying and prosecuting cybercrimes.
The funds would also be used to aid in extradition of cybercriminals between states.
A second, $4 million annual federal grant would be used to establish a national resource center, which Clark told The Verge would ideally house a library of shared resources: investigative techniques, training modules, and data about how cybercrime affects specific populations such as women, people of color, and the LGBT community.
Clark also envisions the center hosting training sessions for community organizations, organizing support for victims, and providing technical assistance to local law enforcement.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d1362e0adc&e=20056c7556
A Big Driver For Cybersecurity Spending? Wary Cyber Insurance Vendors
Insurance firms themselves are putting some brakes on the cyber insurance business at this point, because they’re as scared of mega-losses as their potential clients are, says Mark Weatherford, chief cybersecurity strategist at Mountain View, CA-based security tech firm vArmour.
Insurers are granting cyber insurance policies selectively, and limiting the amounts that policyholders can recover if they make claims after being hacked.
When insurers do sell cyber policies, they want to know what security software and other measures their potential customers have in place before they set a rate for premiums, says Weatherford, a former cybersecurity deputy with the Department of Homeland Security, and a former top security official for the states of California and Colorado.
One of the reasons why companies may limit spending on cybersecurity measures is cost.
Chief information security officers can find it difficult to justify the expense to company board members, because it’s hard to put a number on the financial risks related to a breach, Weatherford says.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=37be7f41d6&e=20056c7556
Bank of England Faces ‘Advanced, Persistent & Evolving’ Cyber Threats
The revelation was made in a response by the U.K. central bank to a Freedom of Information request by Bloomberg News.
The BOE declined to release data about the number of times it’s been attacked and its spending on external cyber-security companies, citing an exemption from requirements linked to the prevention of crime.
“The bank faces advanced, persistent and evolving cyber threats from a variety of sources which call for extreme vigilance,” it said in a January letter.
On March 3, the Information Commissioner’s Office, which handles Freedom of Information appeals, said it accepted the bank’s reasons for not releasing data and dismissed Bloomberg’s claim.
A BOE spokeswoman declined to comment further.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c3adb68271&e=20056c7556
What you need to know about Zombie servers
despite the increase in investment and education to mitigate cyber risks, cybersecurity remains a pressing concern for businesses in the APAC region with the rise of an overlooked danger – Zombie servers.
Zombie servers, otherwise known as “comatose” servers, are the servers lurking in enterprise networks that are consuming high amounts of power, storage and other resources without generating useful output.
According to a study conducted with Jonathan Koomey, a research fellow at Stanford University, and using data from TSO Logic, it is estimated that there are 10 million “comatose” servers running in enterprises around the world.
These servers drive up IT costs by consuming energy and stealing resources from legitimate applications and processes.
As the healthcare organizations in Singapore move towards consolidating their data and building a more integrated healthcare system for Singaporeans, there is increased importance in making sure cybersecurity is the top priority.
In Singapore, healthcare organizations are subject to legislative mandates such as the Personal Data Protection Act (PDPA), which governs the collection, use, disclosure and care of personal data.
Failure to comply can result in substantial financial penalties, and more importantly, the loss of a stellar reputation.
To eradicate this problem of Zombie servers, businesses can utilise tech tools such as discovery and dependency mapping solutions.
This is especially essential in the healthcare industry to ensure the security of the vast amounts of sensitive data handled.
With discovery and dependency mapping solutions, businesses gain the visibility they need to track down and eliminate these culprits and bar them from entering their networks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6c40a6b087&e=20056c7556
Businesses still coming to grips with cyber impacts even as IT security spend beefed up
Australia is Asia Pacific’s biggest spender on security with businesses, organisations and governments increasingly committing funds to combat an ever-growing threat from cybercrime, however security maturity has not matched this spend.
For many APAC governments, including Australia, IT security is fast becoming a matter of national defence and national security.
Citing the IDC report, Lee says that when it comes to spending on IT security, “most of this spend goes into security software, as one might expect as security appliances become virtualised and cloud services mature, yet Australia still has more than its fair share of high-profile attacks”.
“David Jones, Kmart, Queensland TAFE, Pacnet (now Telstra), and Woolworths are just some of the Australian household names caught up in a breach of security in one form or another, and that was in 2015 alone.
IDC does say that Australia invests heavily in the security software space as a percentage of overall software investment, second only to South Korea, and that we spend more on IT security than any other market — including China, for software products — although “Beijing did surpass Canberra for security services spending in 2014”.
“Gartner’s Market Trends Security Analytics report highlights that security information and event management (SIEM) solutions have become the most popular bolt-on that organisations have deployed, in many cases almost as knee-jerk reaction to high-profile breaches.
But SIEM’s role is to collect, store and analyse data, and Verizon Enterprise’s 2015 Data Breach Investigations report showed that SIEM was able to identify an advanced threat breach less than 1% of the time.
Lee also cites IDC’s prediction on various developments in IT security with future implications for the APEJ market, including a forecast that by 2020, half of all AP electronic transactions will be authenticated biometrically, driven by the widespread adoption and use of biometric-enabled mobile devices.
IDC warns of supply chain risks, forecasting that by 2019, geopolitical divisions and global economic instability will result in cyberattacks targeting suppliers, forcing businesses in the Asia Pacific to increase spending by 35% or more to mitigate the risks.
• Self-Defending Applications.
By 2019, adoption of application containerization for 3rd Platform applications in private, public, and hybrid cloud scenarios will rise more than 30%, creating an era of self-defending applications
• Cyber Insurance Maturity.
By 2019, maturing cyber insurance models will enable insurers to influence security spending in three quarters of industry-regulated buying decisions
• Data Security Analytics Windfall.
By 2017, the security services market will increase by at least 30% due to the scarcity and high price of available data scientists, leading sub Fortune 100 companies to seek alternatives
• EU Data Protections Regulations.
By 2019, 20% of security spending will be driven by EU data protection regulation and privacy concerns.
Jurisdiction issues among trading regions will not be resolved, leading to a patchwork of compliance regimes
• Tracers and Tethers.
By 2018, 2nd Platform perimeter defences will be surpassed by 3rd Platform-architected, meshed security systems based on a tracers and tethers architecture, creating symbiotic security defences
• SaaS Security Adoption.
By 2020, more than half of Web security market revenue will come from cloud-based offerings over traditional on-premises gateways
• Corporate Responsibility.
By 2017, one-third of corporate boards will fill a seat with a risk mitigation expert who can provide guidance on data privacy and security initiatives.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=af21376a8d&e=20056c7556
Behaviometrics: A new era of cyber security!
Welcome to a brand new world of ‘Behaviometrics’- a cyber security technology which uses user’s gesture as a password.
This conveniet yet impossible to hack technology was developed by the researchers of Ohio University.
The best part is that behaviometrics is compatible with virtually all touchscreen devices.
This technology provides the safest and more secure mode of authentication which does not require user to memorize different usernames and passwords.
Behaviometrics senses the dynamics of your movements, which is unique and differ inter- personally.
It analyzes how your action unfolds in both space and time and with what intensity.
The algorithm uses the criteria of multi-matching system and the recorded data must maintain its “shape” and the relativity of space and time in human movement.
So, any random adjustment could disrupt the movement flow in both space and time.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f0a28073b1&e=20056c7556
ASC cybersecurity: Developing an effective breach prevention program
As general rule, if a computer, tablet, smartphone or any other electronic device is connected to the internet, then it’s vulnerable to a cyberattack.
And with more and more patient information undergoing digitization, this threat will only become more acute for our industry in the coming years.By implementing best practices in the following areas, however, ambulatory surgery centers and other providers can begin to limit their exposure to such a breach, and avoid costly and labor-intensive clean-up efforts that are left in its wake.
Legal agreements
Providers should outsource their liabilities as much as possible.
This starts with following a business associated agreement (BAA), a requirement under the Health Insurance Portability and Accountability Act (HIPAA).
BAAs ensure that electronic health records (EHR) and other data management vendors share the responsibility for keeping patient data safe.
Cloud computing
Offsite data storage is an additional tactic for outsourcing liability against a cyberattack.
Big players like Amazon and Microsoft, as well as smaller industry-specific vendors, put leading information system security resources and expertise into the hands of even the smallest ASC.
External auditors
While the thought of someone outside of your organization rummaging through your computer files might not be appealing, external auditors can tell you where your current security efforts are lacking and what your practice can do to fix them.
Staff training
One of the most common ways for hackers to penetrate a system is through social engineering—a non-technical method used by hackers to access sensitive information.
HIPAA experts/consultants
At times, it’s necessary to bring in outside help.
Hiring an experienced HIPAA security consultant will often provide an organization with the necessary expertise to reduce threats and avoid fines.
Cybersecurity insurance
Whether it’s after a fire, flood or cyberattack, insurance offers businesses protection for unexpected financial loss.
And as the incidence of data breaches increases, so, too, has the need for IT-specific insurance solutions.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a52c26be10&e=20056c7556
New Verizon survey identifies the worst phone owners in America
In fact, a new study by Verizon and KRC Research released today shows that nearly half (49 percent) of American mobile phone owners have broken or lost a mobile phone – in fact, on average, they’ve broken or lost two.
Interestingly, Millennials in particular drop their phones twice as many times per week – an average of four – than Gen Xers or Baby Boomers.
And parents are more likely to have broken or lost their mobile phone (67 percent) than phone owners without children (38 percent).
Asked about the most embarrassing ways phone owners can break their devices, the top responses were:
Dropping it in water (43 percent) or sending it through the wash (42 percent)
Throwing it (22 percent)
Dropping it out of a window (20 percent)
Finding a pet chewing it (20 percent)
Tripping and landing on it (20 percent)
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ebb5185bd3&e=20056c7556
Attackers Honing In On Teleworkers? How Organizations Can Secure Their Data
As the number of employees who telework trends upward-and new kinds of devices are used in telework-the National Institute of Standards and Technology (NIST) is updating its guidance to include the latest technology available to strengthen an organization’s remote-access data security.
NIST is revising its telework publications, published in 2009, to now cover the booming use of BYOD and the use of contractor and vendor devices to access organizational resources.
The guidance also explains two new technologies that are critical in securing telework devices.
Virtual mobile infrastructure (VMI) technologies deliver a secure virtual environment to a mobile device used for telework.
Another newer technology, mobile device management (MDM), can enforce security policies on mobile devices, including BYOD and vendor/contractor devices, on behalf of the organization.
NIST is seeking comments on the two draft publications-Special Publication 800-46 Rev. 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (Draft), and Special Publication 800-114 Rev. 1 User’s Guide to Telework and Bring Your Own Device (BYOD) Security (Draft).
The deadline for comments is April 15, 2016.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d9b40dc457&e=20056c7556
Cyber security study reveals lack of boardroom governance across UK industries
Nearly half of UK companies polled across major sectors lack well-developed crisis management plans to deal with data breaches, a study commissioned by global tech firm CGI has revealed.
While 81% of respondents said they have increased cyber security scrutiny after the TalkTalk breach, only 53% said they had data breach management plans in place, according to the survey of more than 150 UK board members by the Centre for Economic and Business Research (CEBR).
The survey also revealed that 48% of respondents said cyber security appears on the agenda only “every few months”, with many covering it less than twice a year, and only 9% of their IT budget, on average, is devoted to preventing cyber attacks.
The study revealed that almost 30% of UK boardrooms in the UK’s key sectors of the economy still view cyber security as an IT issue, with only 35% of boardroom executives believing their board has a high le