Category: News

Key features of RSA Archer Business Continuity Management and Operations include:

* Risk Register – Helps users identify, evaluate and mitigate risks that may impact their organization, locations, processes or partners.
* Business Impact Analysis (BIA) – Gives users the ability to evaluate the criticality of their processes and determine recovery objectives (RTO and RPO) that are coordinated across supporting infrastructure.
* Centrally managed business continuity and disaster recovery plans – Allows users to develop detailed recovery plans for business processes or IT assets, utilizing automated workflow for plan testing, activation and approval.
* Enhanced crisis management and response – Helps enable users to report and manage crisis events, send emergency notifications to communicate crisis information to appropriate personnel, and activate business continuity or disaster recovery plans to recover disrupted business operations, facilities or IT infrastructure.
* Tighter integration with other RSA Archer GRC components – Lets users relate business continuity management components to organizational units (e.g., divisions, business units) and infrastructure (e.g., processes, facilities, IT applications or vital records) for visibility, accountability and reporting.
Additionally, RSA has also introduced the availability of the RSA Archer BCM Mobile App. As a key component in a GRC mobile strategy, the app is designed to augment hard copy plans and enable rapid response during a crisis situation by offering visibility into business continuity or disaster recovery plans and associated strategies, tasks, calling trees and requirements from most locations. In the event that a data center is not available, the RSA Archer BCM Mobile App is engineered to provide high availability, allowing the end user offline access to resources from the time the app was last synced. Additional capabilities including a Mobile App Toolkit built to enable customers to create and design custom applications including questionnaires and assessments will also be supported in a future release.

Link: http://www.continuitycentral.com/news06623.html

The difference between the first and final outages reflect the fact that phishing attacks will sometimes fluctuate up & down on compromised hosts where the fraudster may still have access to the system and be able to replace his content after the site owner removes it.
Phishing attacks NetCraft dealt with in the UK & Ireland have a shorter median lifetime than those hosted in the US, whilst phishing attacks we have taken down in Iran have a median lifetime of just under 30 hours, around five times longer than Russia.

In addition to providing fast takedown of the fraudulent content, the countermeasures service is also linked to our phishing site feed, which is licensed by all of the main web browsers, together with many of the largest anti-virus and content filtering products, firewall and network appliance vendors, mail providers, registrars, hosting companies and ISPs.

Link: http://software.einnews.com/article/133794636/vTqnhs5_BDS4YwpM?n=2

“Really in the cyber world, myself, Bob Mueller — the head of the FBI, and Keith Alexander — General Alexander — the head of the NSA, have worked very closely together to develop playbooks and to really ascertain who has what roles and what responsibilities in different types of scenarios,” Napolitano said.

In “civilian space” — described as the dot-coms and dot-orgs of the internet — she said “our ability to detect, prevent, and mitigate is materially based on whether we know something has occurred.”

According to the Associated Press, President Obama wrote an executive order that would allow DHS to share cyber-threat information, gathered by the government, with businesses involved in critical infrastructure.

NBC News reported that President Obama is expected to sign the order and that it “would set up a voluntary system to help protect some critical infrastructure and offer incentives to companies that participate. But without a new law, companies cannot be granted any kind of legal immunity for sharing information with the government and within the industry about potential threats.”

Link:http://www.examiner.com/article/cyber-attack-is-imminent-says-dhs-secretary-napolitano

Paunescu, a Romanian national based in Bucharest, operated a so-called “bullet-proof” hosting service using computers housed in Romania, the United States and other countries. The complaint says Paunescu provided Kuzmin and others with servers and IP addresses that allowed them to use and distribute Gozi and other banking Trojans such, as Zeus and SpyEye, with relative anonymity.

The court papers also allege Paunescu’s rented servers hosted the tools used to launch distributed denial of service attacks, including several that took advantage of the infamous Black Energy botnet. The server were often used as command and control servers for botnets and as proxy systems that let attackers to hide their identities, the complaint said.

Calovskis, a Latvian national, was indicted on charges of developing a web injection code that was used to alter how banking websites appeared on infected computers. The software fooled victims into providing key security information such as their mother’s social security number and mother’s maiden name when they attempted to log into their bank’s website.

http://www.computerworld.com/s/article/9236055/Three_indicted_for_making_spreading_Gozi_Trojan?source=CTWNLE_nlt_pm_2013-01-23

Paunescu, a Romanian national based in Bucharest, operated a so-called “bullet-proof” hosting service using computers housed in Romania, the United States and other countries. The complaint says Paunescu provided Kuzmin and others with servers and IP addresses that allowed them to use and distribute Gozi and other banking Trojans such, as Zeus and SpyEye, with relative anonymity.

The court papers also allege Paunescu’s rented servers hosted the tools used to launch distributed denial of service attacks, including several that took advantage of the infamous Black Energy botnet. The server were often used as command and control servers for botnets and as proxy systems that let attackers to hide their identities, the complaint said.

Calovskis, a Latvian national, was indicted on charges of developing a web injection code that was used to alter how banking websites appeared on infected computers. The software fooled victims into providing key security information such as their mother’s social security number and mother’s maiden name when they attempted to log into their bank’s website.

http://www.computerworld.com/s/article/9236055/Three_indicted_for_making_spreading_Gozi_Trojan?source=CTWNLE_nlt_pm_2013-01-23

“Given the responses highlighting the need for better data access, and revealing inconsistent measurement and process improvements, this year’s respondents appear to be much more honest, realistic and self-aware. This is a significant change compared to previous years, as professionals are becoming more vocal about their dissatisfaction with traditional security practices’ inability to provide the intelligence necessary to counter evolving threats and address organizations’ changing requirements.”

When studying responses stating that professionals had “inconsistent” and “consistent” measurements and comparing them year over year, Sensage discovered that, while slightly more than 50% of the respondents felt they were inconsistently measuring in 2010 and 2011, 61% shared that challenge in 2012.

While responses in 2010 and 2011 reflected a close split between those who consider their processes coordinated and those that don’t, that was not the case in 2012, where 66% of respondents felt that they were resorting to reactive triage or had no coordination at all.

The bad news: A massive drop — from 18% in 2010 to 5% in 2012 — of those who felt they had a consistent and adequately staffed process improvement program.

More bad news: When comparing respondents who maintain consistent process improvement, there was a significant drop, from 65% in 2011 to 40% in 2012.

The bad news: A massive drop — from 18% in 2010 to 5% in 2012 — of those who felt they had a consistent and adequately staffed process improvement program.

More bad news: When comparing respondents who maintain consistent process improvement, there was a significant drop, from 65% in 2011 to 40% in 2012.

Worse news: 96% of 2012 respondents had no process, inconsistent process or consistent process that was understaffed.

For more information: http://www.net-security.org/secworld.php?id=13499