CyberSecurity Institute – Page 77 – Security News Curated from across the world

10 tips to secure funding for a security program

Posted on April 22, 2013December 30, 2021 by admini

In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. To start the budget discussion, you must stress cost avoidance rather than profits and you will need hard, empirical evidence to depict the business risks and associated costs. Therefore, the best way to approach senior management to fund your cybersecurity program is to cast the expenditures using an ROI approach.

1. Set the foundation for security funding before you need it; and once established, keep it strong.
2. Don’t use scare tactics.

3. Establish your cybersecurity credentials within your organization.

4. Relate your security risks to the business.

5. Outline the need in plain English.

6. Develop a plan that meets the security needs but also considers financial constraints.

7. Once you get the funding, follow the plan you outlined.

8. Provide constant feedback on the security program.

9. Use outside resources to support your request.

10.Always emphasize that cyber security is not an “information technology” issue — it is an organizational risk management issue.

Link: http://www.csoonline.com/article/732053/10-tips-to-secure-funding-for-a-security-program?source=CSONLE_nlt_update_2013-04-21

Hacking collective Anonymous calls for Internet blackout on April 22 to protest CISPA

Posted on April 21, 2013December 30, 2021 by admini

This will not be the first Internet blackout in protest of a government bill. On January 18, 2012, more than 7,000 websites, including Wikipedia, Reddit and Google, protested SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), which were accused of similar breaches on online privacy.

President Barack Obama has threatened to veto CISPA for failing to adequately address privacy concerns.

Link: http://www.sify.com/news/hacking-collective-anonymous-calls-for-internet-blackout-on-april-22-to-protest-cispa-news-international-nevombfigca.html

Cybercrime dominates federal caseload, Hickton says

Posted on April 21, 2013December 30, 2021 by admini

And Hickton said cybercrime investigators last year solved a string of bomb threats at the University of Pittsburgh and its related hospitals, a case that many thought would go unsolved, but culminated with the arrest of a suspect in Ireland.

The drug trade in western Pennsylvania has been traced to illegal narcotics kingpins in Newark, N.J., Cleveland and Detroit, Hickton said, but his office is seeing a major, deadly new trend emerge: the abuse of prescription pills facilitated by doctors and pharmacists in the region. “A lot of people sit back and say, ‘This is not in my community,’ but Washington County had more than 50 basically synthetic heroin deaths through pill abuse last year.

Attorney’s office has prosecuted some well-publicized cases in Indiana County in recent years, including the guilty pleas and sentencing of three men who admitted burning a cross on the lawn of a multirace family’s home in Robinson, West Wheatfield Township, and the current investigation of the embezzlement of millions of dollars from Falcon Drilling Company in Indiana.

“It will be a large organization of community leaders that’s working on crime prevention councils … beginning with a partnership with the United Way called Be One in a Million, a mentoring program that spins off an existing program called Be a Sixth Grade mentor,” Hickton said.

The components with jobs and with cyber are a part of that, it’s understanding that there may be a connection to make western Pennsylvania the go-to place for cyber like it is a go-to place for Marcellus shale right now,” Hickton explained.

“I have my responsibilities to bring the cases and enforce the law, but in my view, to do this job correctly, you have a broader mission and that is to ensure freedom and justice, by enforcing the law and protecting the public welfare,” he said. And what good do I do, really, if all I do is just hammer criminals and bring drug prosecutions if I don’t recognize that maybe we need to go and find out who are the church leaders and how can they help, who are the dedicated community activists?

Link: http://www.indianagazette.com/news/indiana-news/cybercrime-dominates-federal-caseload-hickton-says,17070503/

FISMA Reform Passes House on 416-0 Vote

Posted on April 20, 2013December 30, 2021 by admini

The bill addresses a perceived shortcoming of FISMA, which promoted a checkbox mindset in the federal government, where grading agencies on the security items they can check off a list to impress auditors seemed more important than monitoring systems continuously to determine if they’re secure.

Absent from the Federal Information Security Amendments Act are provisions that would grant the Department of Homeland Security increased authority to oversee federal civilian agencies in the implementation of information security. The Obama administration, backed mostly by Senate Democrats, has ceded some of the Office of Management and Budget oversight of government IT security to DHS, and the Cybersecurity Act of 2012 would have codified that. Distrust exists among some lawmakers about giving that kind of authority to DHS, and contention last year over Homeland Security’s role in governing IT among civilian agencies is one (but not the only) reason the Cybersecurity Act never came up for a vote.

Under the Cybersecurity Enhancement Act, approved 402-16, the National Science Foundation, National Institute of Standards and Technology and other key federal agencies would develop and implement a strategic plan for federal cybersecurity research and development. NIST would be required to have a specific focus on the security of the industrial control systems that run critical infrastructure, such as the power grid, and identity management systems that protect private information.

Link: http://www.govinfosecurity.com/fisma-reform-passes-house-on-416-0-vote-a-5694?rf=2013-04-19-eb&elq=5a344ab33c544dcaa0986c8c9693692a&elqCampaignId=6502

U.S. Air Force cadets win cyber war game with NSA hackers

Posted on April 20, 2013December 30, 2021 by admini

The annual Cyber Defense Exercise (CDX), now in its 13th year, gives students real world practice in fighting off a increasing barrage of cyber attacks aimed at U.S. computer networks by China, Russia and Iran, among others. It also allows the NSA’s top cyber experts and others from military reserves, National Guard units and other agencies hone their offensive skills at a time when the Pentagon is trying to pump up its arsenal of cyber weapons.

While the students sleep or catch up on other work, some of the NSA’s “Red cell” attackers use viruses, so-called “Trojan horses” and other malicious software to corrupt student-built networks or steal data – in this case, long sets of numbers dreamt up by the officials coordinating the exercise.

Army General Keith Alexander, who heads both the Pentagon’s Cyber Command and the NSA, stopped by to see the “red cell” hackers in action at a Lockheed Martin Corp facility near NSA headquarters on Thursday, said spokeswoman Vanee Vines. Alexander often speaks about the need to get more young people engaged in cybersecurity given the exponential growth in the number and intensity of attacks on U.S. networks.

The Pentagon’s budget for cyber operations rose sharply in the fiscal 2014 request sent to Congress, reflecting heightened concerns about an estimated $400 billion in intellectual property stolen from U.S. computer networks in recent years.

“The real payoff of this program is going to be seen 10, 15 years down the road when these individuals are admirals and generals,” he said.

Link: http://uk.reuters.com/article/2013/04/20/us-usa-cyber-academies-idUKBRE93J00T20130420

A GUIDE TO INCIDENT PLANNING AND LEADERSHIP

Posted on April 19, 2013December 30, 2021 by admini

For this reason, it is helpful to consider your role as a crisis manager in the face of a real event, such as the sudden, widespread internet interruption recently experienced across the island of Taiwan.

Though the blaze was contained quickly, this localized event caused a major national disruption. 80 percent of Internet services across Taiwan were impacted by what the Taipei Times indicates may have been the worst interruption for Taiwanese Internet users since the 921 earthquake of 1999.

Several lessons can be learned from this event about successful crisis leadership, not the least of which is that as a crisis manager, you always need to be ready for new categories of emergency. In a global economy where business operations are increasingly supported by cloud-based infrastructure, a small fire at one data center was able to impact the Internet services of most of a nation of over twenty-three million.

As a crisis manager, both before and during the event, you must consider the questions this emergency raises: What is the impact for your organization of a widespread Internet outage?

Ensuring that your IT framework and communications lines are sustainable is a key part of your role as crisis manager, and will enable you to operationalize your business continuity plans seamlessly if an event does occur?

It is also important that while planning a business continuity strategy, you establish an overarching vision of your crisis management that can be expressed in the details of your plan.

Prepare checklists of immediate action items for each type of event, and when doing so, look to a business continuity planning software platform that will allow you to streamline and automate these responses.

If testing reveals, for instance, that an emergency at one of your locations, such as a data center complex, or a network operations center, can bring your entire operation to a halt, you will have time to rethink your plans.

Even if you are executing your business continuity plan and your secondary data center is up and running, you need to know the questions to ask, both to make sure the plan runs smoothly, and to ensure you have a complete understanding of the situation.

It is likely that your initial information will be skewed or false in some way, so be prepared to revise your response one or two times in the initial moments of an emergency.

By writing during a crisis and logging all your actions, you will not only increase your clarity, focus, and decision making skills, but you will also have a record of your actions on hand for review after the incident is resolved.

Link: http://www.continuitycentral.com/feature1065.html