The session, presented by the 2013 East Tennessee Cyber Security Summit Planning Committee, will discuss new information regarding Chinese hacking.

The committee is offering this session to members of the local cyber practitioner community for free if the member attended the 2012 Cyber Security Summit. Those who did not attend the summit, but who want to attend this session will be charged a $10 cash fee.

Dean and Wouldenberg will present the updated information at the Fountainhead College of Technology West campus at 10208 Technology Drive from 1 to 4:30 p.m.

Dean will discuss detailed forensics from actual cases.  He will concentrate on discovering the intrusion, preventing data loss, and effective remediation.

Woudenberg will cover China’s cyber “hacking” programs and concentrate on motivation, organization, activity, and techniques.  She is a former CIA Case Officer with years of relevant experience, and speaks to audiences around the globe about the vulnerability of SCADA systems.

The presentations are unclassified and were initially being offered exclusively to 2012 Summit attendees.  This program is NOT open to the general public. You must be invited or be a member of the cyber security community. Seating is limited for this event, so an RSVP is required.  Please email your request to attend to Pat Payne, paynepw@ornl.gov.  Your confirmation and directions will be emailed once your place is assigned.

Cyber Group Offers Special Update on Chinese Threats on May 29 is a post from Sword & Shield Enterprise Security, Inc..

Bill Dean

With little modification to their malicious code, Chinese hackers are back in business and U.S. companies need to assume this code is already on their IT networks.

As the information security industry is well aware, the cyber security company, Mandiant, published a paper in February detailing cyber-espionage involving the compromise and intellectual property theft of hundreds of U.S.-based companies.

Not only did the report disclose the origin of the attacks as originating from China, but actually pinpointed the Peoples Liberation Army (PLA), in detail, as the culprit. The Chinese government, with very careful wording, disputed these accusations.

Is there additional information supporting these claims of Chinese cyber-espionage on U.S. companies? As an organization that provides incident response services, our answer is, “Yes.”

When the Mandiant report was published on the heels of President Barack Obama’s executive order for “Improving Critical infrastructure Cybersecurity”,” incident responders applauded the disclosure of what was common knowledge in the incident response community.

This report brought to light to what incident response organizations have been reporting to their clients for years: China is infiltrating your computer networks for long durations of time and obtaining your valued intellectual property. The report also did a great job of simplifying the situation for the needed executive understanding from a business impact perspective.

Once the admiration of the needed disclosure was realized, the incident response community then became somewhat concerned. Over time, incident response organizations had developed successful tools and techniques for identifying this specific threat for our clients. Now that the adversary has been “ousted”, will they raise their game and change their methods making the identification more difficult?

Recent news reports from sources, including the New York Times, indicate that the identified China hacking groups are back “in business”.

The good news for incident response providers is that, according to the New York Times article, “the hackers now use the same malicious software they used to break into the same organizations in the past, only with minor modifications to the code.”

Why would these skilled hacking groups with such a valuable objective not do more to make their objectives more obscure? Because organizations were not successful in stopping them in the past and little modification is needed for their continued success.

While incident response organizations valued the indicators of compromise (IOC) signatures provided by the Mandiant report, only slight modifications are needed to make the detection of future compromises just as difficult to detect moving forward.

We have to ask why China is so successful in infiltrating our computer networks and stealing the intellectual property that makes our country superior.

The answer is simple: we are doing information security wrong.

Gartner reported that IT security spending in 2012 was $60 billion; half of this spending was the United States. We spend IT security budgets for building our high walls and wide moats to keep the adversaries out of our networks.

However a Verizon data breach report indicates that 72 percent of the time, our computer infrastructure is compromised within seconds or minutes. To bring insult to injury, the same report indicates that organizations are notified by a third party of a data breach 92 percent of the time.

So let’s get this straight – American based companies spend approximately $30 billion dollars a year in information security and we are compromised 72 percent of the time in seconds or minutes? In addition, we don’t detect it and have to be notified by a third party?

We must stop focusing our entire budgets, time, and energy on keeping the intruders out. We must shift some focus to looking for intruders that are already on our networks. Assume the adversaries are already on your network and start looking for them.

Bill Dean is Sword & Shield’s director of computer forensics and security assessments. In 2005, he was recognized as the primary architect for an Intel virtualization/server consolidation project and was awarded Network World’s “Enterprise All Star” and “InfoWorld’s Top 100 Projects.” Since that time Dean has focused his career on the specialties of systems security, electronic discovery, digital forensics, and incident response. He served as the technical expert and provided Federal Court testimony in the 7th largest eDiscovery case in 2007. He is a Certified Penetration Testing Specialist, Certified Computer Examiner, GIAC Certified Incident Handler (GCIH), a GIAC Certified Forensic Analyst (GCFA), AccessData Certified Examiner, and an active member of the International Society for Forensic Computer Examiners.

Assume the Enemy is Already on Your Network and Look for Them is a post from Sword & Shield Enterprise Security, Inc..

Michelle Caswell

Sword & Shield Risk and Compliance Consultant Michelle Caswell is among an “all-star cast” of healthcare privacy and security experts scheduled to speak at the Healthcare HITECH Privacy and Security Summit on Tuesday, May 21 at the Hilton Universal City Hotel in Los Angeles.

The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) and the Healthcare Information and Management Systems Society (HIMSS) Southern California, have partnered to hold the summit, as part of the ISSA-LA Fifth Annual Information Security Summit, The Growing Cyber Threat: Protect Your Business. The events advance ISSA-LA’s core belief that, “It takes the village to secure the village.”

According to a press release issued by the groups, the Healthcare HITECH Privacy and Security Summit will bring together leaders in privacy and security within government and private industry for a day of collaboration, networking and presentations by leading privacy and security professionals. Attendees will learn from experts what they need to know to comply with new HIPAA/HITECH rules and OCR investigations.

The U.S. Department of Health and Human Services (HHS) published the rule January 17, which modifies the privacy and security, breach notification, and enforcement regulations, now a part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) . Covered Entities and Business Associates must be in compliance with the final rule by Sept. 23.

“The summit is packed with an all-star cast of speakers, who will share their knowledge and experience to help prepare covered entities and business associates to meet the September 23, 2013 HHS compliance deadline of the final omnibus rule,” said Richard Greenberg, information security officer for Los Angeles County Public Health, ISSA Fellow and ISSA-LA board member. “You’ll hear directly from a wide variety of professionals, including Yun-kyung (Peggy) Lee of the U.S. Department of Health and Human Services, Office of Civil Rights, who will prepare attendees what to do in case of an OCR investigation. We have attorneys, CISOs, a privacy officer, and other experts who will engage with attendees as part of panels on BYOD and Business Associates, and during the roundtable luncheon.”

Former White House Cybersecurity Coordinator and Special Assistant to the President Howard Schmidt will be the opening keynote speaker.

According to the Open Security Foundation’s DataLossDB, which tracks the loss, theft, or exposure of personally identifiable information, out of the 1,520 total incidents reported last year, 327 occurred in the medical industry, making it the most widely breached industry in the United States. Healthcare has been one of China’s priorities in its 15-year science and technology development strategy for 2006 to 2020, and has resulted in a surge in campaigns against healthcare firms.

Caswell to Speak at Healthcare Security Summit in Los Angeles on May 21 is a post from Sword & Shield Enterprise Security, Inc..

Bill Dean

Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean says that after many high-profile breaches, most organizations are likely already breached and must make the effort to detect the threats that are already inside.

He will present information on these advanced threats at the Middle Tennessee Cyber Summit on Wednesday, May 8 from 2:30 to 3:30 p.m. The event, held at the Middle Tennessee State University (MTSU) campus May 7-8, will address criminal, intelligence, disruptive, and information cyber threats and is scheduled to include presentations from U.S. Department of Homeland Security, the Tennessee Department of Safety and Homeland Security, the FBI, the United States Secret Service, and private sector cyber security organizations.

Online registration is closed, but walk-up registration will be available at 7.30 a.m.

Dean will discuss how advanced threats target businesses and governmental entities to acquire money and/or knowledge.  Advanced threats require a high degree of stealthiness over a prolonged duration of operation in order to be successful. The attack objectives typically extend beyond financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached.

When Your High Walls and Wide Moats Fail is a post from Sword & Shield Enterprise Security, Inc..

At this point, it’s too soon to tell if this is in fact a security breach.

“We don’t actually know what happened with the information at Lakeshore. If it was actually breached and someone did take that information. There are several things per the HIPAA Breach Notification that would have to occur,” Bevil said.

Discovery of Confidential Records are Potential Identity Theft Danger is a post from Sword & Shield Enterprise Security, Inc..

So Your Twitter Account was Hacked… is a post from Sword & Shield Enterprise Security, Inc..

Bill Dean

When the Associated Press tweeted, “Breaking: Two Explosions in the White House and Barack Obama is injured,” it was quickly revealed that the information was false and was the result of the AP’s Twitter account being hacked.

While the AP Twitter hack has made big news, Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean said that a social engineering hack of this nature “happens all the time,” to businesses of all sizes and the result is no less damaging to them.

Early reports indicated that the AP account was hacked after a phishing attack on its corporate network. One possibility is that a hacker sent an email to an employee or employees, tricking them into going into what looked like an official Twitter page and entering the company’s password. However, the attack could have also been perpetrated by a cyber criminal who made and educated guess of the company’s user name and password based upon gathered knowledge.“It’s important to remember that users are always the weakest link,” Dean said. “You can’t secure users, you must train them.”

The AP Twitter account was restored Wednesday morning and the Syrian Electronic Army, the pro-Bashar Assad group that hacked NPR.org on April 15, has taken responsibility.

Retroactively, a business that has suffered an attack can enlist the help of forensic specialists to perform an incident response or forensic analysis of the computer network and/or affected device(s) to confirm the method and source of the attack.

However, Dean said it’s more important that organizations pro-actively train their users, in addition to patching and protecting their networks and devices.

“As part of our social engineering assessments, we do employ USB drops or send phishing emails,” Dean said. “It only takes one plug-in or email click and we can assume control of the machine.”

Sword & Shield performs social engineering exercises in an attempt to trick employees into divulging confidential information that may be used to compromise network defenses. This form of security assessment targets people and processes instead of technology and works to help company leaders tailor their ongoing IT security training needs.

AP Hack Proves that Social Engineering Awareness is Necessary for Businesses is a post from Sword & Shield Enterprise Security, Inc..

Bill Dean

Bill Dean, Sword & Shield’s director of computer forensics and security assessments, wants Nashville-area attorneys to understand how computer investigations work so that they know what information to request and how to obtain it, while Michelle Caswell, the company’s risk and compliance consultant, gives healthcare professionals the latest information on the new HIPAA Omnibus Rule on Thursday.

Dean will speak with attorneys in the Nashville Bar Association’s conference room from noon to 1:30 p.m. CST on Thursday, April 18. Registration begins at 11:30 a.m. and CLE credits are available.

“Electronic data can make or break a litigation case,” he said.

Dean will provide information regarding:

• The value that digital forensics can provide
• The  basics of cloud computing
• The facts about Metadata: What is it? What information is and is not available from Metadata?
• Why the delete key only entertains you; and,
• The answers to key questions about cell phone forensics: What information is available? Where is it?

Michelle Caswell

Caswell will discuss the U.S. Department of Health and Human Services’ major modifications to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules at the Cool Springs Marriott in Franklin, TN from 11 a.m. to 1 p.m. CST on April 18.Topics to be discussed include:

• Major changes in the Breach Notification standard
• What policies and procedures need to be revisited based on the revised Rule
• Amending your organization’s Notice of Privacy practices
• Training workforce and promoting an overall sense of security
• Forms that should be updated pursuant to the revised Rule
• Ensuring that an updated risk assessment is in place
• Revising Business Associate contracts
• Direct liability of Business Associates
• Civil monetary penalties

Register here.

Compliance and Forensics Experts Talk to Two Nashville Groups Thursday is a post from Sword & Shield Enterprise Security, Inc..

Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean and Catherine Shuck, a senior associate with Wimberly, Lawson, Wright, Davies and Jones, PLLC, will speak to these benefits and challenges at the Knoxville Bar Association’s Law Practice Today Expo on Friday, April 12. Dean and Shuck are scheduled to speak in Room 400A at the University of Tennessee Conference Center from 10:15 to 11:15 a.m.

Dean points out that one of the biggest challenges facing legal IT is the accessing of firm data by personal applications, such as Dropbox-style transfers used to synchronize client data on everyone’s mobile devices. Legal IT must outfit mobile devices with technology that allows encrypted and secure downloads and the storage of client data accessed on the devices via email, legal applications or document repositories.

The legal and financial consequences of data breaches can be profound for a law firm and can include both a loss of reputation and a hit to the firm’s pocketbook.

Dean’s research indicates that 70 million mobile devices are lost or stolen each year and 43 percent of all mobile devices are not password protected. In his speech, Dean will provide information on how to “control the mayhem.” Sword & Shield also offers solutions to help businesses secure their mobile connectivity.

BYOD Is Great for Business, But Is It Secure? is a post from Sword & Shield Enterprise Security, Inc..

Do you know how the major amendments and additions to the HIPAA Omnibus Rule will affect your business?

Sword & Shield Risk and Compliance Consultant Michelle Caswell will tell you all you need to know at a complimentary lunch on Thursday, April 18 from 11 a.m. to 1 p.m. at the Franklin Marriott Cool Springs in Franklin, TN.

Register to learn about the U.S. Department of Health and Human Services’ major modifications to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules.

Topics to be discussed include:

• Major changes in the Breach Notification standard
• What policies and procedures need to be revisited based on the revised Rule
• Amending your organization’s Notice of Privacy practices
• Training workforce and promoting an overall sense of security
• Forms that should be updated pursuant to the revised Rule
• Ensuring that an updated risk assessment is in place
• Revising Business Associate contracts
• Direct liability of Business Associates
• Civil monetary penalties

Your registration also provides you with a chance to win one of two $50 gift certificates to the City House restaurant in Nashville. Sword & Shield is sponsoring the lunch and the presentation at no cost to the registrants.

Free Registration

An asterisk (*) indicates a required field.

First Name *

Last Name *

Organization

Email *

Telephone *

Your State Select a State Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming

Comments

Spam Protection – Enter this word:

Contact Form Powered By Best Contact Form

The New HIPAA Omnibus Rule and Your Business is a post from Sword & Shield Enterprise Security, Inc..