GovInfoSecurity.com RSS Syndication

Breaches: The Investigation Challenges

Tracking a Payments Breach Can Take Months, Investigator Says
Why are breaches in the payments arena so difficult to trace and investigate? Verizon breach investigator Dave Ostertag offers insights about the forensics complexities of a processor breach.

9 Principles to Battle Botnets

Feds, Business Team Up to Limit Harm Caused by Botnets
The proliferation of botnets and malware in cyberspace threatens to undermine the efficiencies, innovation and economic growth of the Internet and diminishes the trust and confidence of online users.

Pension Hack Exposed 123,000 Accounts

What Was the Motivation Behind the Federal Attack?
An attack on the Thrift Savings Plan exposed personal details about more than 120,000 federal pension participants. Learn why one expert says the breach could have serious long-term implications.

NIST Issues Long-Awaited Cloud Guidance

SP 800-146 Describes Cloud's Strengths, Weaknesses
The National Institute of Standards and Technology's guidance recommends how and when cloud computing is appropriate, addresses risk management issues and indicates the limits of current knowledge and areas for future research and analysis.

DoD: Notice of Proposed Rulemaking on Privacy Training

The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.

NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide

Guidance on establishing processes to rapidly detect and respond to cyber incidents.

NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT

Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.

NIST SP 800-39: Managing Information Security Risk

Organization, Mission and Information System View

2012 Cloud Security Agenda: Expert Insights on Security and Privacy in the Cloud

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

What are your cloud service provider's security and privacy measures, and have they been audited?
Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

Protect IBM i Data from FTP, ODBC and Remote Command

Each year, PowerTech releases its "State of IBM i Security" study, documenting how well organizations manage their security. And, each year, the study shows that the vast majority of organizations still rely on menu security to protect their data. Unfortunately, today's users have access to interfaces (such as FTP, ODBC, JDBC, and remote command) that completely bypass these controls and make it easy to view, update, and delete data in the database. If you need to comply with government or industry regulations, or if you simply want to ensure the integrity of your application data, understanding these interfaces is critical.

In this webinar, Robin Tatam, Director of Security Technologies for PowerTech, discusses:

What you need to know about IBM i security
How to close the "back doors" not covered by traditional menu security schemes
How to implement policies that restrict access to only those users who need it

Tatam also demonstrates PowerTech's Network Security, the exit point monitoring and access control software that can help you secure your system.

2012 Faces of Fraud Survey: Complying with the FFIEC Guidance

A follow-up to ISMG's 2011 Faces of Fraud Survey, this webinar looks not only at the latest fraud trends and how institutions are fighting back, but also at their progress in putting together layered security controls in conformance with the FFIEC Authentication Guidance.

Given the persistence of fraud threats and the demands of the FFIEC Authentication Guidance, the 2012 Faces of Fraud Survey is crafted with assistance from leading experts in fraud detection and prevention, with a mission to:

Chart the latest fraud trends, including account takeover, skimming and payment card breaches;
Gauge institutions' preparedness to conform to the FFIEC Authentication Guidance, including where they are prioritizing their efforts;
Predict the top areas of focus for 2012, from real-time fraud monitoring tools to new layered security controls.

The Great Application Security Debate: Static vs. Dynamic vs. Manual Penetration Testing

Software applications are an integral part of 21st century business processes. The majority of software is still installed in-house, either as specially developed custom applications or commercially acquired packages. However, the proportion of software procured as a service is on the rise, as is the use of mobile apps and open source components. In addition, more and more in-house applications are being web-enabled and exposed to the outside world.

Regardless of its origin, the vast majority of software will contain flaws which can constitute a security risk, especially for those applications that are web-enabled. The cost of fixing a flaw increases the later that they are found in the development, acquisition and deployment life-cycle. There are a number of measures that can be taken to mitigate the problem and reduce the overall cost of managing software whilst ensuring better security. Increasingly, businesses are recognizing the benefits of outsourcing at least some of the effort through the use of on-demand software testing services.

This webinar explores how businesses are deploying software and what measures are in place for checking the security of applications. This webinar will present new research conducted amongst US and UK enterprises from a range of industries and assesses the scale of the software security problem, the ways in which it can be mitigated, the extent to which this is being achieved, the costs involved and how these can be minimized.

2011 was the Year of the Breach. Some of the world's best companies and brands were attacked making securing your enterprise applications a key information security imperative.
As applications become more mission critical to the enterprise, so too does the need to secure them.
Learn how enterprises can leverage the various application testing approaches in their application security programs.

Five Application Security Tips

Many organizations aren't devoting enough resources to ensure that applications for mobile devices are secure, says security expert Jeff Williams. He offers five tips for adequately addressing mobile application security.

Understanding Electronically Stored Info

For years, David Matthews, Deputy CISO of the City of Seattle, has been immersed in securing electronically stored information. Now he's written the book on the topic. What are the key themes addressed?

Why Boards of Directors Don't Get It

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

How to Respond to Hacktivism

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

Imagine This: NSA Supervising Bank IT

Not Likely in U.S., But Such a Scenario Is Developing in Israel
Israel's intelligence agency supervises commercial banks' IT systems because they're considered part of the critical national infrastructure, and that's okay with the bankers. See why.

Israel Seen Fanning Flame of New Spyware

Top Government Official Hints Israel is Behind Complex Malware
Israel is being blamed - or, perhaps, taking credit - for the creation of Flame, the sophisticated cyberspyware that has targeted organizations in the Middle East, especially its mortal enemy, the government of Iran.

2006 VA Breach: Assessing the Impact

Significant Action Taken, Lots More to Do
It's been six years since the Department of Veterans Affairs experienced a huge breach. What breach-prevention steps has the VA taken since then, and what's left to be done?

Fighting Hackers With Public Relations

Understanding Hacktivists' Goals is Key to Thwarting Attacks
By understanding the motivations behind hacktivism, organizations can learn why good public relations can play an important role in thwarting attacks or minimizing their impact.