Sep
28
From: Erie Times-News
The Federal Trade Commission approved an agreement that settles charges against a North East company and its use of computer-monitoring technology.
In June, U.S. Bankruptcy Judge Thomas P. Agresti approved a consent decree in which North East-based DesignerWare LLC agreed to scale back technology that allowed rent-to-own companies to track the whereabouts of rented computers.
Company owner Tim Kelly, of North East, admitted no wrongdoing and was not required to pay any monetary damages. His company’s software allowed rent-to-own retailers to secretly capture a rental-computer user’s keystrokes and screen images and also take a picture of the user with the computer’s Web camera.
Sep
27
From: Wired/Cloudline
Yama Habibzai
A consistent challenge for IT managers and administrators is to proactively monitor performance across the cloud, identify threats, and decrease any impact on the end customer. Without the right tools or procedures in place, these managers are typically working reactively, only responding once performance is adversely affected. Legacy systems that are in place at many organizations are simply not capable of properly monitoring cloud-based networks as they can’t handle scale and do not provide enough visibility.
Sep
25
From: FederalNewsRadio.com 1500AM
October is National Cyber security month and will be kicked off in Baltimore with a three day conference with a focus on automating security.
The concept of security and the federal government is inevitably wrapped in guidance from National Institute of Standards and Technology NIST.
On October 3, 2012, NIST is working with a wide range of members of the security community to produce the 8th Annual IT Security Automation Conference.
Today’s interview is with Dave Waltermire, security automation architect, in NIST’s Computer Security Division.
Sep
21
From: Government Computer News
By William Jackson
A shift in FISMA compliance away from periodic certification and accreditation of IT systems and toward continuous monitoring has failed to improve security in most agencies, according to a recent survey of federal officials.
The move is intended to put a greater emphasis on results in the Federal Information Security Management Act. Agencies are required to employ automated systems using the Security Content Automated Protocols and report results monthly to the Homeland Security Department via the CyberScope system. But the result has been more compliance rather than risk mitigation.
Sep
20
Editor’s Note: The article below discusses the lack of understanding of the relataionship between security measures such as continuous monitoring and long term cost savings. The need to make a business case for cybersecurity is arguably the greatest challenge facing decisionmakers in the public and private sectors.
From: Federal Computer Week
By Amber Corrin
Federal workers don’t believe cybersecurity legislation will be effective, don’t want the Homeland Security Department to regulate information security and are more likely to be concerned about compliance than any particular security threat, a new report reveals.
Sep
18
From: BankInfoSecurity.com
By Eric Chabrow
The National Institute of Standards and Technology has issued what could be characterized as the bible of risk assessment.
Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments, provides direction for conducting risk assessments and amplifies the guidance found in SP 800-39: Managing Information Security Risk. Though SP 800-30 was written for federal information systems and organizations, its lessons can be applied to other organizations in and out of government.
Sep
16
From: MoneyControl.com — India’s No. 1 Financial Portal
Taking serious note of recent misuse of internet and social media, the government has formulated a three-pronged strategy including setting up of a cyber surveillance agency which can forewarn about any such malicious intent.
Taking serious note of recent misuse of Internet and social media, the government has formulated a three-pronged strategy including setting up of a cyber surveillance agency which can forewarn about any such malicious intent.
Sep
14
From: CBR – Systems & Networks Security
The new application will enable Splunk Enterprise to provide real-time continuous monitoring and trending of FireEye customer data
Security firm FireEye and real-time operational intelligence software provider Splunk have partnered to release Splunk for FireEye application, which enables customers to consolidate and correlate analytics on cyber attacks.
The new application will enable Splunk Enterprise to provides real-time continuous monitoring and trending of FireEye customer data, along with support for real-time alerting.
Users can now visualise and express long-term trends that aid with the prioritisation of incident response activities, as well as set and monitor key performance metrics.
Sep
13
From: Mitre
MITRE Corporation hosted the fourth Security Automation Developer Days conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This five-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).