Oct
30
From: FedTech
When the word “security” pops up in discussions about the government, it’s usually in relation to an outside threat. But two years after Edward Snowden became infamous for exposing the details of classified government surveillance programs, a growing number of federal agencies have reportedly dealt with data loss as a result of insider issues.
Oct
28
From: FierceGovernmentIT
Failures in communication and a lack of remediation for known cybersecurity flaws pointed to the Bureau of Industry and Security’s continuous monitoring program as being ‘deficient,’ according to a report.
The U.S. Commerce Department Office of the Inspector General said in a report made publicly available last week that the BIS’s faulty scanning practices — which relied on outdated technology — increased compromise risk. The OIG further found that BIS did not follow protocol for remediating identified security weaknesses, including failing to fix more than 400 known critical- to high-risk security flaws.
Oct
26
From: Security News Desk
While 93% of office workers admit to insecure IT practices, Intermedia’s 2015 Insider Risk Report finds that tech-savvy users are actually the worst offenders
Intermedia released its 2015 Insider Risk Report, which exposes the online security habits of more than 2,000 office workers in the U.S. and U.K.
***
The most tech-savvy employees are most likely to create risk
More surprising, the very people who have the greatest access to company data and are tasked with keeping the company secure—IT personnel—are much more likely to engage in risky behaviors than the average employee:
Oct
23
From: SANS Institute
Introduction
The concept of a security maturity model is nothing new. What is new is that nowadays there’s a certain fluidity in the definition of an endpoint—and how that endpoint fits into a security model.
Oct
20
From: FierceGovernmentIT
The Defense Science Board recommends that the Defense Department continuously monitor cleared personnel to avoid “strategic surprise.” The advisory council offered that and other counterintelligence advice in a report published over the summer and obtained last week by the Federation of American Scientists.
The “DSB Summer Study Report on Strategic Surprise” (pdf) was issued to Under Secretary of Defense for Acquisition, Technology and Logistics Frank Kendall. Strategic surprise, according to the report, is an event for which the country is not adequately prepared and which could be extremely costly.
Oct
19
From: SANS Institute
BETHESDA, Md., Oct. 19, 2015 /PRNewswire-USNewswire/ — The majority of IT professionals believe their continuous monitoring programs are mature or maturing (by maturing, we mean they are improving their continuous monitoring programs). Yet how often and how comprehensively they scan—and follow through with remediation—reveals a different picture, according to results of a new survey to be released by SANS Institute on October 28, 2015.
Oct
14
From: FAS
by
***
Among those steps, “Counterintelligence must be enhanced with urgency.” See DSB Summer Study Report on Strategic Surprise, July 2015.
The Board called for “continuous monitoring” of cleared personnel who have access to particularly sensitive information. “The use of big data analytics could allow DoD to track anomalies in the behaviors of cleared personnel in order to thwart the insider threat.”
Oct
07
From: eWeek
The annual Ponemon Institute Cost of Cyber Crime Study reports a rising cost in the U.S. and globally.
With a seemingly endless stream of breaches reported over the course of the past year, it should come as no surprise that costs associated with cyber-crime are on the rise. The annual Ponemon Institute 2015 Cost of Cyber Crime Study, sponsored by Hewlett-Packard, came out Oct. 6, reporting that in the United States the average annualized cost of cyber-crime is now $15 million, up 19 percent over the 2014 report.
***
Oct
02
From: FCW
By Richard Spires
In my previous two columns, I described the three primary root causes that have led to the massive data breaches and compromises of core mission IT systems in multiple federal agencies. and provided recommendations for addressing the first cause: lack of IT management best practices. The remaining two root causes — which are the focus of this column — are misguided IT security practices and a slow and cumbersome acquisition process.