Archive for February 2014

Filling the cybersecurity job gap

According to an Enterprise Strategy Group survey of IT professionals, cloud and server virtualization security has the highest shortage of qualified workers. In this video report, we talk to experts on how companies are addressing that skills gap and grooming cybersecurity professionals within their organizations.

Click here to watch.

Data breach at University of Maryland exposes 300K records

School president apologies for a “sophisticated” security breach that exposed the sensitive personal information faculty, staff, and students at the school since 1998.

The sensitive personal information for more than 300,000 faculty, staff, and students at the University of Maryland were stolen in a “sophisticated” cyberattack on the school’s recently bolstered security defenses, the school’s president revealed late Wednesday.

The names, Social Security numbers, and birth dates of 309,079 individuals affiliated with school’s College Park and Shady Grove campuses who were issued a university identification card since 1998 were exposed in Tuesday’s attack, according to an apology issued Wednesday by university President Wallace Loh. 

More from Cnet.com here: http://news.cnet.com/8301-1009_3-57619169-83/data-breach-at-university-of-maryland-exposes-300k-records/

SlickLogin: sound-powered cybersecurity

SlickLogin, an Israeli startup and developer of smart identification technology through user smartphones has been acquired by Google for several million (the official transaction amount remains undisclosed). SlickLogin was founded under a year ago by Or Zelig, Eran Galili and Ori Kabeli. The company first unveiled its technology at TechCrunch Disrupt held last September. the company has yet to launch their product nor have they any customers to date.

SlickLogin obviates the need for additional hardware by relying on user smartphones, but unlike existing solutions, the company’s system does not require the user to receive a text message or move any given mobile device to their computer. Rather it performs the identification independently by playing an ultrasonic frequency from the mobile device. The system on the computer or any other device analyses the frequency for identification and no other additional identification process is required. If you look at the process side, it appears as if the user just types their username and password, since the rest of the process is carried out automatically and transparently when the two devices are near each other.

Learn more from Geektime.com by clicking here: http://www.geektime.com/2014/02/16/google-acquires-slicklogin/

Anonymous quote

To Edward Snowden and supporters: “You can’t expect the police to protect you if you won’t let them patrol your neighborhood.”

White House unveils new Cybersecurity Framework

As the result of an Executive Order last February, the Executive Branch has introduced the Cybersecurity Framework, described to be “a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity.”

The best practices and guidelines within the Framework are structured around three primary components: the Framework Core, Profiles, and Tiers — each said to also include advice in balancing these regulations with privacy concerns.

In a statement on Wednesday, President Obama explained further that the National Institute of Standards and Technology “has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure.”

The White House stressed that abiding by the Framework is voluntary, but added that the Department of Homeland Security will be tasked with boosting awareness for the program as well as brainstorming potential incentives.

The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks. For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks. Organizations outside the United States may also wish use the Framework to support their own cybersecurity efforts.

The first version of the Framework for Improving Critical Infrastructure Cybersecurity is available online now.

US Secret Service looking for a student intern in Tallahassee (and elsewhere)

This is an unpaid volunteer position, but what a great opportunity for one lucky FSU student!

Cybersecurity experts warn Target data breach is only the beginning

Until 2013, the data breach that affected millions of T.J. Maxx and Marshalls shoppers almost a decade ago reigned supreme in the annals of retail hacking.

The holiday-season attack on Target, the nation’s third-largest retailer, made that episode seem almost trifling by comparison. From Thanksgiving week into December, the year’s busiest buying period, personal information of up to 110 million Target customers was stolen — and the repercussions for the company, for consumers, and for the retailing industry are likely to persist for months, if not years.

“The Target hacking was an earthquake in comparison with previous ones,” said Eugene Fram, professor emeritus of marketing with Rochester Institute of Technology’s Saunders College of Business.

And the worst almost certainly is yet to come, the FBI maintains.

In a recent confidential report to retailers, the agency warned of the spread of malicious software — malware — that can clandestinely penetrate so-called point-of-sale systems, the means by which retailers conduct transactions. Credit-card swiping machines, which connect to a company’s computer network, typically through the Internet, are a common POS device.

More available from ProvidenceJournal.com by clicking here