GovInfoSecurity.com RSS Syndication

China: Police Shutter Hacker Site

Training Site Said to Be China's Largest
The Chinese government, accused by experts in the West of fostering attacks on foreign commercial and government IT systems, has shuttered that country's largest hacker training site and arrested three people.

Melissa Hathaway Joins Terremark's Board

Cyberspace Policy Review Leader Expanding Her Post-Government Role
Melissa Hathaway, who led President Obama's 60-day cyberspace policy review, has joined the board of directors of Terremark Worldwide Inc., a provider of managed IT infrastructure services.

Technology as a Substitute for the IT Security Pro

Filling the Gap Caused by Dearth of Skilled Government Staffers
"We are providing a technical solution that will eliminate the need for a lot of cyber professionals because we just don't have enough of them," Zalmai Azmi says.

Can technology replace the IT security professional to safeguard government information systems?

Zalmai Azmi, the former Federal Bureau of Investigation chief information officer, thinks so, at least in some situation, and could fill the gap caused by a shortage in government of qualified IT security personnel.

NIST IR 7628 (Draft): Smart Grid Cybersecurity Strategy and Requirements

A high-level risk assessment process used to define the cybersecurity strategy for the smart grid.

NIST SP 800-38E: Recommendation for Block Cipher Modes of Operation

The XTS-AES Mode for Confidentiality on Storage Devices

NIST SP 800-57: Recommendations for Key Management, Part 3

Application-Specific Key Management Guidance

GAO: Managing Sensitive Information

Actions needed to prevent unintended public disclosures of U.S. nuclear sites and activities.

Emerging Threats in Financial Data Breaches

Ten years ago, the Department of Justice was prosecuting mischief-makers for defacing web pages. Today, federal prosecutors are targeting international crime rings behind such high-profile hacks as Heartland Payment Systems, which exposed an estimated 130 million consumer accounts.

"We've gone from card farms to card resellers to international hackers," says Kimberly Peretti, senior counsel in the department's computer crime section.

Peretti, who plays a prominent role in prosecutions against notorious international hackers such as Albert Gonzalez, offers an insider's view of financial data breaches. In this session, she will cover:

Background on carding: discussion on the current "carding scene," carding forums and carding activity (online, in-store, gift cards, PIN cashing).
Evolution of prosecutions: From carding forums in 2004 to major resellers in 2006, and now the new, international hacking rings - including the Gonzalez case.
What we know: Lessons learned from the breaches and the criminals, as well as emerging methods - and victims.
How we can respond: Emerging technologies and steps organizations can take today to minimize their exposure to financial data breaches.

Putting Threats of Cloud Computing in Perspective

David Matthews, Deputy Chief Information Security Officer, City of Seattle

The hack on Gmail e-mail accounts of activists promoting human rights emanating from China is a reminder to government officials about the security and privacy threats cloud computing - Gmail is a cloud computing offering from Google - pose.

"It makes us more aware of some of the things we need to be doing as we need to do to be ready to go into cloud computing," David Matthews, Seattle deputy chief information security officer, said in an interview with GovInfoSecurity.com. "It was kind of a wake up call, in a way, for all of us to really think about this is (as) security as usual. We really need to pay attention to our security and our issues and be aware of what we're jumping into when we jump into cloud computing and be ready for it."

Matthews, who is a member of the American Bar Association's Science and Technology Committee, which has been conversing about the legal and privacy concerns of cloud computing the past few years, spoke with GovInfoSecurity.com's Eric Chabrow.

In the interview, Matthews also addressed the:

Pros and cons of cloud computing for government agencies.

Pressures being mounted by government officials to exploit the financial benefits of cloud computing.

Importance of contracts with cloud computing service providers, especially in defining data ownership and auditing.

Improving Cyber Awareness - Strategies from Dena Haritos Tsamitis of Carnegie Mellon

Dena Haritos Tsamitis has an ambitious goal for the year: to improve cyber awareness among 8 million people globally.

The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses:

The cyber awareness challenge among people of all ages;

Effective techniques for improving awareness;

How organizations can improve and maximize their own efforts.

Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and the Information Assurance Capacity Building Program (IACBP). The SFS program provides full scholarships to highly qualified students pursuing studies in information assurance. The IACBP is an intensive summer program to help build information assurance education and research capacity at minority-serving colleges and universities.

Setting Tone at the Top: Jennifer Bayuk on Leadership

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally.

How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top."

In an interview about her book, Bayuk discusses:

The key audience she wants to reach;

The main message for enterprise leaders;

Today's top enterprise security challenges and how leaders should tackle them.

Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Security Software Engineer. Bayuk frequently publishes on information security and audit topics. She has lectured for organizations that include ISACA, NIST, and CSI. She is certified in Information Systems Audit (CISA), Information Security Management (CISM), Information Systems Security (CISSP), and IT Governance (CGEIT). She has Masters Degrees in Computer Science and Philosophy.