May 19, 2016

Lessons from LinkedIn data breach revelations

As mentioned, LinkedIn’s passwords were encrypted, but the company was still using a relatively weak hashing algorithm. It was also not adding random text to passwords to make it more difficult to reverse engineer the hashed or scrambled versions of the passwords. ... Creating unique passwords for every online service means that if one is compromised, none of the others are affected. However, the converse is also true. If passwords are re-used and one service is compromised, it means all others where the same password is valid are also at risk. “While LinkedIn has taken the precaution of invalidating the passwords of the accounts affected, and contacting those members to reset their passwords, the chances are that many will use the same password across multiple online accounts,” said Liviu Itoafa, security researcher at Kaspersky Lab.


Cloud security: A mismatch for existing security processes and technology

Certainly cybersecurity professionals want to leverage existing security investments and lean on well-established best practices as much as possible. So, what’s the problem? Unfortunately, existing security technologies and processes don’t always work when pointed at cloud-based workloads. In fact, 32 percent of enterprise cybersecurity and IT professionals admit they’ve had to abandon many traditional security policies or technologies because they couldn’t be used effectively for cloud security, while another 42 percent have abandoned some traditional security policies or technologies because they couldn’t be used effectively for cloud security.


IT Governance Integral Part of Corporate Governance

For any modern day business to stay agile, relevant, competitive and profitable, it has to rely and invest in IT as a major component of its business strategy. Automating a company's functions, apart from requiring significant financial investments, also requires the incorporation of powerful internal control mechanisms into computers (hardware), software and networks to manage operational IT risks. In view of the above, IT governance is now considered as a bread and butter issue for businesses to thrive. The emerging trend is that IT governance and corporate governance can no longer be separated. IT governance now constitutes a key component of every company's strategic plan and consequently it has become a standing agenda item at board meetings.


Ransomware attacks force hospitals to stitch up networks

Once ransomware is on the networks, hospitals were forced to resort to finding and using paper copies, fax machines, phones, and any other non-connected devices, while network administrators hastened to get their systems up and running. The result of these activities has made a lasting impact on operations: in some instances doctors even had to reschedule high-risk surgeries.  The lessons to be drawn from these recent incidents is the need for hospitals to develop and implement a strong cyber resiliency plan that incorporates incident response as well recovery operations from such attacks. The threat of ransomware demonstrates the need for hospitals, as well as all organizations, to identify critical information and properly store it on backup systems that are independent of the main network. While we can’t necessarily predict when attacks against us will occur, we can always be prepared to respond to them once they do.


Digital transformation trips: advice from CIOs

Unsurprisingly, lack of investment from the business is a barrier to digital transformation, with 50 per cent of those studied saying this was one of the biggest downsides. When asked what the major barriers are to digital transformation projects, the top answer was the lack of funds available for technology provision. Adding to complexity, corporate culture is often change-averse, according to 43 per cent of CIOs studied. If they are to encourage investment in digital, CIOs must now convince the board of the area's ability to drive business change. A financial sector CIO explains: "Gain board level sponsorship, so the initiative is perceived as a business led change programme, rather than a technology led one."


Google Has Built Its Own Custom Chip for AI Servers

TPU gets its name from TensorFlow, the software library for machine intelligence that powers Google Search and other services, such as speech recognition, Gmail, and Photos. The company open sourced TensorFlow in November of last year. The chip is tailored for machine learning. It is better at tolerating “reduced computational precision,” which enables it to use fewer processors per operation. “Because of this, we can squeeze more operations per second into the silicon, use more sophisticated and powerful machine learning models and apply these models more quickly, so users get more intelligent results more rapidly,” Jouppi wrote.


Make the bed, enterprise OpenStack deployment is moving in

The increased adoption of OpenStack is part of a changing perspective of open source in general, where more enterprises view it as a way to get faster top-level development, rather than relying on the roadmap of one proprietary entity, according to Nelson. "There's been a big shift from a bunch of developers getting in a room and dreaming of the future to something that has become a lot more real, and adopted by commercial vendors and looked at seriously by a lot of large enterprises," she said. The next step in OpenStack adoption is likely companies that are not interested in putting whole development teams in place to put the upstream code into production. Instead, the next round of adoption will likely involve a deployment from a vendor -- companies such as Canonical, Red Hat or Mirantis -- to do it hands-off, so it feels like rolling out Linux.


SEC says cyber security biggest risk to financial system

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. "What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks," she said. "As we go out there now, we are pointing that out." White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack. "We can't do enough in this sector," she said.


New Federal HIPAA Guidance Targets Data Security Incidents

The new guidance defines how business associate agreements should specify the terms of how and for what purposes protected health information will be used, and create reporting mechanisms that cover instances in which protected information is disclosed in a way not authorized under contracts. The new rules put the onus on BAs to report incidents to covered entities. ... OCR recommends that business associate agreements contain requirements that BAs and subcontractors report a breach or a security incident even if it did not cause a breach. The information should include BA or subcontractor name and contact information, a description of the incident, date of the incident and date of discovery, types of unsecured PHI involved in the incident, and steps being taken to further investigate the incident and avoid future incidents.


Role of Business Analysis in Agile

Great business analysts are now more aware of the customer and their journey with the software. They’re interested in understanding not only why the business want the product built, but what the problem is that the product is trying to solve and how their customers will use it. The business analyst is also in a fantastic position to influence team dynamics. They’re working closely with the product owner, working closely with the development team, being able to drive consensus on decisions that are being made is a great way to ensure that the whole team feels they have ownership of the product. This also helps establish a shared goal that the whole team can work towards. So you can see, there’s heaps of different paths a business analyst can take to be T-shaped and provide further value to their teams.



Quote for the day:


"Diligence is the mother of good fortune." -- Miguel de Cervantes,