June 29, 2016

The devil is in the details: The importance of tight processes to strong information security

Policies do not have to be long. In fact, the more succinct the better, so long as they cover the required details. In my experience, they should be quite granular -- single policies that cover a variety of topics are hard to maintain and follow.  Policies are usually augmented by procedures. A procedure defines the specific steps you will follow in the implementation of the related policy, and by their nature should be very detailed. If a procedure is well written, someone familiar with your organization but not a particular function should be able to follow the procedure and complete the function.


How to install MongoDB community edition on Ubuntu Linux

MongoDB is a NoSQL database that avoids the traditional structure of relational databases in favor of document-oriented JSON-like objects. What this translates to is the integration between application and data is faster and easier. If that's not enough, consider this: MongoDB is one the databases preferred by big data and large enterprise companies, including Adobe, Craigslist, eBay, FIFA, Foursquare, and LinkedIn. There are different versions of MongoDB; the version I'll focus on is the community edition. You can easily install MongoDB on Ubuntu from the standard repositories, but that version tends to be out of date. Because of that, I'll show how to install the version from the official MongoDB repositories.


Windows 10's Biggest Controversies

Since the release of Windows 10 last summer, users of Windows 7 or Windows 8 whose computers have Windows Update set to automatically update the OS have gotten pop-up notices telling them to upgrade to Windows 10, and the large installation files for it (which can be about 6GB) have downloaded in the background onto their system’s main drive, usually without the user directly consenting to this. Initially, Microsoft did provide the option to delay the upgrade, and hacks were figured out by users to put off the upgrading and stop the installation files from being downloaded. But Microsoft has become more aggressive in thwarting efforts to block the download by pushing through strongly worded notices that give just two options: “Upgrade now” or “Upgrade tonight.”


Indian Startups Need Lessons from Their Israeli Counterparts

Solving a problem lies at the core of the Israeli tech startups. Outbrain, one of the world’s most successful content recommendation engine, is one such example which highlights the problem solving nature of these active startups. In the words of Ori Lahav and Yaron Galai, founders of Outbrain, the company has solved a complex problem for two business communities. For newspapers facing tough competition from online channels, it helped them develop a significant and sustainable new revenue source in their hard times while for marketers, it provided them with an opportunity to tell their brand story on the internet in a more effective way. By addressing this problem, Outbrain jumped ahead of the curve by coming up with a new business model that solved problems for all parties involved.


BlueData Introduces First Big-Data-as-a-Service Offering

“One of the challenges for organizations thinking about deploying big data workloads in a public cloud is that their data may already be on-premises, and moving it all to the cloud can be challenging, time-consuming and expensive,” says Jason Schroedl, VP of marketing at BlueData. With the latest EPIC release, end users can run big data applications such as Hadoop and Spark on any infrastructure, whether on-prem, public cloud or hybrid deployment. Initially, the offering will be a direct availability program running on AWS, but over time the company plans to make the platform available on Microsoft Azure, Google Cloud and other public cloud services. The user interface and experience remains constant whether customers are using BlueData on-prem or in the cloud, giving the same security and control in terms of how many resources are given to different groups for individual use cases.


Ransomware and Cyber Extortion Are on the Rise – What Can Be Done?

Hardly a day goes by anymore without ransomware or cyber extortion making the news. A seeming turning point in the severity of this crime was the mid-February 2016, cyber extortion of a large Los Angeles hospital chain where a reported ransom of $3 million was originally demanded. Although the ransom ultimately paid was 40 bitcoins (about $17,000, a far cry from $3 million), its payment nevertheless represents a substantial and noteworthy increase from the hundred dollar ransoms that were previously commonplace. Among those taking note are insurers providing cyber coverage, who often will include ransomware coverage in their policies. Since this manner of cybercrime is going to be with us for the foreseeable future, insurers and their insureds are best served by proactively managing, and thereby perhaps eliminating, the harm that may result from a ransomware attack.


A career in Unix: The best and the worst

Of all the work I've done over the years, the one that I miss the most was one in which what I did every day seriously mattered. I was a Unix admin and managed a network of servers and workstations. My users were highly intelligent, dedicated analysts who helped to ensure that intelligent decisions were being made on a national level. At some other positions, I provided an environment that supported development of products that made a difference to many thousands of individuals (e.g., emergency communications), but was so remote from the end product that I never got a sense that I was contributing to something of great value.


'Socially-cooperative' cars are part of the future of driverless vehicles, says CMU professor

The basic idea is that if you program a robot to do some tasks, it may not behave in a way that human beings would normally behave when other human beings are around. You can imagine situations where robots are in a lab and they really don't care, they just get a job done. But things are different out of a lab, when you're in a driving situation. Think about when our car enters a highway from an entrance ramp. We negotiate with nearby cars; if we're close to another car, if it's ahead, we let it go. If we're ahead, it lets us go. If we're close to it, we negotiate with visual cues, and also with speed cues. We speed up in order to indicate that we don't want to yield to the other car. Or, vice versa—they speed up in order to get in front of us.


Decentralizing IoT networks through blockchain

A decentralized approach to IoT networking would solve many of the questions above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse. However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.


Cybersecurity: Is AI Ready for Primetime In Cyber Defense?

Machine learning is a subset of Artificial Intelligence, a field of computer science that started in 1958 when Marvin Minsky founded the Artificial Intelligence lab. Everyone, including DARPA, was pouring money into it. Their goal was to build a fully artificial intelligence capable of passing the Turing test in fifteen years. However, their plans were overly ambitious, for two reasons. They underestimated the technical difficulty and simply didn’t have enough compute power. When it became clear they weren’t going to meet their goal, funding suddenly dried up and the lab closed. AI became a dirty word. However, AI research continued and went in and out of favor for years. In the 1980s, the Japanese became enamored with AI and started applying it to everything from rice cookers to automated subway trains. But until recently nobody called it AI.



Quote for the day:


"The first responsibility of a leader is to define reality. The last is to say thank you. In between, the leader is a servant." -- Max de Pree