Daily Tech Digest - February 17, 2017

Extending COBIT 5 Data Security and Governance Guidance

COBIT 5 encourages each enterprise to adapt the COBIT content to the enterprise’s own priorities and circumstances. However, among the processes COBIT 5 recommends are 3 especially suited for security, and the metrics suggested for each are only a subset of measurements that might be meaningful to the enterprise. First is that a system is in place that considers and effectively addresses enterprise information security requirements. This appears overarching (a good thing), and the measures suggested for it include the number of key security roles that have been clearly defined and the number of security-related incidents. Most enterprises would wish to add other measures to the list in keeping with their own situation.


7 tips to turn threat data into true threat intelligence

Unvetted threat intel is a bit like getting raw data feeds about the stock market. Responding to such data, you may be the next investment millionaire, or you could completely lose your shirt. You need to filter through it to eliminate the useless portions, and carefully weigh the balance. As Malcovery Security said in a blog some months ago, most of what the industry refers to as threat intelligence is really just threat data. It is just a list of data elements, full of noise and false positives. Until the intelligence part is applied to this data feed, it is fairly useless, or even worse, may lead to false conclusions. According to Mark Orlando in his presentation to the RSA Security Conference in 2015, raw threat intel data is highly commoditized, has poor quality control, a short shelf life, and promotes a false sense of awareness.


CTO: Our quest for agility led us to the OpenStack framework

The OpenStack framework has been around for a reasonably long time. Even more important, OpenStack was an early manifestation of an approach purposefully designed to help us deliver agility. In the years since the OpenStack framework became available, others have created alternatives to Open Stack, but they are all built to do similar things: leverage commodity hardware, open standards, virtualization and orchestration tools to deliver fluid, portable and complete services (compute, storage and networking). With fluid, portable and complete IT services, we can flex, scale, move around and revise our services as needed. These are capabilities we need -- no, must have -- if we are to survive and thrive in a technology-driven marketplace.


58 Mind-Blowing Digital Marketing Stats You Need to Know

While there are several forms of traditional marketing including print, radio, and television, statistics show that digital marketing is taking over in terms of popularity and success. In fact, by 2021 it’s projected that marketing leaders will spend 75% of their total marketing budget on digital marketing rather than traditional marketing. ... Social media is changing the face of the marketing culture in several ways. With social media, it’s easier to collect useful data on consumers, build a visible and popular brand, and sell products on various social media platforms. The following statistics will boggle your mind and help you understand the importance of getting your social strategy right this year.


Gain competitive advantage with NoSQL databases

Till yet we learned the reasons that worked as a catalyst for the failure of relational databases. However this is not completely true as relational databases still have a fair share of the market however NoSQL drew the attention of many companies which wanted to deal with big data. Some of the NoSQL advantages are- Make the system agile- NoSQl databases work on a dynamic model that allows storing and maintaining data without defining it beforehand. This makes the faster and responsive than ever before. Easy scaling- Scaling up the relational databases were complex and expensive. Unlike this the NoSQL databases can easily be scaled-up and down as per the workload as these have a dynamic architecture offering much more operational benefits than RDBMS.


Russian Cyberspies Blamed For US Election Hacks Are Now Targetting MACs

The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers only obtained the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved.


How to use Instant Tethering on your Google Pixel or Nexus device

Staying connected on the go is a constant struggle for business professionals and everyday techies alike. However, a new feature from Google called Instant Tethering could offer a more intelligent way to keep your devices online. A recent product forum post by Google product manager Omri Amarilio explained that Instant Tethering uses Bluetooth to allow to Google devices to communicate. The devices, such as tablets and Pixel phones, must be logged into with the same Google account.  "When you unlock a tablet such as the Pixel C, it will notice if there is no internet connection available, and will ask your Pixel phone if it has internet and battery life," Amarilio wrote in his post. "If it does, we will give you an option to enable a secure hotspot and pair [automatically], without even taking your phone out of your pocket."


Real-World, Man-Machine Algorithms

There are many machine learning classification problems where using log data is standard, essentially giving you labels for free. For example, ad click prediction models are typically trained on which ads users click on, video recommendation systems make heavy use of which videos you’ve watched in the past, etc. However, even these systems need to move beyond simple click data once they reach large enough scale and sophistication; for instance, because they’re heavily biased towards clicks, it can be difficult to tune the systems to show new ads and new videos to users, and so explore-exploit algorithms become necessary. ... As another example, suppose you're an e-commerce site like eBay or Etsy. You're starting to see a lot of spammy profiles selling Viagra, drugs, and other blacklisted products, so you want to fight the problem with machine learning.


2 powerful new features on their way to Android right now

Android can be full of surprises. Thanks to the deconstructed nature of the operating system, individual pieces of the software receive updates all the time -- in a way that has nothing to do with the big, attention-grabbing OS rollouts. It happens with a large and ever-expanding list of core system apps that now exist in the Play Store and are updated accordingly, but it also happens silently and seamlessly with some behind-the-scenes tools that are easy to overlook. As a result, useful new features can sometimes appear in random areas of your device -- and you might not even realize they're there. Such an update is underway as we speak. Google is in the midst of rolling out a refinement to its Google Play Services app that brings two powerful new options into Android's settings -- options you might never notice but don't want to miss.


Bruce Schneier: It's time for internet-of-things regulation

Schneier argued there is precedence for creating such an agency to address new technologies, from trains and automobiles to radio and nuclear. And he said those agencies tend to be created for two reasons. "New technologies need new expertise," Schneier said. "And new technologies need new controls. And this is something markets can't solve. Markets are, by definition, short-term profit-motivated. That's what they're supposed to do. They don't solve collective action problems." Government, he said, is "the entity that is used to solve problems like this." But Schneier also admitted that a regulatory approach to IoT threats brings a lot of problems, from a general lack of technical expertise in the government to historical problems with regulatory capture.



Quote for the day:


"To accomplish great things, we must not only act, but also dream, not only plan, but also believe" -- Anatole France