March 14, 2014

Social engineering attacks: Is security focused on the wrong problem?
Anyone -- even pros -- can become a victim of a social-engineering attack. "It's nearly impossible to detect you've been socially engineered," said Daniel Cohen, head of knowledge delivery and business development for RSA's FraudAction group, who says malicious social engineering is one of the biggest problems for security. "As long as there's a conscious interface between man and machine, social engineering will always exist." Money is the main reason malicious social engineering is so pervasive. In October 2013, RSA identified more than 62,000 phishing attacks, which raised the bar in terms of number of attacks carried out within a single month.

Defense Department Adopts NIST Security Standards
The change in policy reflects a "move away from unique DOD standards, to a more broad use of the NIST standards and other government standards," Takai told InformationWeek in an interview last December in advance of the instruction letter's formal release. The change was prompted in part because, she said, "we were concerned we're driving up our costs by virtue of having companies have to fit our standards as well as to other national standards."

Why Leaders Are Poor Communicators
It’s often said that employees don’t leave a job; they leave their manager. A manager doesn’t have to be malevolent. It’s a tough slog when you don’t know what your boss wants or if there’s simply no connection to leadership or a common purpose. Further, communications builds trust – and erodes it quickly when missing or bungled.  To that point, in a study captured in the article, “How Poor Leaders Become Good Leaders,” most of the improvements listed by Harvard Business Review contributors Jack Zenger and Joseph Folkman involve shifts in how managers communicated with others.

NSA Disputes Report On Program To Automate Infection Of 'Millions' Of Machines
The agency said it does not "use its technical capabilities to impersonate U.S. company websites" and it only targets users under proper legal authority. "Reports of indiscriminate computer exploitation operations are simply false," according to the NSA. "NSA’s authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible." Meanwhile, Facebook founder and CEO Mark Zuckerberg today said he had called President Obama to voice his concerns about media reports on government surveillance.

5 Ways CIOs Can Rationalize Application Portfolios
"There's a striking difference from 2011: IT is considered much more, particularly by the business side, as something that helps them innovate and inform themselves," says Ron Tolido, senior vice president, Application Services, at consulting, technology and outsourcing services provider Capgemini. Tolido is also the author of Capgemini's recently released Application Landscape Report 2014, a follow-up to a 2011 report on the same subject. "In 2011, IT was much more looked at for cost reduction," Tolido adds. "Now it's seen as a strategic enabler. It puts a lot of the CIOs that we've been surveying under a lot of additional pressure."

The new security perimeter: Human Sensors
So how long have you been a responsible cyber citizen? Where did you learn to become one? We all learned how to drive a car and hopefully we are responsible drivers, at least there is training and a test for drivers of automobiles. What about being a responsible cyber citizen? There is no official curriculum in our schools for it? Can you actually cause your country and yourself significant monetary losses or worse, just by not being aware of the dangers that lurk on the internet? The point is, over time malware has become quite sophisticated, what started as a prank in the 1980s is now a multi-billion dollar cyber-crime industry.

Enterprise social media: New battleground for CIO influence
First, social media is part of the ongoing digital transformation taking place in almost all industries. Although social media remains centralized among a few people in a single team, the role of social will eventually expand beyond marketing and customer service to encompass aspects of core operations. Business is about communication so it makes sense that the importance of social media, which means communication, will grow over time. Smart CIOs will embrace this future today rather than waiting.

Mobility bandwagon: Developing enterprise mobile applications
The second fundamental concern an organization must address is security testing. If IT security teams are going to expose the application, its data and the back-end services to the Internet, they have to know that it's packaged for the potential onslaught of malicious actors and curious users. With every interface a potential source of attacks, development teams need to ensure that they understand the risks these applications can add and the vulnerabilities that exist.

Have Liberal Arts Degree, Will Code
Some employers have learned to look for this combination of talents. Dan Melton, deputy chief technology officer at Granicus, a San Francisco-based startup that puts government data in the cloud, has hired two students with humanities backgrounds from App Academy. He said he looks for those students because they’re able to work better with other programmers and clients and understand the larger meaning of the work. “We already have a lot of software whiz kids,” Melton said. “We like to hire people who are interested in public affairs and civic engagement.”

Huawei chip partnership looks toward Ethernet hitting 400 gigabits
At the Optical Fiber Communications (OFC) conference in San Francisco, Huawei and Xilinx showed off a router line card that they say could handle 400Gbps Ethernet. The part is only a prototype and Huawei doesn't plan to sell a pre-standard product, but the demonstration shows the two vendors are already gearing up for the next version of Ethernet, said Chuck Adams, distinguished standards strategist at Huawei's U.S. R&D center.

Quote for the day:

"Nothing is so potent as the silent influence of a good example" -- James Kent

No comments:

Post a Comment