Information security

September 18, 2014
By Robert K. Ackerman

The key to exploiting cyber intelligence is to understand your own organization in a threat context, said panelists at the AFCEA/INSA Intelligence and National Security Summit 2014, being held September 18-19 in Washington, D.C. Government and industry must understand their cyberthreats at both the tactical and strategic levels, panelists offered.

November 21 ,2012
By Maryann Lawlor

The (ISC)2 Foundation’s information security 2013 scholarship program application process will open on January 1, 2013, and it offers a total of $120,000 in awards to women, graduate students, young professionals and faculty. The foundation will award up to two scholarships totaling $40,000 to women pursuing an education in information security. In addition, it will give seed funding for up to eight grants of $3,000 each to assist graduate students conducting special research. One of the foundation’s other undergraduate scholarship winners will receive the Harold F.

December 2, 2011
By Prenston Gale

Earlier this year, detailed information about the bomb resistance of a new Department of Defense (DoD) building in Virginia was compromised. Reuters broadcast the information worldwide. The news organization did not obtain the document by hacking network systems, but rather accessed the "official use only" document on the Army Corps of Engineers website. This incident is just one example of the thousands of data breaches that occur as a result of internal information leakage rather than an outside attack. In their 2011 Information Security Report, the U.S. Government Accountability Office (GAO) shed light on why internal leaks are so prevalent.

November 14, 2011

The Pentagon's TRICARE office is offering assistance to nearly 5 million people who may have been affected by a recent data breach contractor Science Applications International Corp. (SAIC) reported. Officials say the breach came to light in Texas in mid-September and involves patients treated at military hospitals and clinics during the past 20 years. The data, stored on magnetic tapes stolen from a car, includes names, Social Security numbers, addresses and telephone numbers, along with clinic notes, lab tests and prescription information.

October 20, 2011

(ISC)², the not-for-profit information security professional body that administers the Certified Information Systems Security Professional certification, announced this week the winners of its eighth annual U.S. Government Information Security Leadership Awards. Among the winners are a cyber dashboard that foiled a number of attacks against U.S. Defense Department email accounts, a cyber training program for U.S. Air Force Space Command, and a Department of Homeland Security effort to develop a central coordination point for strategic security awareness.

December 1, 2010
By Henry Kenyon

(ISC)2 has created an application security advisory board that includes information professionals from the Asia-Pacific region, Europe and the Americas. The board will recommend ways to increase awareness of software that is not secure and help software developers understand how to introduce security directly at the software development level.

During its first meeting, the experts made recommendations about issues such as how to overcome problems the proliferation of nonsecure software causes. According to (ISC)2 officials, 80 percent of today's cyberattacks occur at the application level.

May 25, 2010
By Paul Strassmann

(The following post continues the conversation from Gentlemen Do Not Open Attachments.)

1. Thin Client Case
A person with a ".mil" address walks up to a thin client anywhere in the world and logs in to the DoD NIPRNET "Secure Desktop" using a Public Key Infrastructure (PKI) access card, plus biometric ID. A thin client then presents a menu of available virtual computers to connect to. The choices will include secure NIPRNET-connected desktops, as well as insecure desktops connected to the Internet, as illustrated below:

May 21, 2010
By Paul Strassmann

According to the National Security Agency, in 1928, Secretary of State Henry Stimson, closed down the Department's intelligence bureau. His rationale was that "Gentlemen do not read other gentlemen's mail."

We have now a comparable situation in the Department of Defense. New policies and guidance have been issued that declare, in effect, that well-behaved gentlemen and gentlewomen should abstain from reading potentially toxic attachments to social computing messages.

Such policies and guidance do not promote the security of defense networks and should be therefore modified.

April 27, 2010
By Paul Strassmann

Two weeks ago, I listened to a U.S. Marine Corps brigadier general plead for a lightweight personal computer that shooters could use at the squad level. All of the talk he heard about net-centric networks was meaningless because network centricity did not reach where it was needed. If the civilians could walk around with BlackBerrys, why couldn't the U.S. Defense Department provide comparable services?

January 11, 2010
By Henry Kenyon

During an interview with Rear Adm. Michael A Brown, USN, last week, the admiral clarified the first-of-its-kind cybersecurity partnership with the state of Michigan. The state is deploying EINSTEIN 1, an automated process the US-CERT developed to collect, correlate, analyze and share computer security information across the federal government.

August 2011
By Rita Boland, SIGNAL Magazine

Industry heavyweights release a framework designed to cut through the report clutter.

The cybercommunity has a new resource at its disposal to identify and mitigate issues across networks and systems. This standardization tool can make reporting problems more uniform, which should result in faster response times. Developers designed an open format that will be machine- and human-readable to automate processes, marking a divergence from standards presented in the past.

August 2011
By Max Cacas, SIGNAL Magazine

 
Recent proposals aim to secure nation’s cyber infrastructure.

From the White House, to the Defense Department, and from corporate boardrooms to computer rooms across the country, the issue of protecting the networks of government and industry is increasingly leading to the development of new strategies and plans.

August 2011
By George I. Seffers, SIGNAL Magazine

 

NATO Secretary General Anders Fogh Rasmussen (l) gives the opening address during a cyber summit in January as Ambassador Gábor Iklódy, assistant secretary general for emerging security challenges, looks on.

Network protection project races toward 2012 deadline.

August 2011
By George I. Seffers, SIGNAL Magazine

Network protection project races toward 2012 deadline.

NATO is reinforcing cybersecurity for its entire communications and information systems architecture and on all of its networks, including unclassified, restricted and secret networks. The project will be implemented in several phases and is speeding toward completion by the end of 2012, a challenging deadline that NATO officials say they are determined to meet.

August 2010
By Rita Boland, SIGNAL Magazine

August 2010
By Chris Sanders

 

During a peer teaching session, EWA analyst Sean Rosado discusses open-source intelligence gathering tactics.

Flagging anomalies is the basis for real-time cyberthreat detection architecture.

August 2010
By Rita Boland, SIGNAL Magazine

 

The U.S. Chief Information Officers Council initiated a review of the federal government’s information technology, or IT, work force and the impact of the Net Generation on agency practices.

Technical advances and an aging population should push organizations to shift policies, attract young workers.