When the Department of Homeland Security purposefully dropped data disks and USB flash drives in the parking lots of federal agencies and government contractors, 60 percent of the found objects were inserted into an agency or contractor network.
Removing the power from a computer not only results in lost volatile memory, much of which can be critical to a forensic investigation (and should be imaged), but also may lead the intruder to establish other points of entry.
The Federal Communications Commission developed “Small Biz Cyber Planner 2.0” by teaming with members of the public and private sector, including the Department of Homeland Security, the National Cyber Security Alliance and the Chamber of Commerce.
In early May, the FTC’s Chief Administrative Law Judge held that in an enforcement action the FTC must disclose “what data security standards, if any” it has published and intends to rely upon to demonstrate that a company’s data security practices are not reasonable and appropriate.
Would there be a greater return on investment if our information sharing focused less on enabling private sector victims to better duck and cover, and focused more on enabling the government to get the bad guys?
May 1, 2014
Regardless of how vigorously the industry applies risk management principles and how diligently the government shares information, there is no chance the private sector can consistently withstand intrusion attempts from foreign military units and intelligence services or even, for that matter, from transnational organized crime.
Corporate executives can develop enough expertise to comfortably navigate key cybersecurity risk management concepts
April 1, 2014
The National Institute of Standards and Technology’s cybersecurity framework is now available, so how can CSOs and CISOs use it to better frame their cyber efforts and prove their case to the C-Suite?
For well over a decade, CEOs have been relegating the operational, legal, reputational and competitive risks associated with cybersecurity to those responsible for Information Technology.
Cybersecurity is the unsung linchpin of every company that has grown increasingly dependent upon vulnerable technologies, whether to communicate, to store sensitive data, or to manufacture and deliver its products and services.
Governments and corporations are facing considerable risk to their data, their underlying networks and the reliability of their products because of a confluence of three factors.
To best protect your company against internal abuse, it is helpful to understand the nature of the threat and to consider applying risk-based approaches to address the problem.
Let’s start with the good news. Malicious insider activity is relatively rare. Unfortunately, even though outsiders account for 85 percent of cybersecurity incidents, the damage often is substantially greater when an insider strikes.
In last month’s column, we explored the Top Five Reasons to Report Computer Intrusions to Law Enforcement. This month’s column will provide you with a sense of what your company, as a victim of a computer intrusion, should expect when working with the Feds.