January 14, 2013    /    by

EU report says cyber attacks target trust: From identities to infrastructure

The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape - including infrastructure.

The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape. The excellent report “is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 140 recent reports from security industry, networks of excellence, standardization bodies and other independent institutes have been analysed.”

 In my view, the comprehensive approach used to create this PDF document makes it worth taking the time and energy to read throught the entire document in detail. The extensive coverage of topics includes definitions and activity in these areas of: “Drive-by exploits: Worms/Trojans , Code Injection Attacks, Exploit Kits, Botnets, Denial of service, Phishing, Compromising confidential information, Rogueware/Scareware, Spam, Targeted Attacks, Physical Theft/Loss/Damage, Identity Theft, Abuse of Information Leakage, Search Engine Poisoning, Rogue certificates.” READ MORE

January 7, 2013    /    by

Do You Want People To Really Act On Security Messages? Listen First

Just when I thought I was turning the corner on Internet security awareness & cyber safety, along comes an eye-opening situation that hits so close to home that I am forced to rethink the road ahead - again.

Just when I thought I was turning the corner on Internet security awareness & cyber safety, along comes an eye-opening situation that hits so close to home that I am forced to rethink the road ahead - again.

The key questions that I’m reassessing as we head into 2013: Am I saying the right things about cybersecurity? Are the most important messages getting through? Are people (even the ones who know and like us) hearing what we say? Am I genuinely listening to them – first? Allow me to explain with a personal story.    READ MORE

December 30, 2012    /    by

A Summary of The Top 2013 Cybersecurity Predictions

Over the past week, Ive been surfing the Net looking for blogs and articles that both recap online security trends from the past year as well as offer new cybersecurity predictions for the coming year. Heres a summary of what Ive seen thats memorable so far.

Over the past week, I’ve been surfing the Net looking for the top blogs and articles that both recap online security trends from the past year as well as offer new cybersecurity predictions for the coming year. Here’s a summary of what I’ve seen that’s memorable so far:

Vendor Predictions: READ MORE

December 23, 2012    /    by

After Newtown: Should Government Security Also Change?

As we head into the heart of the holiday season, our thoughts and prayers still turn towards the families and devastated communities following the horrible events in Newtown, Connecticut, on December 14, 2012.

As we head into the heart of the holiday season, our thoughts and prayers still turn towards the families and devastated communities following the horrible events in Newtown, Connecticut, on December 14, 2012.

As expressed so well in the comforting speech by President Obama, our hearts go out to everyone impacted. READ MORE

December 16, 2012    /    by

Defining a National Doctrine on Cybersecurity

Do we need such a national doctrine on cybersecurity? If so, what needs to be included? How will the rest of the world view this doctrine? Can a cyberdoctrine help guide our actions?

Our nation has developed a fairly long list of doctrines that have historically provided statements of what we believe and the principles by which we’re going to base our future actions. Two examples that come to mind are the Monroe Doctrine and the Reagan Doctrine, but there have been many others.  In addition, military doctrine has long provided a guide to national defense actions.

Do we need such a national doctrine on cybersecurity? If so, what needs to be included? How will the rest of the world view this doctrine? Can a cyberdoctrine help guide our actions? READ MORE

December 9, 2012    /    by

Cooperative Purchasing: WSCA Joining Forces with NASPO Makes a Powerful Contract Team

Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing.

Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing. By working together on developing contracts with a lead state, the savings can be huge. Joint purchases, on items such as laptop and desktop computers and much more, can ultimately save time and resources by working together with other like-minded government officials from around the country.

Many of these excellent contracting relationships and procurement opportunities have developed over the years at meetings held by the National Association of Purchasing Officers (NASPO). WSCA is now used by many states besides the initial fifteen members. For example, this chart shows over 50% savings on desktop PCs when you use the discounts from the “Premium Savings Packages” available to certain WSCA-participating states from numerous vendors. READ MORE

December 2, 2012    /    by

2012 Review: Most Significant Data Breaches

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

I’m starting off this blog with highlights from one of those “scary headline” articles that government technology leaders want their organizations to avoid. And yet, there is an ominous sense across the nation right now amongst security professionals. Most Chief Information Security Officers (CISOs) understand that there are more breaches to come in 2013. To some extent, the sentiment is: “I could be next.” READ MORE

November 26, 2012    /    by

Is BYOD Really Cheaper?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). But is BYOD really cheaper for governments?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). This means those shiny new Christmas presents, like iPads, iPhones and Droid-enabled devices can access company and government data. Some experts estimate that BYOD will become the predominant technology approach to access mobile apps in coming years – with almost 60% of offices already implementing some type of BYOD.

Recently, I covered some of the good, the bad and the ugly regarding BYOD in this presentation for auditors in Lansing, Michigan. But beyond the implementation headaches, security concerns and topics such as Mobile Device Management (MDM), there is an emerging debate surrounding a series of cost-saving statements and claims. READ MORE

November 19, 2012    /    by

My Best Advice After Petraeus Emails

Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.

Everyone is talking about the General David Petraeus scandal.  No matter where I’ve turned since the day after the election, from CNN to the BBC, from cable TV news to Hollywood gossip or from the office coffeepot chatter to Drudge headlines, inquiring minds want to know more.

The stories are all over the map. The women involved, the Congressional testimony, the General’s distinguished career, warnings telling us “don’t throw stones,” Saturday Night Live (SNL) videos, the lifestyles of four-star generals and even articles proclaiming Petraeus is a scapegoat. READ MORE

November 12, 2012    /    by

Introducing the Michigan Cyber Range

I'd like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012.

I’d like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012. But before I do, I’d like you to reflect on a few questions that we have been thinking long and hard about in Michigan over the past eighteen months.

With the “bad guys” getting better and America probably outgunned in cyber, where can business and government cybersecurity teams go to learn how to defend against complex cyber attacks? READ MORE