December 2, 2012    /    by

2012 Review: Most Significant Data Breaches

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.

I’m starting off this blog with highlights from one of those “scary headline” articles that government technology leaders want their organizations to avoid. And yet, there is an ominous sense across the nation right now amongst security professionals. Most Chief Information Security Officers (CISOs) understand that there are more breaches to come in 2013. To some extent, the sentiment is: “I could be next.” READ MORE

November 26, 2012    /    by

Is BYOD Really Cheaper?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). But is BYOD really cheaper for governments?

More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). This means those shiny new Christmas presents, like iPads, iPhones and Droid-enabled devices can access company and government data. Some experts estimate that BYOD will become the predominant technology approach to access mobile apps in coming years – with almost 60% of offices already implementing some type of BYOD.

Recently, I covered some of the good, the bad and the ugly regarding BYOD in this presentation for auditors in Lansing, Michigan. But beyond the implementation headaches, security concerns and topics such as Mobile Device Management (MDM), there is an emerging debate surrounding a series of cost-saving statements and claims. READ MORE

November 19, 2012    /    by

My Best Advice After Petraeus Emails

Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.

Everyone is talking about the General David Petraeus scandal.  No matter where I’ve turned since the day after the election, from CNN to the BBC, from cable TV news to Hollywood gossip or from the office coffeepot chatter to Drudge headlines, inquiring minds want to know more.

The stories are all over the map. The women involved, the Congressional testimony, the General’s distinguished career, warnings telling us “don’t throw stones,” Saturday Night Live (SNL) videos, the lifestyles of four-star generals and even articles proclaiming Petraeus is a scapegoat. READ MORE

November 12, 2012    /    by

Introducing the Michigan Cyber Range

I'd like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012.

I’d like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012. But before I do, I’d like you to reflect on a few questions that we have been thinking long and hard about in Michigan over the past eighteen months.

With the “bad guys” getting better and America probably outgunned in cyber, where can business and government cybersecurity teams go to learn how to defend against complex cyber attacks? READ MORE

November 4, 2012    /    by

Security News Roundup: S.C. Breach, Possible Executive Order and Perhaps a Cyber Treaty

We currently have several important security stories and not much public attention.

We currently have several important security stories and not much public attention.  

As America prepares to vote in a pivotal presidential election on Tuesday, there have been several significant security stories recently. However, they are receiving minimal national attention. Between the coverage of Tropical Storm Sandy, pre-election rallies and the latest unemployment rate coverage, almost all security news has taken a back seat – unless you are talking about the September 11, 2012, Benghazi attack. READ MORE

October 31, 2012    /    by

Tropical Storm Sandy Slams Networks

The impact of Tropical Storm Sandy is being felt far and wide.

 

The impact of Tropical Storm Sandy is being felt far and wide. READ MORE

October 23, 2012    /    by

NASCIO and Deloitte Publish New 2012 Cybersecurity Survey for State Governments

Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called

Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called

 
Government Technology Magazine wrote a good summary of the security survey panel session which covered the report topic.
 
As I looked at the new survey results, I found several concerning trends that we didn't have time to discuss on the morning panel today. One of those trends was a reduction in vulnerability management implementations and less scanning of critical systems for vulnerabilities and malware. I am also concerned about the lack of trust that CISOs have in the level of expertise on their cybersecurity teams.
 
Another highlight was the majority of states reporting the same or less money for security programs at a time when the private sector is raising Cybersecurity budgets. A mismatch between "executive buy-in" and funding for security raises a red flag for me about how much real support exists.
 
I'm keeping this blog short, but I strongly urge you to go out and read the report and recommendations for CIOs and CISOs. Overall, there is a mixed message with some positive trends but also the realization that many states are not doing enough to secure their systems and data.
 
What are your thoughts on the survey results?
READ MORE

October 22, 2012    /    by

NASCIO Conference Day 1

Here are some of my highlights from the first day at the NASCIO Conference in San Diego

I am at the National Association of State CIOs Annual Conference in San Diego, and here are some of the first day highlights.

 The roundtable sessions over breakfast covered over a dozen topics, and I attended a session on BYOD led by the CIO from Delaware. The session was excellent with comparsions between public and private sector organizations on the use of different mobile devices. All of the topical discussion sessions seemed well attended, and it was a great way to engage professionals from around the country with different approaches to this cutting-edge issue. READ MORE

October 19, 2012    /    by

NASCIO Annual Conference 2012

The National Association of State Chief Information Officers (NASCIO) is holding their annual conference in San Diego this year from October 21-24, 2012.

The National Association of State Chief Information Officers (NASCIO) is holding their annual conference in San Diego this year from October 21-24, 2012.

The agenda is packed with many interesting topics, such as an opening keynote by Ken Miller, Founder, Change & Innovation Agency. Here’s how this 90-minute session is described in the program: READ MORE

October 18, 2012    /    by

Will Patch Tuesday Ever End?

Patch Tuesday is just around the corner, and I feel an urge to rant.

Another Patch Tuesday is just around the corner, and I feel an urge to rant.

In reality, the actual day each month is just a part of an ongoing cycle. Like a coach’s preparation for the next football game on the schedule. We even tell our rookies, “Don’t worry, we’ve got this down to a science. Just study the playbook and learn the system.”   READ MORE