Group items tagged

Government Information Security Podcasts As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info Probing Federal IT Security Programs: Gregory Wilshusen, GAO February 23, 2009 Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 26 years of auditing, financial management and information systems experience. Before joining GAO in 1997, Wilshusen served as a senior systems analyst at the Department of Education as well as the controller for the North Carolina Department of Environment, Health and Natural Resources.

You can't ignore the presence and usage of all the myriad forms of instant messaging, social networking and blogging. The millennial generation won't thrive in companies where Facebook is banned or texting is frowned upon. They think and work so differently from their baby boomer managers that generational clashes are inevitable. The Security Executive Council and CXO Media, producer of CSO Perspectives and CSO magazine, are partnering to probe attitudes toward collaborative technologies like IM and social networking. By participating you will receive a research report based on this survey. Definition of web 2.0 apps: The term "Web 2.0" describes the changing trends in the use of World Wide Web technology and web design that aim to enhance creativity, communications, secure information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web culture communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. (Wikipedia)

"House lawmakers stepped up their questioning of companies that collect and store information about consumers both on the Internet and in real life. In a hearing today, lawmakers interested in drafting legislation that would place restrictions on how Internet and marketing firms collect consumer information, asked Wal-Mart, WPP and privacy advocates detailed questions about how personal information is gathered and used. Reps. Rick Boucher (D-Va.), Bobby Rush (D-Ill.) and Cliff Stearns (R-Fla.) have been considering a bill, but a draft will most likely not be released until early next year. (See interview with Rush.) The House Energy and Commerce Subcommittees on Comerce, Trade, and Commerce Protection and Comunications, Technology, and the Internet held a joint hearing on the topic--although it was poorly attended by members. "We've moved from an era of privacy keepers to one of privacy peepers and data-mining weepers who want to turn our information into products," said Rep. Ed Markey (D-Mass.). "The product is our records, our privacy, our family's history. We wouldn't let the government do this, so we have to protect against companies that want to do this." "It is understandable that most Americans simply do not trust that their personal information is properly protected," said Rep. Doris Matsui (D-Calif.). "

"The inspector general of the National Archives and Records Administration is investigating a potential data breach affecting tens of millions of records about U.S. military veterans, Wired.com has learned. The issue involves a defective hard drive the agency sent back to its vendor for repair and recycling without first destroying the data. The hard drive helped power eVetRecs, the system veterans use to request copies of their health records and discharge papers. When the drive failed in November of last year, the agency returned the drive to GMRI, the contractor that sold it to them, for repair. GMRI determined it couldn't be fixed, and ultimately passed it to another firm to be recycled. The incident was reported to NARA's inspector general by Hank Bellomy, a NARA IT manager, who charges that the move put 70 million veterans at risk of identity theft, and that NARA's practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America's record-keeping agency."

"Hackers are using a variety of weapons and exploiting errors such as default passwords and weak or misconfigured access control lists (ACLs), according to the latest Verizon Business Data Breach Investigations Report. The follow-up to April's 2009 Data Breach Investigation Report looks under the hood of the company's probes, analyzing how breaches happen and how to protect sensitive data. "Customers who read the 2009 Data Breach Investigation Report said they wanted to know how these attacks take place, give some examples from our caseloads and see if those circumstances can happen to them," said Wade Baker, Verizon Business research and intelligence principal. "

Cyber espionage, attacks, breaches, viruses - they are all among the concerns President Barack Obama cited Friday when he announced he will create a new White House office of cyber security, with that cyber czar reporting to the National Security Council as well as to the National Economic Council. The nation's vulnerability to cyber attacks has long been a concern. The Center for Strategic and International Studies said in a December report that the U.S. Defense Department alone has said its computers are probed hundreds of thousands of times each day. These publicly known cases of hacks, thefts and viruses at government, military, utilities and educational sites are just some examples

Hackers, possibly from Asia, have stolen about a decade's worth of personal information on current and former UC-Berkeley students, the university announced Friday. The breaches involved records dating to 1999 at the school's health center that included Social Security numbers, health insurance information, immunization history and the names of treating physicians. No other treatment-related records were stolen, the university said, although self-reported medical histories of students who studied abroad were hacked. The school on Friday sent e-mails and letters to 160,000 people, including about 3,400 Mills College students who used or were eligible for University of California-Berkeley medical services. About 97,000 people are most at risk because their names and Social Security numbers could be connected by the hackers, said Steve Lustig, the university's associate vice chancellor for health and human services. "What's been taken is bits of data that the thief might put together into an identity," he said. The university traced the hackers back to Asia, possibly China, but the exact origin could not be pinpointed. UC and FBI investigators are probing the breaches, which apparently occurred over several months. An FBI spokesman said the agency was informed of the hacking immediately, but declined to provide more information. The thefts were discovered about a month ago, but system administrators did Advertisement not realize the breadth of the attack until April 21. The hackers disguised their work as routine operations and then left taunting messages for UC-Berkeley employees, said Shelton Waggener, the university's associate vice chancellor for information technology. The thieves accessed the information through the university Web site, he said. "You should think of it as a public building," Waggener said. "They got into the building properly, but then they broke into secure areas." Administrators at Mills College, which contracts with UC-Berkeley for

"A federal prosecutor tracked down a Seattle fraud suspect in Mexico this year through his Facebook posts. A man's Twitter messages to fellow demonstrators at a recent protest in Pittsburgh led to an FBI search of his home and short-lived charges of interfering with police. The CIA and other U.S. intelligence agencies reportedly are investing in a software firm that monitors half a million social networking Web sites each day. There's nothing wrong with law enforcement agencies' using Internet technology to investigate crimes, Bay Area privacy advocates say. But they want the federal government to say how, when and why its agents look at Americans' social networking accounts."

"A privacy watchdog's criticisms of Facebook appear to have captured the attention of the Federal Trade Commission. In a letter dated Jan. 14, David Vladeck, head of the FTC's Bureau of Consumer Protection, told the Electronic Privacy Information Center that its complaint about recent privacy changes at Facebook "raises issues of particular interest for us at this time." Vladeck added that he has asked an official to arrange a followup meeting with EPIC, but also said he can't currently confirm or deny whether the FTC has opened an investigation. FTC investigations are not public until the agency either issues a complaint or closes the matter. The FTC's consumer protection chief also said in his letter to EPIC that the commission plans to focus on privacy issues raised by social networks at the next roundtable, scheduled to be held in Berkeley, Calif. on Jan. 28. "

FTC may investigate privacy issues on FaceBook? Equal bang for the buck by identifying and educating users who post way too much personal information.

"Google Inc. co-founder Sergey Brin Wednesday said the Internet giant "screwed up" by collecting personal data through wireless networks and promised new oversight as European officials pledged to open investigations of the data collection. Authorities in Germany, Spain and Italy said Wednesday they were investigating Google and its Street View service, which uses camera-equipped vehicles to take street images and mark the location of Wi-Fi networks. Mr. Brin, speaking the same day at Google's developer conference in San Francisco, said the company would put "more internal controls in place" to prevent such data captures in the future, including the hiring of outside help. "Trust is very important to us," Mr. Brin said. "We're going to do everything we can to preserve that trust.""

G apologizes. Again, better to ask forgiveness... If users remain silent & gvt doesn't prosecute, why comply?

MPs have today launched an investigation into the use of snooping technology by ISPs which allows them to profile customers for advertisers and throttle or block specific types of traffic. An inquiry by the All-Party Parliamentary Group on Communication will examine issues such as the emergence of Phorm's profiling system, and the restriction of bandwidth available to specific applications such as BitTorrent. Both activities are reliant on Deep Packet Inspection (DPI) technology. "Now the Internet is part of daily life, concerns are increasingly raised about a wide range of online privacy issues," the group said in a background statement. "Should there be changes to individual behaviour? Should companies be pressed to prioritise privacy issues? Or is there a need for specific regulations that go beyond mere 'data protection' and address privacy directly?" The inquiry will also consider the impact of DPI technology on ISPs' "mere conduit" protection from liability for illegal traffic such as child pornography and copyright-infringing filesharing.

Two U.S. Securities and Exchange Commission employees are under investigation by federal criminal authorities for allegedly using insider information to trade stocks, a source familiar with the matter said on Thursday. A report by the SEC's internal watchdog alleges that the two SEC lawyers traded in stock of a large financial services company despite being told by another SEC employee of ongoing investigations of that company, CBS News reported. The SEC inspector general report said one SEC attorney under investigation works in the Office of the SEC's Chief Counsel and has access to a tremendous amount of nonpublic information, CBS News said. An SEC spokesman said: "We take seriously even the suggestion that any SEC employee would engage in insider trading. We note that the inspector general report neither accuses any SEC employee of insider trading nor concludes that any such conduct took place." Calls to the SEC's inspector general and Federal Bureau of Investigation were not immediately returned.

Cornell University officials are investigating the theft of a school computer that may have compromised the personal information of about 45,000 current and former students, faculty and staff. University spokesman Simeon Moss says the university has sent e-mails about the incident to everyone whose data was on the computer. They're being offered one year of free credit reporting, credit monitoring and identity restoration services. A Cornell Web page on the theft says there have been no known misuses of the data, which include Social Security numbers. The page says the laptop was in the possession of a Cornell technician who was doing some troubleshooting. Moss says police are investigating the theft.