Cloud Computing, Cyber Security, IT Security, Security, Technology

Commerce’s IT modernization is all about shared services

Commerce Secretary Penny Pritzker challenged her senior technology managers to be more collaborative and coordinated in modernizing the agency’s technology infrastructure.

The result of that challenge is a four-pronged approach to the sharing of IT resources.

Steve Cooper, the Commerce Department’s chief information officer, said four working groups are examining the opportunities across technology, finance, human resources and acquisition.

“We are moving toward achieving true shared services in the sense that whatever services are identified by each of those work streams we will then, most likely — and we haven’t done this yet but this is where we are heading — by the end of quarter two or the beginning of quarter three of this fiscal year so we are making very good progress…the idea will be for those services that we agree are viable and could be delivered through a shared services set of providers,” Cooper said. “We’ll likely create an organization inside the Department of Commerce that then would be tasked with the responsibility to select those providers in each of the four functional areas, manage, put service level agreements in place, put appropriate metrics in place and ensure the successful quality delivery of those shared services.”

Cooper said the bureau level CIOs are very supportive of this effort, which, in some ways, pleasantly surprised him.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

State-sponsored Chinese hackers reportedly suspected in Anthem breach

Hackers involved in the data breach at U.S. health insurer Anthem may have ties to the Chinese government, according to a news report.

Investigators see techniques used by a nation-state attacker, with China a leading suspect, reported Bloomberg Business. The news report cited information from three people close to the investigation, being conducted by the U.S. FBI and private cybersecurity firm Mandiant.

The investigation is in its early stages, but some of the software and techniques used in the Anthem attack are similar to other attacks used almost exclusively in the past by China, according to the Bloomberg article.

The personal information, including Social Security numbers and email addresses, of about 80 million people may be exposed in the breach, according to Anthem. Anthem has 37.5 million subscribers for its health plans, and more than 68 million people are customers of its affiliated companies under brands including Blue Cross and Blue Shield, Empire Blue Cross and Amerigroup.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

PCI compliance not synonymous with security, panel says

None of the companies in a soon-to-be released Verizon report that experienced a data breach “were fully PCI [Payment Card Industry Data Security Standard] compliant at the time of breach,” according to Roldophe Simonetti, managing director of compliance consulting at Verizon Enterprise Solutions, who participated in a company-hosted Jan. 12 evening panel discussion on securing mobile and online retail payments.

In a preview of Verizon’s “2015 PCI Compliance Report,” Simonetti told SCMagazine.com in a phone interview that only “28.6 percent of companies were PCI compliant after one year,” indicating that many organizations “are seeing compliance as a standalone exercise.”

PCI 3.0 was released in November 2013 and all organizations were required to start using it Jan. 1 of this year.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

HID Global shares top secure identity trends for 2015

HID Global, a worldwide leader in secure identity solutions, issued its outlook on technology trends for 2015, as well as other anticipated developments across key vertical industries in the secure identity marketplace.

The annual assessment is intended to help organizations understand and take advantage of the latest advances to improve security, convenience and the user experience.

“This past year laid the foundation for what we expect to be an exciting 2015 for our customers and partners as they continue to benefit from the flexibility, adaptability and new capabilities made possible with award-winning Seos® technology,” said Dr. Selva Selvaratnam, senior vice president and chief technology officer with HID Global.

“Whether it’s moving campus IDs onto smartphones, centralizing identity management to protect everything from the door to data to cloud-based applications, or securing electronic medical prescriptions and ATM transactions, we will see the transformation of our customers’ experience using secure identities during the coming year, and beyond.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Uncategorized

Avatier CEO Forecasts Top 2015 Identity Management Trends

Avatier Corp., the leader of cutting edge identity management, released predictions by CEO Nelson Cicchitto that will have the most impact in the market. In his blog, “2015 Identity Management and IT Security Predictions,” Cicchitto makes the point that 2015 will focus on the age of identity management authentication. Emphasizing the significant increase in breaches in 2014 and the changing landscape of security, he notes, “In 2015, every industry becomes a target, every identity vulnerability and every app a potential host.” He stresses that as the Enterprise of Things (EoT) unfolds, enterprise information security will continue to shift from passwords and access, to authentication and automation. More information on each prediction can be found in the blog. They include:

Prediction: Enterprise security will revolve around the expansion in cloud computing, BYOD in the workplace, and the Internet of Things (IoT).

The megatrends of cloud computing, social computing, mobile computing and big data, what Gartner calls the “Nexus of Forces,” must be harnessed for enterprises to flourish in the era. The migration to SaaS platforms and cloud computing, physical access control single card solutions, virtual facilities, and BYOD in the workplace will place new and expanded emphasis on information security. Where legacy identity management relied on passwords, roles, and a limited number of systems, EoT operations assume multi-factor authentication, organizational fluidity, and near limitless applications as the norm. New solutions will appear in the marketplace, which will be smarter, faster, and in some instances, self-aware.

Prediction: Agencies and enterprises prepared for government sponsored cyber attacks will prevail in heavily targeted industries.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Researcher Calls Out Microsoft Over Outlook For iOS Security

The recently launched Microsoft Outlook for iOS can be a “security nightmare” for companies, a researcher warned on Thursday.

Outlook for iOS is based on code from Acompli, the mobile email company acquired by Microsoft two months ago. The application was announced by Microsoft on Thursday, along with the preview version of Outlook for Android and several Office apps for Android.

René Winkelmeyer, head of development at Midpoints, has analyzed the iOS email app and discovered several security issues.

The most concerning, according to the expert, is that Microsoft stores email account credentials and other data belonging to users in the cloud.

“What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud!” Winkelmeyer wrote in ablog post. “They haven’t asked me. They just scan. So they have in theory full access to my PIM [Personal Information Management] data.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

2015 will see a shift from identity management to identity access security

CA Technologies has announced five key trends for security and identity and access management (IAM) that will impact organisations and security professionals in 2015 as they compete in the application economy.

“The economic impact of data and security breaches coupled with the increasing demand of application delivery and top performance in an application economy, will greatly influence the way security professionals view and approach identity and access management in 2015. CA Technologies is prepared to help customers meet the shift in IAM this year and beyond,” said Vic Mankotia, vice president, Solution Strategy, Asia Pacific & Japan, CA Technologies.

Representational image: Reuters

Identity and Access Management in 2015 – a prediction of what’s ahead:

1. Identity-aware organisations will adopt an “identity dial tone”: The application economy and increased use of mobile apps is driving a need for a centralised, common way to access identity and entitlement information. Identity-aware organisations need to establish an “identity dial tone” to act as one source of identity truth to simplify app development, deployment and adoption as well as spur new innovation. It will encompass all apps, across all channels and be easily available using identity APIs.

Standard