Monday, February 03, 2014
Design security in from the start? What an old concept!
DOD/GSA Report – Improving Cybersecurity and Resilience through Acquisition
“On February 12th, 2013, the President issued Executive Order 13636, entitled Improving Critical Infrastructure Cybersecurity (EO 13636). In accordance with Section 8(e), GSA and the Department of Defense submitted recommendations to the President addressing the feasibility, benefits, and merits of incorporating cybersecurity standards into acquisition planning and contract administration, and harmonizing procurement requirements. The jointly authored report containing the recommendations it titles, Improving Cybersecurity and Resilience through Acquisition. The report provides a path forward to aligning Federal cybersecurity risk management and acquisition processes. It provides strategic recommendations for addressing relevant issues, suggests how challenges might be resolved, and identifies important considerations for the implementation of the recommendations. The ultimate goal of the recommendations is strengthening the cyber resilience of the Federal government by improving management of the people, processes, and technology affected by the Federal Acquisition System. The recommendations focus on the need for baseline cybersecurity for Federal contractors, comprehensive workforce training, consistent cybersecurity terminology for contracts, incorporation of cyber risk management into Federal enterprise risk management, development of more specific and standardized security controls for particular types of acquisitions, limiting purchases to certain sources for higher risk acquisitions, and increasing government accountability for cybersecurity throughout the development, acquisition, sustainment, and disposal lifecycles.”
I would imagine some universities are also resources (not just tech firms)
National Guard units help states ward off cyberattacks
… Colorado Governor John Hickenlooper, vice chairman of the National Governors Association, said in the recent annual State of the States speech in Washington, D.C., “as the nation develops resiliency to cyberattacks, the Guard should be mobilized to support federal and state efforts to protect networks and respond to incidents. While the federal government seeks to clarify how it will work with the private sector and states to better secure cyberspace, states are already moving forward to develop and implement new cyber policies to protect their economies and ensure public safety.”
The National Defense Authorization Act, which passed on 26 December 2013, requires the Pentagon to consider the National Guard’s cyber capabilities as it may support the Pentagon’s cybersecurity measures. The Act orders the Pentagon to consult with governors about their states’ cybersecurity needs and their states’ Guard units’ ability to assist in this area.
Interesting. I wonder who my Official, “go to” Ethics guy should be now that Dean Dan Vigil has (mostly) retired?
ABA – 10 Tips for Avoiding Ethical Lapses When Using Social Media
“You may be among the thousands of legal professionals flocking to social media sites like LinkedIn, Facebook, Twitter, or Google+ to expand your professional presence in the emerging digital frontier. If so, have you paused to consider how the ethics rules apply to your online activities? You should. Some of the ethical constraints that apply to your social media usage as a legal professional may surprise you. Moreover, legal ethics regulators across the country are beginning to pay close attention to what legal professionals are doing with social media, how they are doing it, and why they are doing it. The result is a patchwork quilt of ethics opinions and rule changes intended to clarify how the rules of professional conduct apply to social media activities. This article, Cby hristina Vassiliou Harvey, Mac R. McCoy, Brook Sneath, provides 10 tips for avoiding ethical lapses while using social media as a legal professional. The authors cite primarily to the ABA Model Rules of Professional Conduct (RPC) and select ethics opinions from various states. In addition to considering the general information in this article, you should carefully review the ethics rules and ethics opinions adopted by the specific jurisdiction(s) in which you are licensed and in which your law firm maintains an office.”
Not the most up-to-date site I've ever seen. Perhaps my students could add to this?
Cornell University Digital Literacy Resource
The Digital Literacy Project – Cornell University: “Digital literacy is the ability to find, evaluate, utilize, share, and create content using information technologies and the Internet. As a Cornell student, activities including writing papers, creating multimedia presentations, and posting information about yourself or others online are all a part of your day-to-day life, and all of these activities require varying degrees of digital literacy… Digital literacy is an important topic because technology is changing faster than society is. The same advances that enhance leisure and make our work easier—those that make it possible for us to search online databases, text friends, and stream media—also present urgent challenges to the social norms, market models, and legal frameworks that structure our society. The rules of appropriate behavior in these digital contexts may be unknown or unknowable. Well-established concepts such as copyright, academic integrity, and privacy are now difficult to define, as their meanings are in flux. This digital literacy site is a resource you can come to again and again during your time at Cornell, to get up-to-date information about issues like these. Look here to learn about Cornell’s recommendations for finding, evaluating, and citing information sources online; to learn about copyright law; to read and hear Cornell faculty viewpoints on plagiarism; and to get our best advice regarding privacy practices on the Internet. Look here, too, for links to many other Cornell resources on these topics.”