Friday, January 10, 2020


Probably not just Iran. Probably for far longer than one year.
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
By all appearances, Iranian hackers don't currently have the capability to start causing blackouts in the US. But they’ve been working to gain access to American electric utilities, long before tensions between the two countries came to a head.
On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran. Dragos says it has observed Magnallium carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms.




A starting point for my Computer Security students. (And a “be sure to talk about” list for me!)
Nine Cybersecurity Metrics Every CEO Should Track
According to a 2019 survey from The Conference Board of more than 800 international CEOs and 600 C-suite members, cybersecurity is cited as the top external concern. The Conference Board also notes (via CIO Dive ) that malicious cyber activity cost the economy up to $109 billion in 2016.
CEOs and boards that seek to meaningfully reduce their risk of experiencing high-impact cyber incidents such as data breaches must invest in a security operations center (SOC) with a primary mandate of delivering enterprisewide threat detection and response. Furthermore, the SOC’s threat detection and response program must be viewed as a business-critical operation, requiring continuous investment, improvement and measurement across the following six interrelated subcomponents: centralized visibility, threat discovery, threat qualification, threat investigation, threat mitigation and incident recovery.
Boards should ask their CEOs — and thus CEOs should ask their CISOs — to provide operational measurement and metrics across these subcomponents with the intent of understanding current operational capabilities and related risks.




Thinking about Privacy! (Action make take a bit longer.)
Four Federal Privacy Trends to Watch in 2020
  • Expansive Definition of Sensitive Data
  • Anti-Discrimination Protections
  • Portability
  • CEO Certification Requirements


(Related)
State Legislatures Are Off to the Privacy Races, With New Hampshire in the Lead
New Hampshire legislators introduced new data privacy legislation, New Hampshire House Bill 1680.




The shoemakers children go barefoot? Why would any IT manager rely on manual processes?
Top Five Ways to Survive the DSR Deluge and One Thing You Should Never Do
Data breaches and misuse of private information continue to erode consumer trust. In response, companies are pouring resources into implementing security controls to block or restrict access to their data. However, the bigger question looms around how the data is being used and why, and many of these inquiries are coming in the form of Data Subject Requests (DSRs).
What’s more, there are several complexities making the onslaught of DSR’s even more challenging. For example, the massive growth in data collection and proliferation has not been accompanied by an equally matched effort in data management and governance.
Regulations like GDPR and CCPA are forcing companies to respond to DSR’s and answer consumer concerns over privacy. But achieving compliance requires that companies understand what personal information they have, where it’s located and how it’s being used.
Until now, the basic data inventory process has been a manual one of application data owner surveys and spreadsheets. The Integris Software 2019 Data Privacy Maturity Study found that 77% of respondents were still relying on manual processes to manage sensitive data.
Here are five key ways to solve the data subject rights’ big data problem and one thing you should never do!




Re-architecting the firm. (Not yet at my local library, but I’m watching for it.)
Rethinking Business Strategy in the Age of AI
For the first time in 100 years, new technologies such as artificial intelligence are causing firms to rethink their competitive strategy and organizational structure, say the authors of a new book, Competing in the Age of AI.
John Foley was irritated with his local gym. He was constantly getting elbowed out of his favorite spin classes as other cyclists snapped up spots in sessions led by the most popular instructors.
Foley’s frustration inspired him in 2012 to found Peloton, whose $2,200 stationary bicycles with integrated 21-inch tablet computers have become a fitness sensation. For $39 per month, Peloton offers access to live-streamed classes where members can track their performance on a leader board, virtually connect with fellow classmates, and hear instructors call out their achievements.
Foley transformed a traditional business—the gym—into an $8 billion digital offering that pulled in more than $700 million in revenue during the last fiscal year. Foley credits the magic of today’s technology, including software, data, and communication networks, for the basis of Peloton’s success.
We see ourselves more akin to an Apple, a Tesla, or a Nest, or a GoPro—where it’s a consumer product that has the foundation of sexy hardware technology and sexy software technology,” he is quoted in a book published today, Competing in the Age of AI: Strategy and Leadership When Algorithms and Networks Run the World.




Maybe I’ll get a JD now that law school is free.
Upending Bankruptcy ‘Myths,’ Judge Erases $220,000 Student Loan Debt
The borrower-friendly ruling comes as bankruptcy judges across the country are growing more sympathetic to discharging student debt
A bankruptcy judge excused a U.S. Navy veteran with a law degree from repaying more than $220,000 in student loan debt, the latest court ruling to lower the barriers to discharging educational debt.
Judge Cecelia G. Morris of the U.S. Bankruptcy Court in Poughkeepsie, N.Y., discharged the law school graduate’s unpaid student loans even though he isn’t disabled or unemployable, saying that satisfying his law school debt in full would impose an undue hardship.




Some supplemental classes for my students. Most are free.
Best Machine Learning Courses



No comments: