Nothing new
here, but every security breach fails in one (or more) of these
areas.
The
Target PoS Attack: Gleaning Information Security Principles
The
Elements of Prevention, Detection, and Protection Must All Work
Together
While
there are always new and interesting things unfolding in the
information security world, there are a handful of developments each
year that are like something out of an edge-of-your seat Hollywood
blockbuster, or a gripping novel that ratchets up the suspense level
with each page. Over the last few months, it is hard to argue that
any event has been as captivating -- or triggered more passionate
discussion within and beyond the information security community --
than the high profile Point-of-Sale
(PoS) malware attack at retail giant Target.
Much
has been written
about this headline-grabbing attack, and there will be plenty more
discussion and analysis to come. Despite the fact that I am very
interested in what unfolds here, both as the CTO of my company, and
as someone who has been a member of the security community for over a
decade, I am not going to focus on the latest news. Instead, I would
like to take a step back from the riveting details, and highlight
four key information security principles that we have gleaned, so
far, from the Target PoS attack, and that may be illuminating and
instructive for enterprise security professionals:
Principle
#1: An “impenetrable” security perimeter is a myth.
Principle
#2: It only takes one infection for a massive, headline-grabbing
breach to occur.
Principle
#3: Advanced threats are designed to work in multiple attack stages.
Principle
#4: Enterprises need to proactively look into their network traffic.
The first
step toward better security is recognizing your risks. I wonder if
the US government will do a risk analysis?
Laura Donnelly writes:
Patient
confidentiality could be undermined by the new medical records
database, the NHS’s own risk analysis has warned.
The
controversial database could be vulnerable to hackers or could be
used to identify patients “maliciously”, the document, seen by
The Telegraph, states.
It
says the scheme could damage public confidence in the NHS and result
in patients withholding information from doctors out of fear it may
not be kept confidential.
Read more on The
Telegraph.
“We're
from the government. We're here to help you!” A report from the
“Maybe big government isn't the best solution” guys.
Federal
Government’s Track Record on Cybersecurity and Critical
Infrastructure
by Sabrina
I. Pacifici on February 16, 2014
The
Federal Government’s Track Record on Cybersecurity and Critical
Infrastructure - A report prepared by the Minority Staff of the
Homeland Security and Governmental Affairs Committee Sen. Tom Coburn,
MD, Ranking Member. February 4, 2014.
“In the past few
years, we have seen significant breaches in cybersecurity which could
affect critical U.S. infrastructure. Data on the nation’s weakest
dams, including those which could kill Americans if they failed, were
stolen by a malicious intruder. Nuclear plants’ confidential
cybersecurity plans have been left unprotected. Blueprints for the
technology undergirding the New York Stock Exchange were exposed to
hackers. Examples like those underscore for many the importance of
increased federal involvement in protecting the nation’s
privately-owned critical infrastructure. But for one thing: Those
failures aren’t due to poor practices by the private sector. All
of the examples [in this report] were real lapses by the federal
government.”
Amusing.
Imagine my surprise when the word “messianic” was attached to a
photo of John Kerry! Fortunately, clicking on the link connected to
an article wherein, “the
Israeli Defense Minister described Kerry as someone with 'misplaced
obsession and messianic fervor.'”
Create
Trending Vocabulary Lessons
Merriam-Webster's
website has a neat feature called Trend
Watch that highlights words that are trending in news and popular
culture. Trend
Watch includes an explanation of why each word is trending, a
definition for the word, and a picture that is representative of
either the word or the cause of the trend.
Applications for
Education
Trend
Watch could be a good source of words to include in the
vocabulary lists students are studying in a language arts course.
Trend Watch words could provide a good tie-in with a current events
lesson.
Because of the wide
variety of words that pop-up in Trend Watch I probably wouldn't send
younger students to the site on their own. Instead I would bookmark
the list and select appropriate words for my students.
Something
those of us who like W3Schools should look into. Worst case, they
list several alternatives.
– feels
that W3Schools is harming the online community with inaccurate
information. W3Fools tries to explain why W3Schools is a troublesome
resource, why their faulty information is a detriment to the web, and
what you (and they) can do about it.
No comments:
Post a Comment