Good news for my Computer Security majors.
Closing the
Enterprise Security Skills Gap
… The term "skills gap," in a
nutshell, refers to specific challenges organizations have confronted
over the past few years in finding and retaining competent, trained
resources for security efforts. It is a measurable trend across the
industry as a whole.
For example, it takes most organizations (54
percent) more than three
months to fill open security positions, the recently
released 2018 ISACA
Global State of Cybersecurity Survey found. That figure is
consistent with its prior year's findings.
(Related) Go where management is worried.
Security
Pros at Energy Firms Concerned About 'Catastrophic' Attacks
Many
cybersecurity professionals working in the energy sector are
concerned that an attack on their organization’s industrial control
systems (ICS) could have “catastrophic” consequences, according
to a study conducted recently by Dimensional Research on behalf of
security and compliance solutions provider Tripwire.
Of
the more than 150 respondents, including IT and OT security
professionals in energy and oil and gas companies, 91% say they are
worried about the risk of attacks on ICS. Nearly all respondents are
very concerned or somewhat concerned about an attack leading to
operational shutdowns or downtime that impacts customers.
Other
areas of major concern include physical damage to infrastructure,
employee safety, impact on the organization’s reputation, and data
theft.
… High-profile
pieces of malware such as Trisis and Industroyer have had a
significant impact on security investments, but incidents involving
ransomware have had the same degree of impact, the study
shows.
Stay current (better yet, stay ahead) with your
security updates. Constantly remind your employees of the risks.
NSA:
Hackers Weaponize Known Vulnerabilities Within 24 Hours
How do you break into the US military's defense
networks? Apparently, hackers are trying to do so by leveraging
every publicly-known vulnerability they can find.
The turnaround can be quick, said Dave
Hogue, a technical director with the US National Security Agency.
Once a security flaw goes public, it can be added into the arsenal
of state-sponsored attackers in less than a day.
"Within 24 hours I would say now, whenever an
exploit or a vulnerability is released, its weaponized and used
against us," Hogue said in a talk at the RSA security conference
on Tuesday.
… Hogue said the
top attack method the agency is running into are phishing messages.
"We see 36 million emails per day, and we
reject about 85 percent of those," he said.
It's also rare for the agency to encounter a
"zero-day"
exploit, or a cyber attack that leverages a previously unknown
vulnerability. In fact, the NSA has not responded to an intrusion
that uses a zero-day vulnerability in over 24 months, Hogue said.
My guess is that this was not a Russian hack.
IRS website
unavailable for efiling most of tax day!
IRS
electronic filing systems working again after agency’s Tax Day
technology meltdown – “The
Internal Revenue Service’s system for accepting online tax returns
is working again after being inoperational for much of the day
Tuesday [April 17, 2018]. IRS officials promised that people
hampered by the technology failures would not be penalized for late
returns, but they have not yet announced any specific exemptions to
the deadline. This story will be updated. [ IRS gives taxpayers one
more day to file after payment site crashes. ]
So much for the good fight? Not sure ‘resolved’
is the right word.
U.S. top
court rules that Microsoft email privacy dispute is moot
The U.S. Supreme Court on Tuesday dropped
Microsoft Corp’s privacy fight with the Justice Department over
whether prosecutors can force technology companies to hand over data
stored overseas after Congress passed legislation that resolved
the dispute.
… President Donald Trump on March 22 signed
legislation into law that makes clear that U.S. judges can issue
warrants for such data while giving companies an avenue to object if
the request conflicts with foreign law.
“Solutions” my software architecture students
should consider. Is India the testing sandbox for new innovations?
Amazon made
a lightweight browser for India, and it's fantastic
Amazon introduced the Kindle
Lite app late last month, offering a similar experience as the
full-fledged Kindle client for a fraction of the size. Now, the
retailer has rolled out a lightweight
web browser dubbed Internet, which comes in at just 2MB and takes
up just 26MB of storage space on your phone.
One of the key highlights with Amazon's browser is
a private mode, which is essentially the same thing as Chrome's
incognito mode.
(Related) Perhaps my software architecture
students could generalize this to address our ongoing self-driving
car debate?
Algorithmic
Impact Assessments: A Practical Framework for Public Agency
Accountability
GCN:
Algorithmic
Impact Assessments: A Practical Framework for Public Agency
Accountability, a report by the AI Now Institute, a partnership
between New York University, the American Civil Liberties Union and
the Partnership on AI. [h/t Pete Weiss]
Why: As public agencies
increasingly turn to automated processes and algorithms to make
decisions, they need frameworks for accountability that can address
inevitable questions – from software bias to the system’s impact
on the community. The AI Now Institute’s Algorithmic Impact
Assessment gives public agencies a practical way to assess automated
decision systems and to ensure public accountability.
Proposal: Just as an
environmental impact statement can increase agencies’ sensitivity
to environmental values and effectively inform the public of coming
changes, an AIA aims to do the same for algorithms before governments
put them to use. The process starts with a pre-acquisition review in
which an agency, other public officials and the public at large are
given a chance to review the proposed technology before the agency
enters into any formal agreements. Part of this process would
include defining what the agency considers an “automated decision
system,” disclosing details about the technology and its use,
evaluating the potential for bias and inaccuracy as well as planning
for third-party researchers to study the system after it becomes
operational…”
Talk about stroking an ego! Or are we looking to
understand the often inexplicable?
Every top
New York Times best-seller this year has been about Trump
No comments:
Post a Comment