Cybersecurity

Cloud Computing: The Army and the new DoD cyber strategy

Grazed from FederalTimes. Author: Robert Ferrell.

Secretary of Defense Ash Carter unveiled the new Department of Defense Cyber Strategy in an address at Stanford University in Silicon Valley, California, April 23, 2015. An update to the original strategy released in 2011, it identifies specific cyber missions for DoD and sets strategic goals to achieve over the next five years and beyond.

These missions and goals will guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. I encourage all to familiarize themselves with the new DoD strategy to gain a better understanding of how it will inform the Army's mission, priorities and way-ahead...

Cloud Computing: Threat Assessment

Grazed from CFO.  Author: David M. Katz.

In a February editorial about the buildup of cyber attacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” For example, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack.  In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

Cloud Computing: New Browser Hack Can Spy On Eight Out Of Ten PCs

Grazed from Forbes. Author: Bruce Upbin.

A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.

The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker...

Cloud Computing: Raytheon to Plow $1.7 Billion Into New Cyber Venture

Grazed from WSJ. Author: Doug Cameron.

Raytheon Co. is betting it can leverage the cybersecurity skills it honed for the U.S. military and intelligence agencies to sell to banks and retailers, investing almost $1.7 billion to establish a stand-alone business in an area where its defense peers have struggled to make money.

The company on Monday said it would buy control of Websense Inc. from private-equity firm Vista Partners LLC. Raytheon said Austin, Texas-based Websense, which has 21,000 data-security clients, half of them overseas, will form the core of a new cyber joint venture with forecast sales of $500 million this year and margins of around 20%...

How best to manage Cloud security

Grazed from SeaCoastOnline.  Author: MJ Shoer.

Moving business systems to the Cloud offers a lot of positives for most businesses. However, there are risks that need to be clearly understood so you don’t accidentally make your IT infrastructure more complicated to secure.As more businesses fall under some form of regulation, federal, state or local, you have to be aware of compliance requirements.

You also have to be prepared for audits, especially the unexpected kind. What I’m talking about here are not financial audits, but regulatory audits where officials come to your business and review your security policies and practices, specifically as they relate to how your team accesses your various systems and your ability to continue operations should those systems become unavailable. In the current climate, this is mostly focused on business with some form of consumer business as opposed to businesses that solely do business with other businesses, but expect that to change...

Cloud Infographic – Path Of A Cyber Attacker

Grazed from CloudTweaks.  Author: Editorial Staff.

We’ve covered a fair bit of infosec here on CloudTweaks over the years. It’s an important area for all regardless of if you’re a consumer or a business.

Security expert and consultant – Chetan Soni, discusses some of the security issues and tools to consider as part of your business plan: “Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: service providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data…”

Cyber Incident Response: What To Do When Cloud Bites Back

Grazed from CCI. Author: Nick Pollard.

The technology increases efficiency by removing the need for physical infrastructure, but cloud contracts can present significant practical obstacles to incident response (IR) strategies. When a security incident happens, the speed at which the breach is identified is integral. The faster the response, the more quickly infectious malware can be halted, access stopped, sensitive data protected, and the threat remediated.

This makes a significant difference in controlling risk, costs, and exposure. But in a cloud world, the challenge arises when a company wants access to the servers that infrastructure is based on. Often, data centre providers will not allow a business to get into these, making it impossible to know where the attack is coming from...

Cloud Computing: What's the Cost of a Cyberattack?

Grazed from CFO. Author: David M. Katz.

In a February editorial about the buildup of cyberattacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” Thus, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack. In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

Cloud Computing: 3 Reasons Apple Is Pushing for NSA Spying Reforms

Grazed from TechCheatSheet.  Author: Nathanael Arnold.

Earlier this week, Apple and several other major U.S. tech companies renewed their calls for the U.S. government to reform its controversial electronic surveillance programs. In an open letter addressed to President Barack Obama, NSA Director Admiral Rogers, Attorney General Eric Holder, and several prominent members of Congress, Apple and dozens of other signatories urged the government to end the bulk data collection practices that were authorized under Section 215 of the USA Patriot Act.

As noted in the letter, Section 215 of the USA Patriot Act is used as the legal basis for the NSA’s bulk collection of electronic communications metadata. The letter also asked the government to institute “transparency and accountability mechanisms for both government and company reporting” for decisions made by the secret Foreign Intelligence Surveillance Court...

Cloud Computing: The Increasing Cybersecurity Attack Surface

Grazed from NetworkWorld. Author: Jon Oltsik.

I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes.

This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses. I couldn’t agree more Ben but it may be worse than you think as this discrepancy has been going on for years. In a 2012 research survey, ESG asked security professionals to describe the impact of numerous new IT initiatives on infosec operations and management at their organizations (note: I am an ESG employee). The research indicated that:...

Read more from the source @ http://www.networkworld.com/article/2899086/cisco-subnet/the-increasing-cybersecurity-attack-surface.html