Sep 15, 2016
Chrome to label more sites
as insecure in 2017
A USB Device is all it takes
to steal credentials from locked PCs
DHS chief: 'Very difficult'
for hackers to skew vote
- Link: http://thehill.com/policy/national-security/294956-homeland-head-very-difficult-for-hackers-to-skew-vote
- Instead of dismissing the claim,
let’s explore the merits
- Then let’s consider what, if
anything, it means for enterprise security
- “It would be very difficult
through any sort of cyber intrusion to alter the ballot count,
simply because it is so decentralized and so vast,” he said, noting
the series of state, local and county systems involved in running
elections. “It would be very difficult to alter the
- Decentralized and vast - the
- How many companies make the
systems - so is it as decentralized as we’d like
- How much of what you do in the
enterprise is decentralized?
- What are your points of failure -
or the easy pathways to attack?
- If someone did alter the vote…
would we know? How would we know?
- What’s the impact of appearing to
alter the vote?
- Depending on your organization…
how would you handle the same sort of situation? How would you
convey confidence to the executives and board?
Big business worried more
about data loss than hackers – survey
- Link: http://www.ibamag.com/news/cyber/big-business-worried-more-about-data-loss-than-hackers--survey-37489.aspx
- This might feel like a “surprise”
or a “shake your head” moment; but maybe it’s a signal of where we
need to focus
- If you’re in the enterprise, where
(and how) would you rank the concerns?
- What is the impact from data loss?
Relative to a “breach”
- And then note: “But 15%
of the companies Wells Fargo surveyed don’t require any employee
training on cyber security, according to the
- That’s because the industry still
- I’m finally going to write up a
series on this - and I’ll time it for October - make something
productive out of security awareness month
- Overall, this signals a need to
seek better alignment with the executives and board; might I say…
you need some straight talk
Obama Names Retired Air
Force General as First Federal CISO
- Link: http://www.bankinfosecurity.com/obama-names-retired-air-force-general-as-first-federal-ciso-a-9387
- Position so broad… is it even
- Some notes of interest
- General Officer (1
- Among Touhill's past positions
was a 2-year stint as CIO and director of C4 systems, the nation's
military transportation combatant command.
- He also served for nearly 1½
years as CIO and director for communications and information for
the air mobility command. He retired from the Air Force in 2005
after nearly 22 years of service.
- Reports to Federal CIO -- based in
White House Office of Management & Budget
- So they see this as a tech play
- “...in the blog, say Touhill
will leverage his considerable experience in managing a range of
complex and diverse technical solutions with his strong knowledge
of civilian and military best practices, capabilities and human
capital training, development and retention
- So basically… we have no idea what
he’s doing or why
- Only has 4 months
- Window dressing?