The Current Scope of Cyber Threats

From: HedgeCo.Net

Mary Beth Hamilton

Cyber-attacks are among the most pressing threats to global security. James Clapper, director of U.S. national intelligence, acknowledged these threats in a recent congressional address. His remarks emphasized the need for organizations of all types to prepare against potential intrusions, which may originate from criminal groups, governmental entities, insiders or “hacktivist” groups such as Anonymous.


Three Tips for Effective Continuous Monitoring

From: FedTech

Follow this advice to maintain awareness of system security and advancing threats.

Karen Scarfone

Agencies that conduct continuous monitoring audit the security of one or more information systems or networks at all times to detect security and operational problems, including attacks and violations of agency policies. Before the advent of continuous monitoring technologies, the full security of systems was often reviewed infrequently, perhaps yearly, as part of periodic system audits. Reviewing security so rarely meant that systems were often insecure or even compromised for long periods of time before problems were detected and could be mitigated.


‘Without Splunk we might be taken out of the market,’ says Barclays

From: Computing.co.uk

By Danny Palmer

Barclays’ adoption of Splunk data insight and intelligence tools has  prevented the bank from being fined for anti-compliance or worse, barred from  doing business.

That is according to Stephen Gailey, group head of security services for  Barclays, who made the comments during a presentation at Splunk’s “Splunk Live”  conference in the City of London.

He explained how a previous poor Security Information and Event Management  (SIEM) system prevented Barclays from being able to properly extract and use  data.


DHS Beefs Up Cybersecurity Efforts With Monitoring, Authentication Tools

From: National Defense

By Yasmin Tadjdeh

The Department of Homeland Security is increasing its cybersecurity presence by using continuous monitoring tools and improving verifying measures, said a top department official.
As part of its continuous diagnostics and monitoring program, DHS is tracking activity across its systems for anomalies and viruses, said Richard Spires, the department’s chief information officer.

“We were really moving aggressively as a government into this whole area of continuous monitoring, as we call it,” said Spires.


SIEM systems monitor compliance, combat patient data security threats

From: SearchHealthIT

Emily Huizenga, Editorial Assistant

HIPAA mandates and meaningful use audits tighten up the security rules that healthcare providers must follow. At the same time, a fledgling mHealth landscape heightens the risk of data breaches. All the while, next-generation threats to the security of patient data are beginning to emerge, forcing healthcare CIOs to take a longer, harder look at upgrading patient data security.

Healthcare organizations can recognize and potentially evade patient data security threats by using gap analysis and security information and event management (SIEM) software, as well as log management, said three security leaders during a recent eiQnetworks-hosted webinar, “Unified Situational Awareness for Compliant and Secure Healthcare.”


Security Content Automation Protocol (SCAP) Version 1.2/Validation Program Test Requirements

From: NIST/Information Technology Laboratory




NIST’s Information Technology Laboratory has developed validation program test requirements for SCAP version 1.2. The SCAP Validation Program tests the ability of products to use the features and functionality available through SCAP and its components. SCAP 1.2 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates tool interoperability and enables predictable results among disparate SCAP-enabled security software. The SCAP Validation Program provides vendors with an opportunity to have independent verification that security software correctly processes SCAP-expressed security information and provides standardized output. Industry and government end users benefit from the SCAP Validation Program by having assurance that SCAP-validated tools have undergone independent testing and meet all requirements defined in the SCAP Validation Program Test Requirements document.


Charlotte, N.C. Automates Incident Logs

From: Government Technology

As an information security engineer for Charlotte, N.C., Rusty Agee is responsible for maintaining the integrity of the network for 6,500 users spread over 100 locations. He and a small team oversee traffic coming into the network from all city departments. Fire stations, police satellite buildings, utilities and solid waste facilities, the transportation department, engineering, administrative functions and more all fall under his purview.

Until recently, the city used an incident management system that satisfied state regulations for storing incident data. But the system was difficult to manage and labor-intensive when it came time to retrieve information – in short, it had outlived its useful life.


Crypto and Continuous Monitoring

From: Network World

Father of SSH working on new version of crypto standard

Free tool to assess risks associated with SSH keys also on tap

By Ellen Messmer

The Secure Shell (SSH) cryptographic network protocol that’s supported in software for server authentication and machine-to-machine communications is headed for a significant update.

“There will be a new version of SSH,” says Tatu Ylonen, CEO of SSH Communications Security, pointing to the IETF draft document that’s recently been made available for public review. Co-authored with others, including NIST computer scientist Murugiah Souppaya, this third version of SSH has a focus on key management and could be set by early next year.


CRE/Cybersecurity Consortium Comments on NIST’s Cybersecurity Framework RFI

Editor’s Note:  The comments on NIST’s Request for Information (RFI) on the Cybersecurity Framework prepared by the Center for Regulatory Effectiveness and Multinational Legal Services, PLLC on behalf of the Cybersecurity Consortium are attached here.  Below is the Executive Summary.

Federal Determination of Industry Best Practices

Executive Summary

The Center for Regulatory Effectiveness’ (CRE’s) comments on the Cybersecurity Framework focus on a single crucial issue:

  • Establishing a process for federal determination of what constitutes an Industry Best Practice.

Two components which need to be included in the Framework’s process for determining Industry Best Practices are:


Situational Awareness a New Way to Attack Cybersecurity Issues

Editor’s Note: The NIST-disseminated background/overview document “Situational Awareness a New Way to Attack Cybersecurity Issues Rather Than Using a System Defense Approach” is attached here.  The following is from the introduction.

Situational Awareness

The United States Army Field Manual defines “Situational Awareness” as “Knowledge and understanding of the current situation which promotes timely, relevant and accurate assessment of friendly, enemy and other operations within the battle space in order to facilitate decision making.”

What does “Situational Awareness” mean to utilities cybersecurity and critical infrastructure and key resources (CIKR)?

The answer is

Older posts «