DSG discusses info security services

From: Trade Arabia

Dubai Smart Government (DSG) highlighted its latest services and solutions at a workshop on information security services for Dubai government entities recently.

The workshop, which was attended by representatives of information security sector in all Dubai government entities, was aimed at boosting investments in ICT infrastructure development, promoting government performance and achieving a high status within the global knowledge economy, said DSG in a statement.

NIST Seeking Input on Cyber Security R&D Center

From: FEDWeek

Cyber Security Center of Excellence is seeking input on a proposal to have a contractor operate a federally funded research and development center.

The cyber security center of excellence – NCCoE, was established in partnership with the state of Maryland and Montgomery County in February 2012. The public private partnership is designed to help businesses secure their data and digital infrastructure by bringing together experts from industry, government and academia to find cybersecurity solutions.

According to NIST, the NCCoE federal staff will provide overall management of the center, and the FFRDC will support its mission through three major task areas: research, development, engineering and
technical support; program/project management; and facilities management.

IG: More than 104,000 affected by Energy Department computer breach

From: Federal Times


Hackers stole personally identifiable information this summer on more than 104,000 Energy Department employees, family members and contractors, the agency’s inspector general concluded in a new report that faults DOE officials for failing to take basic cybersecurity precautions.

Although the IG did not uncover a single “point of failure” for the July breach, a combination of technical and managerial problems “set the stage for individuals with malicious intent to access the system with what appeared to be relative ease,” the IG said in the report. The investigation also found that the extent of personal information stolen was much more extensive than the department initially reported. Beside names, dates of birth and Social Security numbers, the data also included bank account numbers and places of birth, along with education and disability information, the report said.

HHS Inspector General: HIPAA Enforcer Not Following Rules

From: Health Data Management

The HHS Office for Civil Rights is doing an inadequate job of enforcing the HIPAA security rule by conducting audits, and has not properly secured its own related information systems, a report from the HHS Office of Inspector General contends.

HHS/OCR has conducted pilot audits and was expected in 2013 to significantly expand the program. The agency, however, told OIG that no funds have been appropriated to maintain a permanent audit program. “We remain concerned about OCR’s ability to comply with the HITECH audit requirement and the resulting limited assurance that ePHI is secure at covered entities because of OCR’s comment regarding limited funding for its audit mandates,” OIG replied in the report.

Nasdaq Information Chief to Head New Cyber Crime Unit

From: Wall Street Journal/MoneyBeat

By  Michelle Price

Nasdaq OMX’s chief information security officer, Mark Graff, is to chair a new working group that’s been set up by the World Federation of Stock Exchanges to try to combat the rise of cyber attacks on financial market infrastructure.

The formation of the group comes amid evidence that cyber-security is a real threat to exchanges, with 53% of them found to have suffered an attack within 12 months, according to research published in July by the WFE and regulatory standard-setting body the International Organization of Securities Commissions.