Agencies Need to Improve Cyber Incident Response Practices

Editor’s Note: GAO report GAO-14-354, “Information Security: Agencies Need to Improve Cyber Incident Response Practices” is available here. Below are GAO’s Recommendations.

From: GAO

To improve the effectiveness of governmentwide cyber incident response activities, we recommend that the Director of OMB and Secretary of Homeland Security address agency incident response practices governmentwide, in particular through CyberStat meetings, such as emphasizing the recording of key steps in responding to an incident. To improve the effectiveness of cyber incident response activities, we are making 25 recommendations to six selected agencies to improve their cyber incident response programs.

Elaborate Iranian hacking scheme targets US lawmakers

From: itnews

By Jim Finkle

Attackers build fake news website, social network.

In an unprecedented, three-year cyber espionage campaign, Iranian hackers created false social networking accounts and a bogus news website to spy on military and political leaders in the United States, Israel and other countries, a cyber intelligence firm said on Thursday.

ISight Partners, which uncovered the operation, said the targets include a four-star US Navy admiral, US lawmakers and ambassadors, and personnel from Afghanistan, Britain, Iraq, Israel, Saudi Arabia and Syria.

Read Complete Article


US Regulatory Bodies Respond to Outsourcing Security Risk

From: Nearshore Americas

 by: Tim Wilson

The push in the United States from regulatory bodies advising on best practices for outsourcing relationships with third-party vendors may be due to cyber security concerns, according to Richard Raysman, one of America’s leading outsourcing lawyers.

“I think it relates to President Obama’s executive order 13636, which was issued on February 12, 2013,” Raysman told Nearshore Americas. “That executive order called for improvements in critical infrastructure and cyber security.”

IG concludes VA’s systems, data remain at risk

From: 1500 AM

By Jason Miller

The Veterans Affairs Department’s struggle to secure its networks and systems continues to a great degree, and while there is progress in some areas, its computers, databases, servers and nearly all other IT remain at risk.

These are the findings from VA inspector general in its latest Federal Information Security Management Act (FISMA) report to Congress.

Among the IG’s findings are 6,000 system cyber risks from previous audits listed in their plans of actions and milestones (POA&Ms) and continued weaknesses in access and configuration management controls because the agency hasn’t fully implemented standards on all servers and network devices.

Healthcare and pharma cyber security rated worst in S&P 500

From:  Medical Economics

Analysts worry that a wide-scale security breach could occur in 2014

Healthcare and pharmaceutical companies have the worst cyber security among Standard & Poor’s (S&P) 500, and could suffer from wide-scale security breaches in 2014 similar to those experienced by retail companies such as Target and Neiman Marcus, according to a recent report.

BitSight Technologies, a securities ratings company, examined the cyber health of companies on the S&P 500, and found that 82% had been victims of some sort of security breach. Healthcare and pharmaceutical companies ranked the lowest among the four industry categories studied, because of its high volume of incidents and slow response times.