Archive for October, 2015
IT trade group CompTIA will receive $249,000 in the first year year of the project to illustrate the geography of cybersecurity job vacancies. The map is expected to come out in late 2016.
By Whitney Blair Wyckoff
The National Institute of Standards and Technology announced Tuesday it awarded a three-year grant to the IT trade group CompTIA to create a “heat map” of cybersecurity jobs.
By Troy K. Schneider
At the recent National Association of State CIOs conference in Salt Lake City, Colorado Secretary of Technology and CIO Suma Nallapati spoke with GCN Editor-in-Chief Troy K. Schneider about her state’s efforts to weave better IT into every citizen interaction — and to convince IT talent that government work is worth exploring. The answers below have been edited for length and clarity.
What’s the focal point for your team right now? What should we be looking for from Colorado?
From: Federal Times
Jill R. Aitoro, Editor
Some might say that Splunk is undergoing an identity crisis – a security company to some, big data to others. CEO Godrey Sullivan explains why labels don’t matter.
Some might say that Splunk is undergoing an identity crisis.
The company is widely regarded as a security company, particularly among federal customers. And there’s a strong case to be made for that, when you consider that one customer in the Pentagon managed to fence off a Trojan horse before it infiltrated systems, thanks to a discovery of the malware — the same malware that took down the network of the rest of the office for a couple weeks
Changes to European data protection law will put new responsibilities on datacentre and cloud providers
The process of reforming European data protection law has been protracted, to say the least. However, the target for a final text of the EU General Data Protection Regulation (GDPR) is now firmly set for the end of 2015, and it is expected to come into force some time in 2017.
For datacentre and cloud service operators, this means big legislative changes are probably just over a year away and the time to start work on compliance with those changes is now.
In 2007, a preeminent American defense contractor first reported cyber attacks emanating from China. Four years later, upon a visit by then Secretary of Defense Robert Gates, the Chinese Air Force revealed a fighter jet unnervingly similar to the one manufactured by the hacked American contractor. More recently, the FBI reported in July 2015 that hackers accessed the personnel files and security clearances of over 22 million federal employees and contractors.
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of US-EU “safe harbor” system is a useful reminder of the differences between the way the Europe Union and the U.S. handle questions of data privacy: whereas, generally speaking, in the EU data privacy standards are relatively uniform, in the U.S. there are as many different sets of regulations as there are states, with various federal laws and regulations filling in various gaps or providing additional compliance issues. I have elsewhere referred to this as a “patchwork” system (although some might prefer the term “crazy quilt”).
From: Oregon Live
Against a backdrop of at least two brazen security breaches, Nike also took significant steps this year to better protect its product designs and other proprietary information. It launched a “Keep It Tight” education program for employees, making them aware of security threats, particularly cybersecurity breaches.
“Companies are now dealing with sophisticated levels of digital crime,” said Gus Malezeis, president of Tripwire, a Portland online security software company. “They’re finding that these (bad) guys have been here and they scoped out the data and they’re walking away with it.”
Businesses relying on European Commission-approved model contract clauses to transfer personal data from the EU to the US should terminate or suspend those arrangements, a German data protection watchdog has said.
The Independent Centre for Privacy Protection in the state of Schleswig-Holstein said (5-page / 56KB PDF) it was its view that EU-US data transfers facilitated by the use of model clauses fail to comply with EU law.
It outlined its opinion in a new position paper published in light of the ruling last week by the Court of Justice of the EU (CJEU) that the ‘safe harbour’ framework for enabling EU-US data transfers is “invalid”.
Just a few years ago, the only security metric that mattered was whether your organization had been hacked or not.
This all-or-nothing definition of security success is now outdated. There are new, more complex metrics that measure the strength of your security posture. They include:
- Mean Time to Intrusion: How long (hours or days) would it take someone to get into your network from the outside? This should be a long time.
- Mean Time to Detection: How long does it take to notice they are in your network? This should be a short time.