As NSA reform dies, questions about Safe Harbour reform loom

Jonathan Brandon, Business Cloud News,  Thursday, November 20, 2014

The USA Freedom Act, which was proposed in a bid to end mass surveillance and give more transparency and oversight to how digital communications are monitored by the US intelligence community, died on the floor of the US Senate this week, falling just two votes shy of the 60 votes it needed to pass. Some analysts believe the result will stoke further debate around Safe Harbour and other data sharing agreements with the US.

Chertoff: Cybersecurity takes teamwork

Taylor Armerding, CSO,  Wednesday, November 05, 2014

Cyber security, to be successful, has to be a “team sport,” former Homeland Security secretary Michael Chertoff told attendees of the Advanced Cyber Security Center (ACSC) Conference at the Federal Reserve Bank of Boston Tuesday morning. Chertoff, cofounder and executive chairman of the Chertoff Group, who gave the keynote speech at the conference, titled “Left of Boom: How and where to invest across the kill chain,” said organizations that go it alone, and especially those that focus only on prevention to maintain their security from cyberattacks are “doomed.”

Are your file sharing tools leaking data?

GCN,  Wednesday, November 05, 2014

Routine, unsanctioned file sharing among employees has put organizations at risk equal to or greater than the dangers posed by direct data theft, according to research by the Ponemon Institute and IntraLinks Holdings Inc., a software-as-a-service content management firm. The report, Breaking Bad: The Risk of Unsecure File Sharing, says many organizations have few controls in place to protect data, yet they are enabling data to be shared outside their organizations without the knowledge of senior management. The study points a finger at cloud storage and sharing services such as Dropbox, which have become increasingly popular as they enable employees and organizations to easily collaborate.

Federal mobile platforms need newer, stricter protocols

General Ken Minihan by General Ken Minihan, Paladin
Monday, November 03, 2014

The marriage of mobile and cloud requires a new approach to security. It requires a new paradigm for trust as government agencies, medical systems and educational institutions outsource their cloud-based platforms to private vendors. This trust must be based on transparency, resiliency and accountability.

Survey: IT departments are losing cloud security battle

Greg Otto, FedScoop,  Friday, October 31, 2014

Government IT professionals aren’t the only ones having trouble keeping up with the security demands that come with the adoption of cloud computing. A study released earlier this week by the Ponemon Institute finds that IT professionals are having trouble managing data stored on the cloud, are often kept in the dark on or can’t identify who is responsible for data security and do not have worthwhile security measures in place for data at rest.

Biggest ever cyber security exercise in Europe today

European Commission,  Thursday, October 30, 2014

More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA). In Cyber Europe 2014 experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy companies, financial institutions and internet service providers are testing their procedures and capabilities against in a life-like, large-scale cyber-security scenario.

The Blind Men, the Elephant and the FTC’s Data Security Standards

Omer Tene, IAPP,  Thursday, October 30, 2014

Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.

Top Security Threats Still Plaguing Enterprise Cloud Adoption

John K. Waters, Redmond Magazine,  Tuesday, October 28, 2014

The lack of confidence is with good cause. The Cloud Security Alliance (CSA) has identified what its researchers believe to be the top nine cloud security threats. Data breaches top that list, dubbed "The Notorious Nine". Also on that list are data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, insufficient due diligence, and shared technology vulnerabilities. The company emphasized those risks at a three-day conference in September hosted jointly by the CSA and the International Association of Privacy Professionals (IAPP).

Operation SMN – Disruption of Axiom Group – Prolific Chinese Cyber Espionage Team

Brian Bartholomew, iSight Partners,  Tuesday, October 28, 2014

Earlier today iSIGHT Partners proudly participated in the public disclosure of threat intelligence on a prolific Chinese Cyber Espionage group. This disclosure included the sharing of technical indicators which can be used to determine the potential of compromise, as well as detail on the tactics, techniques and procedures of this group which can be used to inform better security decisions. This release was made as part of a coalition of security vendors, security researchers and major technology companies called “Operation SMN” which was announced on October 14th. The effort was led by Novetta and Microsoft and is the first joint effort under Microsoft’s Coordinated Malware Eradication program.

Do You Know What Apps Your Employees Use?

Deborah Gage, Wall Street Journal,  Monday, October 27, 2014

Unauthorized cloud-based software is proliferating in the workplace, causing regulatory and security challenges for companies that often don’t even know their employees are using it. Some of the services are well known, such as Dropbox, for file sharing, and the multipurpose social-media site Facebook . But at some companies, employees are tapping hundreds of cloud-based apps to perform functions ranging from Web conferencing to conducting surveys to sharing photos.