A Review of the Best News of the Week on Cybersecurity Management & Strategy
Top 10 cybersecurity tips to secure the 2018 U.S. election (SC Magazine, Jun 13 2018)
The 2018 Election is still five months away, but there has been no shortage of effort on the part of local, state and federal officials to ensure every ballot cast is legitimate and voters are not being intentionally spoofed by news planted by the nation’s enemies.
Russian Censorship of Telegram (Schneier on Security, Jun 13 2018)
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business.
SIEM Alternatives? What Are They? Do They Exist? (Gartner Blog Network, Jun 14 2018)
As we are preparing for a project to update our famed SIEM and SOC guidance documents, let’s have a quick discussion of so-called “SIEM alternatives.”
Capgemini to Acquire Leidos Cyber (SecurityWeek, Jun 08 2018)
Founded in 1967, the Capgemini Group employs more than 200,000 people in more than 40 countries. It focuses on consulting, technology services and digital transformation; and reported global revenue of EUR 12.8 billion in 2017.
Security Ratings Answer Big Questions in Cyber Insurance (Dark Reading, Jun 11 2018)
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
Dignity Health discloses multiple data breaches to HHS (SC Magazine, Jun 11 2018)
The San Francisco-based health care facilities operator Dignity Health recently experienced an accidental email breach affecting 55,947 patients, according to a May 31 disclosure form the not-for-profit corporation filed with the U.S. Department of Health and Human Services.
U.S. issues sanctions on Russian firms, citizens for NotPetya and other cyberattacks (SC Magazine, Jun 12 2018)
The U.S. Treasury Department issued sanctions Monday against five Russian companies and three citizens for providing material and technical support to the Russian Federation government for the NotPetya and other cyberattacks.
Deloitte poll: Firms plan adoption of AICPA’s SOC for Cybersecurity framework (SmartBrief, Jun 13 2018)
One-third of respondents said their organization will adopt the American Institute for Certified Public Accountants System and Organization Controls for Cybersecurity framework, and one in five plan to implement the system in the coming year.
Blockchain All the Rage But Comes With Numerous Risks (Dark Reading, Jun 13 2018)
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
Security metrics you need for the board (CSO Online, Jun 14 2018)
No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative metrics to have in your back-pocket when speaking in front of your board.
Tech pioneers: new copyright law a step towards an internet of surveillance and control (Naked Security – Sophos, Jun 13 2018)
You’re throwing a monkey wrench into the internet with all this copyright zeal. That’s essentially what the people who created the internet said in a letter to the president of the European Parliament in regards to Article 13 of the EU Copyright Directive.
Thomas Dullien on Complexity and Security (Schneier on Security, Jun 14 2018)
“For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I’ve ever provided.”
Dixons Carphone Hack Compromises 5.9M Payment Cards (Dark Reading, Jun 13 2018)
The UK electronics retailer says the hack, which began last July, also involves 1.2M personal data records.
Proposed ENCRYPT Bill to Create National Data Encryption Rules (eWEEK, Jun 08 2018)
U.S. Rep. Ted Lieu reintroduces a bill that would prohibit states and localities from creating their own rules about encryption as well as preventing them from banning encryption.
Building a Strong, Intentional and Sustainable Security Culture (Infosec Island, Jun 11 2018)
By understanding the attributes of organizational culture, leaders can make informed choices when trying to change cultures and improve an organization’s overall defense.
Welcome to the non-neutral net: Day one (Naked Security – Sophos, Jun 11 2018)
Come Monday morning, when this article posted, net neutrality looks set to be axed. What might the dawn of a net neutrality-free future hold?
French company fined 250,000 euros for a data leak (Help Net Security, Jun 12 2018)
CNIL, the French data protection authority, has decided to impose a 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, because it failed to secure the data of customers that ordered products via its website.
Automation critical to scalable network security (Network World Security, Jun 11 2018)
With Tufin Orchestration Suite R18-1, Cisco Firepower customers can make changes and update all the firewalls in minutes instead of having to touch each box one at a time.
Why CISOs Need a Security Reality Check (Dark Reading, Jun 13 2018)
We need to do a better job of proving our ROI to the mission of the enterprise. We need to commit to a disciplined focus on achieving excellence in the fundamentals and delivering on the hard tasks, even if they are slow to accomplish and don’t lead to stage presentations.
DDoS attack aimed at Mexican opposition presidential candidate website during debate (SC Magazine, Jun 14 2018)
The attack, in which most of the traffic came from Russia and China, was aimed at the National Action Party (PAN) site, which has been critical of Andres Manuel Lopez Obrador (AMLO), the front runner in the presidential election.