The Daily Sandbox!

Internet Security Alliance News & Information Security Resources

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sun, 02 Aug 2009 21:11:00 +0000

From The Internet Security Alliance

In The News…

July 24, Orange County Register – (California) FBI to investigate Placentia library hacking. The FBI is hunting down the hackers that hijacked the Placentia Public Library Web site the morning of July 24, a bureau official said the same afternoon. “The FBI will open and investigation into this incident,” said an FBI spokeswoman. The spokeswoman, who works out of the bureau’s Los Angeles field office, said that the FBI has a special unit that investigates “cyber crimes, computer intrusions, defacements, more traditional crimes like fraud and child exploitation.” Visitors to the Placentia Library Web site were greeted by an image of a flapping flag with a crescent moon and star behind a portrait of famed Turkish leader Mustafa Kemal Ataturk. Underneath was the phrase “Editaarruz is back.” A group calling itself the “Federal Attack Team” has apparently hacked www.placentialibrary.org — disabling the site completely. The word “taarruz” means “attack” or “offensive” in the Turkish language.
Source: http://www.ocregister.com/articles/site-web-search-2506225-google-placentia

Internet Security Alliance News 7-29-09 : Information Security Resources

Technorati Tags: 2009,access,Anthony M. Freed,Apple,audits,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,cyber security,cybersecurity,cybersquatting,D and O liability,Data,DDoS,defense industrial base,DHS,DIB,DMCA,docs,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Host,ICANN,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISA,ISR,Kevin M. Nixon,law,lawyer,legal,liability,malware,management,News,phishers,privacy rights,protocol,regulations,regulatory,risk,Security,software,spammers,System,systems,third party,valuation,vendors,zero day attack

del.icio.us Tags: 2009,access,Anthony M. Freed,Apple,audits,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,cyber security,cybersecurity,cybersquatting,D and O liability,Data,DDoS,defense industrial base,DHS,DIB,DMCA,docs,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Host,ICANN,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISA,ISR,Kevin M. Nixon,law,lawyer,legal,liability,malware,management,News,phishers,privacy rights,protocol,regulations,regulatory,risk,Security,software,spammers,System,systems,third party,valuation,vendors,zero day attack

IceRocket Tags: 2009,access,Anthony M. Freed,Apple,audits,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,cyber security,cybersecurity,cybersquatting,D and O liability,Data,DDoS,defense industrial base,DHS,DIB,DMCA,docs,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Host,ICANN,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISA,ISR,Kevin M. Nixon,law,lawyer,legal,liability,malware,management,News,phishers,privacy rights,protocol,regulations,regulatory,risk,Security,software,spammers,System,systems,third party,valuation,vendors,zero day attack

BuzzNet Tags: 2009,access,Anthony M. Freed,Apple,audits,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,cyber security,cybersecurity,cybersquatting,D and O liability,Data,DDoS,defense industrial base,DHS,DIB,DMCA,docs,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Host,ICANN,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISA,ISR,Kevin M. Nixon,law,lawyer,legal,liability,malware,management,News,phishers,privacy rights,protocol,regulations,regulatory,risk,Security,software,spammers,System,systems,third party,valuation,vendors,zero day attack

♪ Smile - Charlie Chaplin

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sun, 02 Aug 2009 17:19:00 +0000

A special “Thank You” for all my friends and family. - Kev

YouTube - ♪ Smile - Charlie Chaplin

Technorati Tags: Kevin M Nixon,www.information-security-resources.com,information-security-resources.com

del.icio.us Tags: Kevin M Nixon,www.information-security-resources.com,information-security-resources.com

IceRocket Tags: Kevin M Nixon,www.information-security-resources.com,information-security-resources.com

BuzzNet Tags: Kevin M Nixon,www.information-security-resources.com,information-security-resources.com

The Value of a Clear Moral Compass

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Fri, 31 Jul 2009 16:41:00 +0000

By: Mike Spinney, CIPP – Privacy Analyst, Ponemon Institute

Here’s a brazen bit of breachery from the Miami Herald.

It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings.

Apparently the scheme went on for two years before the hospital employee blabbed about it. Luckily for Miami-area residents, someone with a clearer moral compass recognized the crime and told authorities.

This isn’t all that different from the revelation that UCLA Medical Center employees were abusing their access privileges to snoop the files of celebrity patients, either for their own amusement or to pass info along to the tabloids.

While both stories are a reminder of the serious threat posed by malicious insiders, the Jackson Memorial case offers another lesson: don’t overlook the importance of personal ethics in your security strategy.

We have no information about the security and ID/access management technologies in place at Jackson Memorial, and we don’t know if the person who tipped the police was a co-worker. But we do know that someone who knew right from wrong had the moral courage to do the right thing when confronted with information related to misconduct.

Good, consistent training and an ongoing awareness campaign – along with a visible example set from the top down – can have a positive effect on your company’s overall security program (and at a very reasonable cost). We cannot emphasize enough the importance of creating a security-conscious culture within every organization.

Mike Spinney, Senior Privacy Analyst , CIPP

Mike Spinney is a senior privacy analyst with the Ponemon Institute, a research organization dedicated to advancing responsible information and privacy management practices in business and government. He works closely with founder Dr. Larry Ponemon to develop a better understanding of and new approaches to responsible information management. Spinney serves on the Ponemon Institute’s RIM Council and is a frequent author and speaker on data privacy issues.

Spinney’s work on privacy has appeared in Privacy Advisor, 1to1: Privacy, RFID Journal, CSO, Computerworld, and other industry publications, and he has addressed audiences including the Privacy Summit, Secure Boston, Secure Chicago, IAPP/ISC(2) Security Series, INTERPHEX, and SecureWorld. He is a frequent media resource on privacy issues and has been quoted extensively by such media as the San Francisco Chronicle, BBC, Inc. Technology, Popular Science, American Medical News, Security Management, IDG News Service, SC Magazine, and many more.

The Value of a Clear Moral Compass - Mike Spinney's Blog

del.icio.us Tags: 2009,Kevin M Nixon,best practices,birth certificate,Breach,breaches,Mike Spinney,Ponemon Institute,Larry Ponemon,bypass,child identity theft,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,embezzlement,FBI,Finance,Financial,Financial Identity,Financial InfoSec,fraud,governance,hackers,homeland Security,ID,Identity Theft Resoiurce Center,identity thief,IDExperts,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,ISR,ITRC,Kevin M. Nixon,law,legal,liability,misuse,model employee,News,online fraud,privacy rights,red flags,risk,scams,Security,stealing data,students,System,systems,theft,third party,Transunion,vendors,zero day attack

Technorati Tags: 2009,Kevin M Nixon,best practices,birth certificate,Breach,breaches,Mike Spinney,Ponemon Institute,Larry Ponemon,bypass,child identity theft,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,embezzlement,FBI,Finance,Financial,Financial Identity,Financial InfoSec,fraud,governance,hackers,homeland Security,ID,Identity Theft Resoiurce Center,identity thief,IDExperts,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,ISR,ITRC,Kevin M. Nixon,law,legal,liability,misuse,model employee,News,online fraud,privacy rights,red flags,risk,scams,Security,stealing data,students,System,systems,theft,third party,Transunion,vendors,zero day attack

IceRocket Tags: 2009,Kevin M Nixon,best practices,birth certificate,Breach,breaches,Mike Spinney,Ponemon Institute,Larry Ponemon,bypass,child identity theft,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,embezzlement,FBI,Finance,Financial,Financial Identity,Financial InfoSec,fraud,governance,hackers,homeland Security,ID,Identity Theft Resoiurce Center,identity thief,IDExperts,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,ISR,ITRC,Kevin M. Nixon,law,legal,liability,misuse,model employee,News,online fraud,privacy rights,red flags,risk,scams,Security,stealing data,students,System,systems,theft,third party,Transunion,vendors,zero day attack

BuzzNet Tags: 2009,Kevin M Nixon,best practices,birth certificate,Breach,breaches,Mike Spinney,Ponemon Institute,Larry Ponemon,bypass,child identity theft,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,embezzlement,FBI,Finance,Financial,Financial Identity,Financial InfoSec,fraud,governance,hackers,homeland Security,ID,Identity Theft Resoiurce Center,identity thief,IDExperts,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,ISR,ITRC,Kevin M. Nixon,law,legal,liability,misuse,model employee,News,online fraud,privacy rights,red flags,risk,scams,Security,stealing data,students,System,systems,theft,third party,Transunion,vendors,zero day attack

The Value of a Clear Moral Compass - Mike Spinney's Blog

Securing a Hacker-Free Zone on the Internet

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Tue, 28 Jul 2009 16:12:00 +0000

By Jacqueline Herships, Founder of Jacqueline Herships & Associates
(This article was first published in the Gerard Group International, Inc. newsletter “INTELANALYSIS”.)

Patented Telecommunications Plan Would Create Secure VoIP Communications

A recent patent series promises a new, secure telecommunications system by mitigating risks to Internet telephony like Voice over Internet Protocol (VoIP) from espionage, hacking, intrusion, and interruption of service.

The entire worldwide Domain Name System (DNS) was brought to its knees by hackers not too long ago; however, this new Internet telecommunications system will not depend on DNS.

In theory at least, the Wild West days of Internet telecommunications are over.

Based upon the inventions articulated in his five-patent suite, inventor Harry Emerson III, has mapped out a union between our secure and venerable telephone system - (Plain Old Telephone Service; a.k.a., POTS) - and the hyper-evolving, media-rich Internet which is so famously not one bit secure.

As it evolves, he believes this next generation telecommunications system, dubbed IronPipe™, will have huge implications for national security as well as tremendous new revenue opportunities for the carriers and supply chains which serve them.

Conceived in response to what he views as the seriously flawed paradigm, which is currently developing as telecommunications migrates to the Internet, Mr. Emerson says he designed IronPipe™ to offer an alternative with a high degree of security.

The Internet has produced something akin to a gold rush experience for those mining its resources and developing its vast potentialities, he said.

However, in the midst of this frenzy, he has observed that fundamental requirements of privacy, secrecy, and security are seldom openly discussed when it comes to Internet-based phone services known as Voice over Internet Protocol (VoIP) systems such as Skype, which are proliferating in cyberspace.

These are serious issues, he maintains, and they need to be fully considered by users such as corporations, telecommunications carriers, VoIP carriers, law enforcement agencies, and federal and state governments, as well as by the millions of Internet using individuals who are concerned with their own personal privacy.

According to Mr. Emerson, our current state of vulnerability came about because we have turned a blind eye to these issues of privacy, secrecy and security, combined with the scramble for profit, and an unregulated environment for VoIP.

“The Internet is a lawless frontier where nothing is safe and secure and reliability is always one step away from calamity,” he says.

“As things stand today, VoIP does little to protect the interests of the aforementioned entities, not to mention protecting the security of the United States. We are suffering untold numbers of hacker attacks DAILY, with systems broken into and identities stolen. Not too long ago the entire worldwide DNS system (Domain Name System) was brought to its knees by hackers,” Emerson said.

In his opinion, if the technology continues to develop in its current direction, no one will be able to guarantee that communications cannot be intercepted and monitored.

In addition, if we examine our circumstances, a lot of the excitement generating the rush to VoIP is based upon an illusion, the appearance that we are being offered new and sophisticated technologies.

In fact, existing VoIP offerings are simply discounted POTS service, he says, with no value-added features, only lower cost caused by fierce price pressure from cable TV and other low-overhead vendors.

The result is the continued downward spiral on price that has plagued the telecommunications industry for 30 years.

IronPipe™ is a re-thinking of 21^st century telecommunications architecture, which will return a sense of safety to our society as a whole, reinvigorating our economy from the inside out.

If his vision is implemented, Mr. Emerson says we won’t have to put up with either the fear of intrusion or the huge financial burden of protecting ourselves from the ever-increasing army of those with malicious intent.

We will now have a choice.

The challenge is that VoIP companies such as Skype (NASDAQ: EBAY), Vonage (NYSE: VG) and the various Cable carriers (Comcast NASDAQ: CMCSA, Time Warner: NYSE TMC, and CableVision: NYSE CVC) , which have migrated to the Internet, did so not only to provide cheaper communications, but to avoid regulatory scrutiny.

“If you don’t have to deal with the regulations it tends to make it cheaper,” Emerson said, “but these profits come at a price.”

“The integrity of the communications system has been compromised because of this short term thinking geared towards reducing costs.”

In its simplest terms, IronPipe™ enables us to make Web 2.0 Internet-style media rich calls utilizing the existing private, protected, secure, Public Switched Telephone Network (PSTN), and its unseen private data network - known as Signaling System #7 (SS7), which connects all the main switches around the world.

While VoIP uses the Internet exclusively and thus can be, and regularly is, compromised by persons of malicious intent, if we establish Internet calls through these telephone company switches there will be no access from the outside.

We can create rich media visual telephone calls on broadband Internet connections, using wire-line or wireless touch-screen phones such as the Apple (NASDAQ: AAPL) iPhone, simply by dialing a phone number, and still enjoy the privacy, security and reliability of traditional telephone calls.

Mr. Emerson says that his technology seamlessly merges the best of the Internet with the best of the telephone network.

Considering the cost to government, industry and “society at large” to protect against intrusion and to remediate the damage caused by intrusion, IronPipe™ could be well worth looking into.

About Harry Emerson, Co-Founder Emerson Development LLC:

Mr. Harry Emerson is an expert in computers, voice and data communications, and the Internet.

His career history includes 25 years in various sales, management, and strategic capacities at AT&T (NYSE: T) and the design and management of large-scale, multi-million dollar enterprise applications and data systems.

He has numerous patents issued and pending against a variety of technologies including FM radio, Internet streaming, PC software, and telecommunications.

Mr. Emerson co-founded GEODE Electronics to commercialize a series of patented enhancements to commercial FM radio. Subsequently, Mr. Emerson co-founded SurferNETWORK, an Internet streaming media business.

His background in switching systems and data networking, along with concepts he developed in corporate architecture and strategy positions, ultimately led to the development of the patent portfolio that defines the next generation of secure telecommunications, known as IronPipe™, featuring secure, rich Multimedia capabilities.

He is a member of the New Jersey Technology Council (http://www.njtc.org/) Telecommunications/Media Industry Network Advisory board.

Emerson Development, LLC has been awarded a fifth telecommunications patent that introduces breakthrough technology combining the multimedia capability of the Internet with the safety, security, and reliability of the phone network.

This exciting new technology enables a world in which audio/visual phone calls will become the standard for routine, daily communications. The Emerson Development Multimedia Telecommunications technologies will create the next generation of telecommunications — visual, multimedia, and videophone communications on screen-based phones that require no knowledge or training for users. Just dial a phone number.

Emerson Development Multimedia Telecommunications provides the carrier class infrastructure, operations, management, and billing capabilities that will be absolutely necessary for the major telecommunications companies throughout the world to venture into this field.

These mandatory capabilities include requirements for security, privacy, secrecy of communications, and unlisted numbers, including the guaranteed ability to keep the identities of callers secret under every circumstance imaginable.

In addition, just as importantly, Multimedia Telecommunications provides for these privacy and security requirements while still enabling government mandated provisions for law enforcement wiretapping and call tracing.

Overview of the Emerson Development, LLC Patents

Patent Number	Description
6,704,305	“Integrated Device For Integrating The Internet With The Public Switched Telephone Network” This patent, describes telephone devices such as screen phones that support audible and visual communications across the Internet simply by dialing a telephone number. These “Integrated” phones have both a telephone connection and an Internet connection. By using digital call control messages that are sent to and from the local telephone central office, an “Integrated” telephone can set up an Internet Multimedia call to a compatible phone. If the called phone is not Internet capable, a standard phone call is established.
6,700,884	“Integrating the Internet With The Public Switched Telephone Network” This patent, describes a system for a telephone device as described in 6,704,305 to be able to create an Internet call. The system includes a mechanism for correlating the telephone number of a calling or called device with its associated IP address. That information could be stored in the telephone itself, in a record system of the local central office, or in one or more central registries.
6,697,357	“Call Management Managing System For Integrating The Internet With The Public Switched Telephone Network” This patent describes a digital call management messaging system, that could be thought of as an extension of ISDN and SS7, that enables an “Integrated” telephone device to communicate across the Internet. When one of these telephones places a call, it sends a digital message to its serving central office switching system. That message includes its telephone number and IP address, as well as the telephone number of the called party. By sending a compatible message to the central office serving the called party, the originating central office can determine if the called party is capable of an Internet call. If so, once the called device receives the call setup message, it has the Internet IP address of the calling device, and can then establish a connection across the Internet.
6,928,070	“Integrating The Internet With The Public Switched Telephone Network” This patent, describes a sophisticated system, which greatly enhances the privacy, secrecy, and security of Internet calls. This system enables the telephone-switching network to dynamically assign an IP address to both the calling and called device, and route the resulting Internet call through an intermediate proxy server. Internet phones require more than just “unlisted number” capability since a called party can easily determine the geographic location of a caller, and thus putting the life of some individuals at risk (such as a battered spouse). With this invention, the proxy servers can be in other geographic regions to cloak a device’s actual geographic location. Furthermore, the Internet call can be split into two unidirectional streams, and each of those streams can be routed through a separate pair of proxy servers. Since the proxy servers can be dynamically selected for each call, the true location of an “Integrated” phone can be protected.
7,327,720	“Integrated Telephone Central Office Systems For Integrating The Internet With the Public Switched Telephone Network” This patent describes a telephone central office switching system having a digital messaging capability to send and receive call setup and management messages to and from compatible phones. These call management messages can initiate and control a communications session transpiring across the Internet. The central office switching system can communicate similar digital messages to other central offices and central office systems to create and manage end-to-end Internet communications.

Emerson Development, LLC’s IronPipe™ Benefits

Telephone carriers stand to benefit from this new technology because it preserves their business position by providing high value in the PSTN and in the underlying private SS7 network that connects the PSTN together.

Traditional telephone carriers, as well as VoIP vendors that participate in this new technology, will benefit by offering new high value consumer services instead of competing by cutting prices.

Consumers will benefit from a flourish of new Multimedia features. The experience will be similar to accessing a web page with a browser, but would be done by dialing a phone number.

Industry and governments will benefit from a rich communications environment that is secure from espionage, hacking, intrusion, and interruption.

Questions and comments for Mr. Emerson may be directed to:
Direct - (973) 641-7420
Email - hemerson@EmersonDevelopmentLLC.com
Via LinkedIn: http://www.linkedin.com/in/harryemerson

Jacqueline Herships is the founder of Jacqueline Herships & Associates, a strategic communications and new business development company. Jacqueline developed her skills in the documentary film business, as a journalist, and as an organizer in her own right. She believes in the power of alliances and builds these into her strategic plans. In addition to her work with Emerson Development, Ms Herships’ client projects have included the US Green Building Council of New Jersey, the Sierra Club - NYC, the Local Initiatives Support Corporation Greater Newark & Jersey City (a funding agency for inner city community development), HANDS, Inc; Wildlight Productions, a critically acclaimed social issues documentary film company; and a variety of artists and arts projects. She is a workshop facilitator for the Support Center for Nonprofit Management in Manhattan and others on the subject of laser communications-developing attention in the age of information overload; she has twice been a member of the board of the International Furnishings and Design Association, IFDA/NY as well as their publicist for 2 years. And, she is the co-founder of Professionals in Media (PIM), a regional organization of media professional including writers, editors, publishers, filmmakers, consultants, etc., who meet across professional lines.

Comments and questions may be directed to: Jacqueline Herships & Associates:
Direct - (973) 763-7555
Email - jacqueline@jacquelineherships.com

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

© Copyright 2009 – Jacqueline Herships – All Rights Reserved

(This article may be reprinted in whole or in part only with proper attribution to the author. See: Information Security Resources)

Technorati Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

LiveJournal Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

Flickr Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

del.icio.us Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

IceRocket Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

43 Things Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

BuzzNet Tags: 2009,access,Anthony M. Freed,Apple,Breach,breaches,bypass,CableVision,class action,Comcast,computer,confidential,consumer product liability,control,Costs,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DDoS,DNS,DOD,Domain Name System,due diligence,Economy,electronic database,Emerson Development LLC,espionage,Finance,Financial,Financial Identity,Financial InfoSec,governance,hackers,hacking,Harry Emerson III,homeland Security,ID,identity thief,infiltrate,Infoduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,interview,intrusion,iphone,IronPipe,ISR,Jacqueline Herships,Kevin M. Nixon,law,legal,liability,Managed Security,markets,meltdown,misuse,national security,News,outsourcing,paperless,POTS,privacy rights,Public Switched Telephone Network (PSTN),Raytheon,regulations,regulatory,removeable devices,Report,risk,ROI,sabotage,Security,shareholder derivative,Signaling System #7,Skype,SS7,steal,System,systems,telecommunications,theft,third party,Time Warner,valuation,vendors,VOIP,Vonage,zero day attack

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Wed, 24 Jun 2009 00:37:00 +0000

Summer Reading for Security Pros: Schneier or Sagan? - CSO Online - Security and Risk (http://ping.fm/iuORL)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Wed, 24 Jun 2009 00:22:00 +0000

A Guide for Full Field Background Checks : Information Security Resources (http://ping.fm/mSQQ7)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Tue, 23 Jun 2009 22:22:00 +0000

homeatm.net (http://homeatm.net/)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Tue, 23 Jun 2009 22:17:00 +0000

PIN Debit Payments Blog: Preview of HomeATM's Newly Redesigned Website (http://ping.fm/ni2SH)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Tue, 23 Jun 2009 22:14:00 +0000

(Never) Always Set Up QA Before Production : Information Security Resources (http://ping.fm/EAUWv)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Tue, 23 Jun 2009 22:11:00 +0000

Internet Security Alliance Updates 6-23-09 : Information Security Resources (http://ping.fm/9feus)

Cyberwar - Privacy May Be a Victim in Cyberdefense Plan - Series - NYTimes.com

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 20:40:00 +0000

June 13, 2009

Cyberwar - The New York Times

Privacy May Be a Victim in Cyberdefense Plan

By THOM SHANKER and DAVID E. SANGER

WASHINGTON — A plan to create a new Pentagon cybercommand is raising significant privacy and diplomatic concerns, as the Obama administration moves ahead on efforts to protect the nation from cyberattack and to prepare for possible offensive operations against adversaries’ computer networks.

President Obama has said that the new cyberdefense strategy he unveiled last month will provide protections for personal privacy and civil liberties. But senior Pentagon and military officials say that Mr. Obama’s assurances may be challenging to guarantee in practice, particularly in trying to monitor the thousands of daily attacks on security systems in the United States that have set off a race to develop better cyberweapons.

Much of the new military command’s work is expected to be carried out by the National Security Agency, whose role in intercepting the domestic end of international calls and e-mail messages after the Sept. 11, 2001, attacks, under secret orders issued by the Bush administration, has already generated intense controversy.

There is simply no way, the officials say, to effectively conduct computer operations without entering networks inside the United States, where the military is prohibited from operating, or traveling electronic paths through countries that are not themselves American targets.

The cybersecurity effort, Mr. Obama said at the White House last month, “will not — I repeat, will not — include monitoring private sector networks or Internet traffic.”

But foreign adversaries often mount their attacks through computer network hubs inside the United States, and military officials and outside experts say that threat confronts the Pentagon and the administration with difficult questions.

Military officials say there may be a need to intercept and examine some e-mail messages sent from other countries to guard against computer viruses or potential terrorist action. Advocates say the process could ultimately be accepted as the digital equivalent of customs inspections, in which passengers arriving from overseas consent to have their luggage opened for security, tax and health reasons.

“The government is in a quandary,” said Maren Leed, a defense expert at the bipartisan Center for Strategic and International Studies who was a Pentagon special assistant on cyberoperations from 2005 to 2008.

Ms. Leed said a broad debate was needed “about what constitutes an intrusion that violates privacy and, at the other extreme, what is an intrusion that may be acceptable in the face of an act of war.”

In a recent speech, Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff and a chief architect of the new cyberstrategy, acknowledged that a major unresolved issue was how the military — which would include the National Security Agency, where much of the cyberwar expertise resides — could legally set up an early warning system.

Unlike a missile attack, which would show up on the Pentagon’s screens long before reaching American territory, a cyberattack may be visible only after it has been launched in the United States.

“How do you understand sovereignty in the cyberdomain?” General Cartwright asked. “It doesn’t tend to pay a lot of attention to geographic boundaries.”

For example, the daily attacks on the Pentagon’s own computer systems, or probes sent from Russia, China and Eastern Europe seeking chinks in the computer systems of corporations and financial institutions, are rarely seen before their effect is felt inside the United States.

Some administration officials have begun to discuss whether laws or regulations must be changed to allow law enforcement, the military or intelligence agencies greater access to networks or Internet providers when significant evidence of a national security threat was found.

Ms. Leed said that while the Defense Department and related intelligence agencies were the only organizations that had the ability to protect against such cyberattacks, “they are not the best suited, from a civil liberties perspective, to take on that responsibility.”

Under plans being completed at the Pentagon, the new cybercommand will be run by a four-star general, much the way Gen. David H. Petraeus runs the wars in Afghanistan and Iraq from Central Command in Tampa, Fla. But the expectation is that whoever is in charge of the new command will also direct the National Security Agency, an effort to solve the turf war between the spy agency and the military over who is in charge of conducting offensive operations.

While the N.S.A.’s job is chiefly one of detection and monitoring, the agency also possesses what Michael D. McConnell, the former director of national intelligence, called “the critical skill set” to respond quickly to cyberattacks. Yet the Defense Department views cyberspace as its domain as well, a new battleground after land, sea, air and space.

The complications are not limited to privacy concerns. The Pentagon is increasingly worried about the diplomatic ramifications of being forced to use the computer networks of many other nations while carrying out digital missions — the computer equivalent of the Vietnam War’s spilling over the Cambodian border in the 1960s. To battle Russian hackers, for example, it might be necessary to act through the virtual cyberterritory of Britain or Germany or any country where the attack was routed.

General Cartwright said military planners were trying to write rules of engagement for scenarios in which a cyberattack was launched from a neutral country that might have no idea what was going on. But, with time of the essence, it may not be possible, the scenarios show, to ask other nations to act against an attack that is flowing through their computers in milliseconds.

“If I pass through your country, do I have to talk to the ambassador?” General Cartwright said. “It is very difficult. Those are the questions that are now really starting to emerge vis-à-vis cyber.”

Frida Berrigan, a longtime peace activist who is a senior program associate at the New America Foundation’s arms and security initiative, expressed concerns about whether the Obama administration would be able to balance its promise to respect privacy in cyberspace even as it appeared to be militarizing cybersecurity.

“Obama was very deliberate in saying that the U.S. military and the U.S. government would not be looking at our e-mail and not tracking what we do online,” Ms. Berrigan said. “This is not to say there is not a cyberthreat out there or that cyberterrorism is not a significant concern. We should be vigilant and creative. But once again we see the Pentagon being put at the heart of it and at front lines of offering a solution.”

Ms. Berrigan said that just as the counterinsurgency wars in Iraq and Afghanistan had proved that “there is no front line anymore, and no demilitarized zone anymore, then if the Pentagon and the military services see cyberspace as a battlefield domain, then the lines protecting privacy and our civil liberties get blurred very, very quickly.”

Cyberwar - Privacy May Be a Victim in Cyberdefense Plan - Series - NYTimes.com

LiveJournal Tags: cybersecurity,cyberwar,privacy rights,cyberthreat,cyberattack,data privacy,Kevin Nixon,Bill Brenner,CSO,CIO,CISSP,CISM,CGEIT,www.information-security-resources.com,#hackers,#ISR,#cybersecurity,#data privacy,#cyberthreat,#cyberattack,#icerocket

Technorati Tags: cybersecurity,cyberwar,privacy rights,cyberthreat,cyberattack,data privacy,Kevin Nixon,Bill Brenner,CSO,CIO,CISSP,CISM,CGEIT,www.information-security-resources.com,#hackers,#ISR,#cybersecurity,#data privacy,#cyberthreat,#cyberattack,#icerocket

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 06:52:00 +0000

Sky News Australia - Swine Flu (http://ping.fm/MxFyz)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 06:20:00 +0000

Linda McGlasson (InfoSec_Girl) on Twitter (http://ping.fm/hScio)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 04:00:00 +0000

Summer Reading for Security Pros: Schneier or Sagan? | Security - InfoWorld (http://ping.fm/menhW)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 03:20:00 +0000

Internet Security Alliance Updates 6-12-09 : Information Security Resources (http://ping.fm/g99L7)

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 13 Jun 2009 03:13:00 +0000

How Facebook and Twitter Are Changing Data Privacy Rules ( - Internet - Security ) (http://ow.ly/dQuf)

WHO Declares Swine flu a Pandemic. Now What?

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Fri, 12 Jun 2009 02:29:00 +0000

From: www.csoonline.com

The World Health Organization has raised its pandemic alert level to 6, making swine flu the first true pandemic in more than 40 years. Here's what it means for your company.

WHO Declares Swine flu a Pandemic. Now What?

by Bill Brenner, Senior Editor, CSO

June 11, 2009

The World Health Organization (WHO) has officially declared swine flu the first pandemic in more than 40 years.

The news arrived with none of the panic that swirled in the air when news of the virus first emerged in late April. But security experts say there are still actions emergency planners should be taking to ensure order if later waves of the H1N1 virus prove more deadly.

By raising the pandemic level to Phase 6, WHO has confirmed that sustained human-to-human transmission of the virus is happening at the community-level in multiple countries. To date, the virus has appeared in 74 countries, including Mexico, the US, UK, Australia, Japan, and Chile. There have been approximately 28,000 cases with 141 deaths so far, though the move to Phase 6 does not necessarily mean swine flu is causing more severe illness or more deaths.

But it does mean the world is threatened by an unpredictable virus that could grow weaker or stronger with time. History has shown that pandemics often start with a mild first wave, followed in the fall and winter by a more lethal wave. The best example of this was the Spanish Influenza of 1918-19, which killed roughly 50 million to 100 million people worldwide.

Emergency preparedness experts say there's no cause for panic, but that history serves as a reminder that organizations should always be thinking about how to keep the machinery moving in the event something big and unexpected happens. [See: Now That the Hype Is Over, Keep Planning]

For emergency planners, there are both physical and cyber security challenges to think about regarding swine flu and other potential pandemic viruses.

On the physical side, private entities should be hammering out a game plan for who would do what and where if the government decided to restrict our movements to contain an outbreak, says Kevin Nixon, an emergency planning expert who has testified before Congress and served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and the Federal Trade Commission.

"Companies and employers that have not done so are being urged to establish a business continuity plan should the government direct state and local governments to immediately enforce their community containment plans," Nixon says. [Podcast: How to Prepare for a Swine flu Pandemic]

If the Federal government does direct states and communities to implement their emergency plans, recommendations, based on the severity of the pandemic, may include:

Asking ill people to voluntarily remain at home and not go to work or out in the community for about 7-10 days or until they are well and can no longer spread the infection to others (ill individuals may be treated with influenza antiviral medications, as appropriate, if these medications are effective and available.
Asking members of households with a person who is ill to voluntarily remain at home for about 7 days (household members may be provided with antiviral medications, if these medications are effective and sufficient in quantity and feasible mechanisms for their distribution have been developed).
Dismissing students from schools (including public and private schools as well as colleges and universities) and school-based activities and closure of childcare programs for up to 12 weeks, coupled with protecting children and teenagers through social distancing in the community, to include reductions of out-of-school social contacts and community mixing. Childcare programs discussed in this guidance include centers or facilities that provide care to any number of children in a nonresidential setting, large family childcare homes that provide care for seven or more children in the home of the provider, and small family childcare homes that provide care to six or fewer children in the home of the provider.
Recommending social distancing of adults in the community, which may include cancellation of large public gatherings; changing workplace environments and schedules to decrease social density and preserve a healthy workplace to the greatest extent possible without disrupting essential services; ensuring work-leave policies to align incentives and facilitate adherence with the measures outlined above. [Source: swine flu: How to Make Biz Continuity Plans, by Kevin Nixon]

On the IT security side, organizations need to be thinking about how to stay on top of things like log monitoring and patch management in the event of sickness among the IT security staff.

Kevin Coleman, a strategic management consultant at Technolytics, says companies should also plan for limitations on business travel and even bringing in extra cleaning crews and keeping employees at home if they complain of so much as a sniffle.

"Encourage anyone who feels the least bit sick to stay home," Coleman says. "If an employee can do all the work from home on company laptops and VPNs that they do in the office, there's no reason to have them come in. If you can limit exposure from the get-go, why wouldn't you?"

Meantime, Coleman said, companies should ramp up the cleaning crew activity that's already going on, mostly after office hours. Bringing in extra cleaning crews to wipe down heavily-touched surfaces like doors, walls, phones and keyboards is money well spent, he said.

"Employees can also do their part to limit the spread of flu by carrying around antibacterial hand wipes," he said, noting that some of his clients have already pulled back on the amount of business travel employees can do.

It's far from certain that we're in for a deadly 1918-style pandemic. Either way, security experts say going over the scenarios and building a game plan is time well spent.

Subscribe to CSO Newsletters

BuzzNet Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

43 Things Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

IceRocket Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

del.icio.us Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

Flickr Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

LiveJournal Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

Technorati Tags: Swine Flu,Bill Brenner,CSO,Pandemic Influenza Planning,WHO,Kevin Nixon,Global Health Emergency,Level 6 Pandemic,Information Security Resources,www.information-security-resources.com

#links

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Thu, 11 Jun 2009 03:38:00 +0000

#links

Guide to Global Leadership: Two Recommended “Must Reads” for Corporate Executives

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 06 Jun 2009 04:23:00 +0000

By Kevin M. Nixon, MSA, CISSP^©, CISM^©, CGEIT^©

“The Age of the Unthinkable” by Joshua Cooper Ramo

Do not pass Go! Do not collect $200! Go directly online and buy “The Age of the Unthinkable” by Joshua Cooper Ramo. I have been telling everyone I know about this book and now I am writing about it too.

We can all agree, that each day we hear yet another discouraging news report on how something else unexpected has gone to hell in a hand-basket. Just this past November 2008, Alan Greenspan in testimony before Congress said “I’ve discovered a flaw.” The Congressman questioning Mr. Greenspan asked him to explain, and with much bewilderment Mr. Greenspan said that “using the vast knowledge he had accumulated of the last 40 years and on which he had based his most trusted decisions, was no longer valid.”

Hearing that from Alan Greenspan must have had the same impact as someone overhearing Warren Buffet say “oops, I only wanted to buy 10% of that company and I accidentally added an extra zero. Now I own 100%. Can I change that order?”

Here is some background on the author:

Joshua Cooper Ramo is the managing director at Kissinger Associates, one of the world’s leading geostrategic advisory firms and the former foreign editor and assistant managing editor of Time magazine.

Mr. Ramo has recently released an audio book entitled “The Age of the Unthinkable – Why the new world disorder constantly surprises us and what we can do about it”

Here is a brief section of the book’s introduction:

“Just a few years into a new century, we’ve arrived at a moment of peril that not long ago would have seemed unimaginable. All around us, the ideas and institutions that we once relied on for our safety and security are failing, and the best ideas of our leaders seem to make our problems worse, not better. A global war on terror produces, in the end, more dangerous terrorists. The fight to stop financial crisis seems to accelerate its arrival. Carefully negotiated peace plans produce less peace.

This wasn’t always the case. For decades, our engagement with the world was based on the seductive belief that there was a logical relationship between the power of states and the physics of change. But that traditional physics of power has been replaced by something radically different. Drawing upon history, economics, complexity theory, psychology, human immunology, and the science of networks we learn about a landscape of inherent unpredictability and remarkable possibility.”

"ALL I REALLY NEED TO KNOW I LEARNED IN KINDERGARTEN" by Robert Fulghum

Most of what we really need to know about how to live, and what to do, and how to be, we learned in kindergarten. Wisdom was not at the top of the graduate school mountain, but there in the sand box at nursery school.

These are the things we learned.

Share everything.

Play fair.

Don't hit people.

Put things back where you found them.

Clean up your own mess.

Don't take things that aren't yours.

Say you are sorry when you hurt somebody.

Wash your hands before you eat.

Flush.

Warm cookies and cold milk are good for you.

Live a balanced life.

Learn some and think some and draw some and paint and sing and dance and play and work everyday.

Take a nap every afternoon.

When you go out in the world, watch for traffic, hold hands, and stick together.

Be aware of wonder.

Remember the little seed in the plastic cup? The roots go down and the plant goes up and nobody really knows how or why. We are like that.

And then remember that book about Dick and Jane and the first word you learned, the biggest word of all: LOOK! Everything you need to know is there somewhere. The Golden Rule and love and basic sanitation, ecology, and politics and the sane living.

Think of what a better world it would be if we all, the whole world, had cookies and milk about 3 o'clock every afternoon and then lay down with our blankets for a nap. Or we had a basic policy in our nation and other nations to always put things back where we found them and clean up our own messes. And it is still true, no matter how old you are, when you go out in the world, it is best to hold hands and stick together.

Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, has testified as an expert witness before the Congressional High Tech Task Force, the Chairman of the Senate Armed Services Committee, and the Chairman of the House Ways and Means Committee. He has also served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and as a consultant to the Federal Trade Commission.

The Author gives permission to link, post, distribute, or reference the above article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

IceRocket Tags: 2009,access,Kevin M Nixon,Anthony M Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

Technorati Tags: 2009,access,Kevin M Nixon,Anthony M Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

del.icio.us Tags: 2009,access,Kevin M Nixon,Anthony M Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

BuzzNet Tags: 2009,access,Kevin M Nixon,Anthony M Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

Susan Boyle 1st Runner-up 'Britain's Got Talent'!

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sun, 31 May 2009 01:36:00 +0000

Susan Boyle Fans can email Queen Elizabeth at: webeditor@royal.gsx.gov.uk Perhaps Ms Boyle will receive a special invitation to perform for her Majesty.

May 30, 2009

Susan Boyle lost Britain's Got Talent to the ten-person dance crew Diversity. "Lads, I wish you all the best," said Boyle graciously. It was a stunning loss. Boyle took second place in the voting.

Boyle chose to sing again the song that first brought her fame, "I Dreamed a Dream." Dressed in a blue gown and saying that this performance represented "forty years of doin,'" the Scottish sensation gave this final performance:

Given all the publicity Boyle received here in the States, it wasn't clear to many of us just how close the competition has been all along. To American eyes, the hip-hop dance-troupe Diversity looks pretty ordinary, don't you agree? But judge Simon Cowell hailed them as "the only act tonight I'd give a '10' to" and "sheer and utter perfection." Judge for yourself:

Diversity will perform before the Queen Elizabeth II in the Royal Variety Show and wins 100,000 pounds (about $159,000).

What do you think of the results? What do you think the future holds for Susan Boyle?

Piers Morgan's blog: http://www.officialpiersmorgan.com/

IceRocket Tags: Susan Boyle,1st runner-up

BuzzNet Tags: Susan Boyle,1st runner-up

43 Things Tags: Susan Boyle,1st runner-up

Technorati Tags: Susan Boyle,1st runner-up

del.icio.us Tags: Susan Boyle,1st runner-up

The Daily Sandbox!: Speculation, Rumors and Whispers - Who could become the Cyber Tsar – Will Willie Win?

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sun, 31 May 2009 00:17:00 +0000

The Daily Sandbox!: Speculation, Rumors and Whispers - Who could become the Cyber Tsar – Will Willie Win?

Speculation, Rumors and Whispers - Who could become the Cyber Tsar – Will Willie Win?

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sun, 31 May 2009 00:05:00 +0000

Got to thinking about all of the speculation, rumors and whispers, circulating around Washington DC tonight about who is on the short list with Tsar-like skills.

First, disregard all of the qualifications, in-depth security knowledge etc. that are on the typical everyday run of the mill Tsar Job Postings.

Think about alternative candidates that have additional supplemental income to take the sting out of that capitated $150K pay grade. Perhaps someone retired from the military, perhaps someone who has retained top level security clearance while in the private sector. Perhaps someone with experience dealing with huge software suppliers and with experience in Government Relations and Federal Programs with companies located in Washington State. And certainly someone with former responsibility for sales, business development, and the capture/proposal process for public sector opportunities. Consider also, someone with experience developing a company's Network Centric Systems, for Military Integration and Transformation. After all of those additional qualifications, perhaps someone currently in the private sector with very close government ties.

Rear Admiral Robert C. “Willie” Williamson, USN (Ret) joined Raytheon, Network Centric Systems in March 2004. He assumed the newly created position of Director, Naval Integration and Transformation and was assigned additional responsibilities as the Director of Business Development for Integrated Communications Systems (ICS) in December 2004. Currently, Willie is the vice president of International Programs for Integrated Communications Systems (ICS).

Another Washington whisper includes Paul B. Kurtz, a recognized cyber security and homeland security expert. He served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and is currently an on-air consultant to CBS News. Paul Kurtz, is currently a Partner and security consultant with Arlington, Va.-based Good Harbor Consulting.

Good Harbor Consulting Good Harbor Consulting, LLC was founded in 2002 by Good Harbor President Roger W. Cressey after he served in cyber security and counterterrorism positions in the Clinton and Bush administrations. He sought to establish a boutique consulting firm combining public and private sector knowledge and experience to develop a unique offering for government and commercial clients.

In 2003, Richard A. Clarke joined as Chairman of the firm and John S. Tritak joined as CEO. Clarke, an internationally recognized expert on security, including homeland security, national security, cyber security, and counterterrorism, has served the last three U.S. Presidents as a senior White House advisor. Prior to his 11 consecutive White House years, Clarke served for 19 years in the Pentagon, the Intelligence Community, and State Department.

So, President Obama has a number of players sitting on the bench and ready to play the game. But something just keeps nagging me as I tried to figure out who might have the best odds in Vegas. Add all of those ingredients together, stir and filtered and studied and still came up with Retired U.S. Navy Rear Admiral Robert C. "Willie" Williamson.

Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White House Blog, at the moment that the President was speaking, I also noticed something very interesting, “Why would Raytheon remove Rear Admiral Williamson’s distinguished service Bio from the corporate website?” Will Raytheon be doing an executive search for a new VP of International Programs? (Just imagine job search skills would include: “Successful candidate should possess Tsar like qualities and drive for advancement.)

It just seems to me that if one studies the subtle, nuance moves which Washington perfected and patented it would seems that Willie is the pick. That is just my personal opinion and random thinking.

IceRocket Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

Technorati Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

LiveJournal Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

del.icio.us Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

43 Things Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

BuzzNet Tags: 2009,DHS,Economy,Government,hackers,Hathaway,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,ISR,"Kevin M Nixon",Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Senate,software,White House,zero day attack

Washington is Whispering

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Sat, 30 May 2009 03:41:00 +0000

Speculation, Rumors and Whispers - Who could become the Cyber Tsar

Got to thinking about all of the speculation, rumors and whispers, circulating around Washington DC tonight about who is on the short list with Tsar-like skills.

First, disregard all of the qualifications, in-depth security knowledge etc. that are on the typical everyday run of the mill Tsar Job Postings.

Programs with companies located in Washington State. And certainly someone with former responsibility for sales, business development, and the capture/proposal process for public sector opportunities. Consider also, someone with experience developing a company's Network Centric Systems, for Military Integration and Transformation. After all of those additional qualifications, perhaps someone currently in the private sector with very close government ties.

Add all of those ingredients together, stir and filter. One name comes to pops to the top of the list. Wonder if Retired U.S. Navy Rear Admiral Robert C. "Willie" Williamson is considering his time with Raytheon might be limited. That is just my personal opinion and random thinking.

Technorati Tags: 2009,access,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DHS,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Hathaway 60-Day Report,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,News,NSC,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Security Our Digital Future,Senate,software,System,systems,testimony,third party,USSS,v,valuation,vendors,White House,zero day attack

del.icio.us Tags: 2009,access,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DHS,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Hathaway 60-Day Report,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,News,NSC,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Security Our Digital Future,Senate,software,System,systems,testimony,third party,USSS,v,valuation,vendors,White House,zero day attack

IceRocket Tags: 2009,access,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DHS,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Hathaway 60-Day Report,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,News,NSC,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Security Our Digital Future,Senate,software,System,systems,testimony,third party,USSS,v,valuation,vendors,White House,zero day attack

BuzzNet Tags: 2009,access,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,DHS,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,governance,Government,hackers,Hathaway 60-Day Report,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Larry Carter,law,legal,liability,malware,management,Melissa Hathaway,misuse,national security,News,NSC,Obama,outsourcing,press release,privacy rights,protocol,regulations,regulatory,risk,Security,Security Our Digital Future,Senate,software,System,systems,testimony,third party,USSS,v,valuation,vendors,White House,zero day attack

Is she or isn’t she – America’s New Cybersecurity Tsarina?

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Fri, 29 May 2009 23:49:00 +0000

Information Security Resources staff had received an advance copy of the official White House Press Release (05/29/2009) and was all ears today during President Obama’s East Room remarks on the highly anticipated and long awaited release of the “Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure”. The report has become known as “The Hathaway 60-Day Report” in “homage” to Melissa Hathaway, the person President Obama picked as “Acting Senior Director for Cyberspace of the National Security Council (NSC) and the Homeland Security Council (HSC)”. Not only did the President bestow a title too long to technically print on a normal sized business card, also he gave her a the shortest runway I have ever seen to assemble recommendations, gain consensus, and publish a report for the Chief Executive. Just pulling together all agencies, departments, stove-piped information while overcoming all the turf battles can only be likened to attempting a huge worm wrestle.

Ms Hathaway accomplished the task and delivered the goods and so everyone anticipated that the President would recognize her “get it done” work ethic and also announce from the East Room today, her appointment as America’s Cybersecurity Tsarina. However, everyone holding their breath in the East Room today probably passed out from lack of oxygen. The President was blatantly and conspicuously silent on his appointment.

The President’s silence left everyone wondering “does she or doesn’t she” and left reports attempting to find any hints of the President’s plan. ISR think that we may be on to something. As POTUS stepped in front of the gathered experts, somewhere in the back offices of the White House there was a shadowy figure hunkered over a keyboard waiting for the exact moment to press enter and publish an article on the White House Blog. Could that person have even been sitting in the East Room audience with the President holding onto her three Blackberry devices just waiting for President Obama to give the secret word or phrase to “press the send” button?

We may never know, but President Obama did acknowledge Melissa Hathaway at about the same time that an article by her was posted on the White House Blog. What is noticeable is in Ms Hathaway’s article is her title in the article’s by-line. Gone is “Melissa Hathaway, Acting Senior Director for Cyberspace of the National Security Council (NSC) and the Homeland Security Council (HSC)”. The new by-line reads: Melissa Hathaway, Cybersecurity Chief at the National Security Council.

Which still leaves us wondering and waiting? Is the White House making new robes as the Catholic church does when a new Pope is elected or has Ms Hathaway been appointed “Camerlingo” (1^st runner up in a papal contest). Guess we will just have to wait. Melissa Hathaway’s Blog post “Security Our Digital Future” is re-published on the ISR website.

Securing Our Digital Future

Melissa Hathaway, Cybersecurity Chief at the National Security Council, discusses securing our nation's digital future:

Published: FRI, MAY 29, 10:00 AM EST -- The White House Blog

The globally-interconnected digital information and communications infrastructure known as cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security. The United States is one of the global leaders on embedding technology into our daily lives and this technology adoption has transformed the global economy and connected people in ways never imagined. My boys are 8 and 9 and use the Internet daily to do homework, blog with their friends and teacher, and email their mom; it is second nature to them. My mom and dad can read the newspapers about their daughter on-line and can reach me anywhere in the world from their cell phone to mine. And people all over the world can post and watch videos and read our blogs within minutes of completion. I can’t imagine my world without this connectivity and I would bet that you cannot either. Now consider that the same networks that provide this connectively also increasingly help control our critical infrastructure. These networks deliver power and water to our households and businesses, they enable us to access our bank accounts from almost any city in the world, and they are transforming the way our doctors provide healthcare. For all of these reasons, we need a safe Internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future.

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law. The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future. There are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision. During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations. As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals. It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues.

We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced. We have garnered great momentum in the last few months, and the vision developed in our review is based on the important input we received from industry, academia, the civil liberties and privacy communities, others in the Executive Branch, State governments, Congress, and our international partners. We now have a strong and common view of what is needed to achieve change. Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.

Technorati Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

LiveJournal Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

del.icio.us Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

IceRocket Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

BuzzNet Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

THE WHITE HOUSE - Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure

noreply@blogger.com (Kevin M Nixon (aka, Sandman)) — Fri, 29 May 2009 23:47:00 +0000

Office of the Press Secretary
_____________________________________________
FOR IMMEDIATE RELEASE May 29, 2009

Below is a fact sheet and list of expected attendees at today’s event:

FACT SHEET
In February 2009, President Obama directed the National Security Council (NSC) and Homeland Security Council to conduct a 60-day review of the plans, programs, and activities underway throughout government that address our communications and information infrastructure (i.e., "cyberspace"), in order to develop a strategic framework to ensure that the U.S. government’s initiatives in this area are appropriately integrated, resourced, and coordinated.

Threats to the information and communications infrastructure pose one of the most serious economic and national security challenges of the 21st Century for the United States and our allies. In this environment, the status quo is no longer acceptable, and a national dialogue on cybersecurity must begin today. The U.S. Government cannot succeed in securing cyberspace in isolation, but it also cannot entirely delegate or abrogate its role in securing the Nation from a cyber incident or accident. Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of global democratic institutions requires working with individuals, academia, industry, and governments. We must make cybersecurity a national priority and lead from the White House.

The review team’s report to the President contains five main chapters, outlined below, and includes a near-term action plan for U.S. Government activities to strengthen cybersecurity.

       (U) Chapter I: Leading from the Top – Makes the case for strengthening cybersecurity    leadership for the United States through 1) the establishment of a Presidential cybersecurity policy official and supporting structures, 2) reviewing laws and policies, and 3) strengthening cybersecurity leadership and accountability at federal, state, local, and tribal levels.
       (U) Chapter II: Building Capacity for a Digital Nation – Advocates a national dialogue on cybersecurity to increase public awareness of the threats and risks and how to reduce them. Outlines the need for increased education efforts at all levels to ensure a technologically advanced workforce in cybersecurity and related areas, similar to the United States’ focus on mathematics and science education in the 1960s. Identifies the need to expand and improve the federal information technology workforce and for the Federal government to facilitate programs and information sharing on cybersecurity threats, vulnerabilities, and effective practices across all levels of government and industry.
        (U) Chapter III: Sharing Responsibility for Cybersecurity – Discusses the need for improving and expanding partnerships between the Federal government and both the private sector and key U.S. allies.
        (U) Chapter IV: Creating Effective Information Sharing and Incident Response – The United States needs a comprehensive framework to facilitate coordinated responses by government, the private sector, and allies to a significant cyber incident. This chapter explores elements of such a framework and suggests enhancements to information sharing mechanisms to improve incident response capabilities.
        (U) Chapter V: Encouraging Innovation – The chapter addresses ways for the United States to harness the benefits of innovation to address cybersecurity concerns, including work with the private sector to define performance and security objectives for future infrastructure, linking research and development to infrastructure development and expanding coordination of government, industry, and academic research efforts. It also addresses supply chain security and national security / emergency preparedness telecommunications efforts.

Expected attendees at today’s East Room event:

Secretary Steven Chu, Department of Energy
Secretary Janet Napolitano, Department of Homeland Security
General James Jones, National Security Advisor
Deputy Secretary William Lynn, Department of Defense
Deputy Secretary Neal Wolin, Department of Treasury
Lawrence Summers, Director of the National Economic Council
Lynne Osmus, Acting Administrator of the Federal Aviation Administration
Jon Wellinghoff, Chairman of the Federal Energy Regulatory Commission
Michael Copps, Acting Chairman of the Federal Communications Commission
Jon Leibowitz, Chair of the Federal Trade Commission
James Cartwright, Vice Chairman of the Joint Chiefs of Staff
Robert Mueller, Director of the Federal Bureau of Investigation
John P. Holdren, Director of the Office of Science and Technology
John Kimmons, Lieutenant-general, Director of National Intelligence Office
John O. Brennan, Assistant to the President for Homeland Security and Counterterrorism
Maryland Governor Martin O’Malley, Chair of National Governors Association, Homeland Security Committee
Congressman Bart Gordon
Congressman Peter King
William Pelgrin, Chair of the Multi-State Information Sharing and Analysis Center
Heather Hogsett, National Governors Association, Director, Public Safety and Homeland Security Office of Federal Relations