Tag Archives: security

NY regulation aims to raise bank security standards

Next week, New York State will begin a 45-day public comment period on its new financial industry cybersecurity regulation — and, so far, security experts have a favorable view of the proposal.

Under the new regulations, banks and insurance companies doing business in New York State will need to establish a cybersecurity program, appoint a Chief Information Security Officer and monitor the cybersecurity policies of their business partners.

According to New York Gov. Andrew Cuomo, this is the first such regulation in the country. “This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible,” he said in a statement.

To read this article in full or to leave a comment, please click here


All articles

9 data security tips for cloud migration

New security challenges

New security challenges

Image by Les Haines

When migrating to a cloud-based environment, companies need to take a hard look at their needs and the security of their providers, as well as their own internal policies. Many companies don’t take time to consider the risks of simply sharing cloud space with other organizations, for example, or how to match cloud security policies to those of the data center.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing


All articles

Google is giving a big boost to Gmail security

Googlehead1

Feed-twFeed-fb

Google is amping up security and protections for Gmail users, giving people a more noticeable warning if there’s a chance the government is trying to steal their password, giving warnings for dangerous links and proposing a more secure email-sending standard.

Google announced on its blog that it is expanding upon Safe Browsing to alert Gmail users about the possibility of suspicious government activity. Since 2012, Google has put a banner on top of users’ Gmail pages that had a warning about state-sponsored attackers if Google believed they were in danger, but starting today people will get a full-page warning about it — very hard to miss. Read more…

More about Google, Security, Gmail, Tech, and Apps Software


All articles


All articles

NSA director just admitted that government copies of encryption keys are a big security risk

NSA chief Michael S. Rogers speaks at Fort Meade.

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Screen Shot 2015-09-24 at 2.06.46 PMWyden:  “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Screen Shot 2015-09-24 at 2.07.12 PMRogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

From VentureBeat

Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $ 300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.



All articles

IDG Contributor Network: IoT security will soon be common in the enterprise, Gartner says

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.

Dedicated digital security services that are committed to “protecting business initiatives using devices and services in the Internet of Things” will be in place by then, the research and advisory company says.

Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.

‘Reshape IT’

“The IoT redefines security,” Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.

To read this article in full or to leave a comment, please click here


All articles

Are your biggest security threats on the inside?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own. 

At least that is the conclusion of IT security analyst John McAfee, who noted recently “yes, it is true. Ashley Madison was not hacked – the data was stolen by a woman operating on her own who worked for Avid Life Media.” 

If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches. 

To read this article in full or to leave a comment, please click here


All articles