By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance, School Safety

On June 12, 2009, New York State Attorney General Andrew Cuomo issued a letter informing every college and university in New York State, that underreporting crime statistics violates state law.  In a landmark case, AG Cuomo required Dominican College to reform their current system of reporting on-campus crimes, as well as pay $20,000 to New York State. The federal Jeanne Clery Act requires colleges and universities to disclose campus security policies, as well as three years worth of crime statistics to current and prospective students.  A complaint was filed against Dominican College following an on-campus sexual assault which led to an investigation revealing that DominicanRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

There seems to be a real transformation taking place across all industries…lower turnouts at trade shows and conferences and cutbacks with training.  With trade shows and conferences, I am seeing more and more discounts being offered to attract attendees and some trade shows and conferences are even offing reduced rates on hotel rooms. With training, I am seeing cutbacks within companies paying for training and I am seeing cutbacks by companies that deliver training services. The economic downturn and budget cuts are playing a big part in whether or not organizations can afford to send their employees to trade shows and conferences or pay forRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

Step 10 is: Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation. Step 10 is definitely needed.  Step 10 mentions privacy which is generally more about collection and dissemination of sensitive and personally identifiable information (PII) than securing or protecting sensitive information.  Privacy is generally more about People and Processes and security is generally more about Technology; however I think President Obama is smart to mention the need to build an identity management vision and strategy that addresses privacy and civil liberties. I have to say….I am surprised that President Obama has notRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Step 9 of President Obama’s 10-point action plan is: In collaboration with other Executive Office of the President entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions. I love the sound of Step 9!  It is like a great pre-game speech from a well respected coach talking about game-changing strategies and teamwork and relying and trusting each teammate to do their part in their goal to winRead More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance

Step 8 of President Obama’s 10-point action plan is: Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement. Keywords in Step 8 include: Prepare, Initiate, Dialog, Partnership, Streamlining, Aligning, Optimize. Preparing an incident response plan is a great idea and can play a critical role in the success of a cybersecurity action plan, however a lot organizations have incident response plans that are not producing much if any feedback.   Why are traditional response plans not working? Problems with traditional incident response plans lack anonymity on theRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

A CNN article recently caught my attention regarding a new study by antivirus software company McAfee that identified the most dangerous Internet search terms that can lead users (your employees, vendors, contractors, business partners, etc.) to web pages with a higher likelihood of cyber attacks. The study examined more than 2500 popular keywords on five major search engines – Google, Yahoo, Live, AOL and Ask – and analyzed 413,000 web pages.  The categories that had highest risk of leading to malware infested web sites included: screen savers, free games, work from home, Olympics, videos, celebrities, music and news.  The riskiest terms included: word unscramble, lyrics,Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Lessons Learned continue to identify new and changing threats, but are organizational managers helping their organization’s personnel keep up with ongoing awareness or are they falling farther and farther behind? For example, a recent article highlighted an attack that hit Twitter and may be one of the first time hackers to use the micro-blogging site for profit.  So why do hackers love social networking? Because unaware users (Boards, management, employees, vendors, contractors, consultants, business partners, etc.) will click on interesting links to things like “Best Video” or “Funniest Video” and unknowingly end up on a Russian domain that serves up malware or other exploits thatRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Risk Management

Step 7 is: Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity. Wow…this is a very complex step when you consider the Cyberspace Policy Review described cybersecurity policy as: cybersecurity policy as used in this document includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missionsRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

As May ended, the percentage of SPAM and junk mail jumped to 90.4 percent of e-mail.  Are your people aware and prepared to avoid and prevent risks and threats associated with SPAM? To make matters worse, the spamming techniques are successful because the e-mails are being sent from valid accounts hosted by the social-networking sites and not being spoofed.  And because the e-mails are coming from valid accounts, technology devices checking the validity of e-mail headers are ineffective as a countermeasure.  In many cases, the junk mail contains only a subject line and a hyperlink and many times the links led to social-networking site profiles. Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Step 6 of President Obama’s Cybersecurity plan is a great idea and it states: Step 6 – Initiate a national public awareness and education campaign to promote cybersecurity. Lessons Learned from national public awareness and education campaigns show that they can work very well with “simple and straightforward” issues such as drunk driving, seat-belts or forest fires.  For example, most of us have heard of “over the limit, under arrest” or “click-it or ticket” or “only you can prevent forest fires”.  But cybersecurity is not “simple and straightforward”. Lessons Learned, experts and reports unanimously agree that cybersecurity related attacks are becoming more and more sophisticatedRead More →