Tuesday, November 21, 2017

Harvard seems to agree with me, my Computer Security students will be amazed or amused.
… In analyzing the top breaches over the past few years, it is clear that executives make a set of common mistakes, which is surprising given that so many companies, often led by otherwise effective leaders, fail to learn from the botched responses and mishandled situations of the companies that were breached before them.
Here are the missteps executives make time and again, and advice for avoiding these pitfalls:
Foot dragging
Poor customer service
Not being transparent
Failing to accept accountability




Suggests to me that it is possible to secure data and processes in the cloud.
Amazon launches new cloud storage service for U.S. spy agencies
Amazon’s cloud storage unit announced Monday that it is releasing a new service called the Amazon Web Services Secret Region, a cloud storage service designed to handle classified information for U.S. spy agencies.
The service will be provided to the intelligence community through an existing $600 million contract with U.S. intelligence agencies, which has made Amazon a dominant player in federal IT contracting.
… The announcement comes at a time when Amazon’s business and government customers are under intense scrutiny over whether they are storing data securely in the cloud. Amazon’s cloud-based folders – referred to as “buckets” – have been at the center of several high-profile security incidents in recent months, in which customers inadvertently left sensitive information on an Amazon server in an unprotected format.




Looking forward.
Trends in Technology and Digital Security
“Foreword – On September 14, 2017, the George Washington University Center for Cyber & Homeland Security (CCHS) convened a Symposium on Trends in Technology and Digital Security. Four panels addressed emerging threats and their implications for security policy, with a focus on digital infrastructure protection and anticipatory analysis. In addition, a featured speaker from abroad presented a country-specific case study. In a series of Issue Briefs, compiled herein, CCHS shares the findings and recommendations that emerged from the Symposium, primarily on a not-for-attribution basis. The subject and title of each Brief is as follows:
  • Methods of Analysis and the Utility of New Tools for Threat Forecasting
  • Artificial Intelligence for Cybersecurity: Technological and Ethical Implications
  • Space, Satellites, and Critical Infrastructure
  • Cybersecurity in the Financial Services Sector
  • Israel: The Making of a Cyber Power (Case Study)
This volume is produced in and reflective of the spirit of CCHS’s work, which is to address advanced technologies and emerging (“next generation”) cyber threats, from the standpoint of U.S. policy. CCHS functions as a network of networks, acting as a hub for upcoming companies, emerging technologists, and cutting-edge public policy.”




Note: this is no help in securing the election. Voting machines and the counting process are a whole other thing.
Belfer Center Cybersecurity Campaign Playbook
This Cybersecurity Campaign Playbook was written by a bipartisan team of experts in cybersecurity, politics, and law to provide simple, actionable ways of countering the growing cyber threat. Cyber adversaries don’t discriminate. Campaigns at all levels – not just presidential campaigns – have been hacked. You should assume you are a target. While the recommendations in this playbook apply universally, it is primarily intended for campaigns that don’t have the resources to hire professional cybersecurity staff. We offer basic building blocks to a cybersecurity risk mitigation strategy that people without technical training can implement (although we include some things which will require the help of an IT professional). These are baseline recommendations, not a comprehensive reference to achieve the highest level of security possible. We encourage all campaigns to enlist professional input from credentialed IT and cybersecurity professionals whenever possible…”




So you can’t be someone different (have a public persona) online? Ask yourself: How can they do this? What tools will they use?
Tyler Durden writes:
In perhaps the most intrusive move of social media platforms’ efforts signal as much virtue as possible and appease their potentially-regulating government overlords, Twitter has announced that it is cracking down on what it defines at hate-speech and not just by looking at its own site.
In what amounts to a major shift in Twitter policy, Mashable’s Kerry Flynn reports that the company announced on Friday that it will be monitoring user’s behavior “on and off the platform” and will suspend a user’s account if they affiliate with violent organizations, according to an update to Twitter’s Help Center on Friday.
Read more on ZeroHedge.




Basic economics, right?
Mexican heroin is flooding the US, and the Sinaloa cartel is steering the flow
… Mexican cartels' shift to producing heroin — as well as synthetic drugs like fentanyl — has been driven in part by loosening marijuana laws in the US, and the Sinaloa cartel appears to be the main player in a lucrative market.
… the value of marijuana had fallen considerably — from about $74 a kilo seven years ago to a little over $26 now — due to marijuana legalization in the US. Falling prices led many marijuana growers to shift to opium.




Better emails? Why not!
Have you made email work for you? Do you spend the time and effort to make emails look perfect and professional? There’s an art to it, but it’s not that difficult. Your reward will the response from the person you want an answer from.
...Email templates are freely available on the web. Borrow them and tweak them to your situation.
ProEmailwriter gives you a neat interface to select the right kind of email template and use them in your email. The dropdown menu gives you choices for Topic, Sub-Topic, and Tone. Copy the one you need and customize it to your situation.




For my students who read…
This Chrome Extension Helps You Find Books to Borrow
Library Extension is a free Chrome extension that will show you local library listings for the books that you viewing on Amazon, Google Books, Barnes & Noble, and other popular book retailer websites.
Library Extension currently shows listings from more than 4,000 public library databases in the United States, Canada, UK, New Zealand and Australia.
… One drawback to the extension is that you can only view results from one local library at a time.


No comments: