Information Sharing in Cybersecurity
Last week General Keith Alexander, the Chief of the NSA and Commander of USCYBERCOM addressed the criticality of information sharing as it relates to cybersecurity.
In the pre-9/11 days intelligence agencies were denied the ability to share information on cases they were working. This obviously caused much unnecessary duplication of effort and missed opportunities in prevention and investigating crimes.
General Alexander is calling for the public and private sectors to work together for the common good of cybersecurity in the United States.
Balancing privacy and sharing information to protect the country may be a delicate issue, but Alexander says "we can do both".
Alexander also went on to say that President Obama's recent Executive Order is a step in the right direction to get critical information sharing rolling.
Here is a link to an article on the EO:
http://www.darkreading.com/advanced-threats/167901091/security/news/240150081/white-house-cybersecurity-czar-new-executive-order-a-down-payment.html
And here is the link to the original article:
http://www.darkreading.com/threat-intelligence/167901121/security/news/240151955/nsa-director-information-sharing-critical-to-u-s-cybersecurity.html
That's it for this week--enjoy!
Sunday, March 31, 2013
Saturday, March 23, 2013
Credible Sources of Computer Threat, Vulnerability, Update Data and Security News
In any business, it is important to keep up with news and changes in the business environment, technology, etc. In the IT security realm, it is imperative. It is a near impossible task to keep one step ahead of potential evil-doers in the IT world. This week, I'll address some sources I have identified as reliable for IT-related threats, news, etc.
1. Vendor sites should be near the top of any IT professional's list of go-to sites to keep informed. Clearly, it is in the best interest of a vendor to keep their customers informed of any security related issues with their products. Then, it follows that the vendor should also provide guidance on mitigation.
As an example of this, I am a DNS administrator. The security checklists I follow require me to subscribe to ISC's bind-announce mail list. This ensures that I am informed whenever ISC finds issues with their BIND packages.
2. US-CERT. The US Computer Emergency Readiness Team has a great site full of security information for business, government and home users. The Security Publication section is a great resource fur users at any level.
US Cert Link: http://www.us-cert.gov/
US-CERT maintains a threat alert list with threat descriptions, reference data and solutions.
US-CERT (Alerts) Link: http://www.us-cert.gov/ncas/alerts
3. Symantec.com. Symantec is a reliable name in the IT security business. They maintain a great listing of threats, risks and vulnerabilities. The non-Symantec vulnerabilities are actually linked to another site--Security Focus that has a searchable database with descriptions and recommended fixes.
Symantec (Vulnerabilities) Link:
http://www.symantec.com/security_response/landing/vulnerabilities.jsp
4. Security Week. Is an online security related publication providing news and articles related to computer security. This week, in the INFOSEC Island is a very interesting article "Sun Tzu and the Art of Cyber-War" by Krypt3ia: http://www.infosecisland.com/blogview/22989-Sun-Tzu-and-the-Art-of-Cyber-War.html
Link to Security Week: http://www.securityweek.com/
Well, that will wrap it up this for this week--stay secure out there!
In any business, it is important to keep up with news and changes in the business environment, technology, etc. In the IT security realm, it is imperative. It is a near impossible task to keep one step ahead of potential evil-doers in the IT world. This week, I'll address some sources I have identified as reliable for IT-related threats, news, etc.
1. Vendor sites should be near the top of any IT professional's list of go-to sites to keep informed. Clearly, it is in the best interest of a vendor to keep their customers informed of any security related issues with their products. Then, it follows that the vendor should also provide guidance on mitigation.
As an example of this, I am a DNS administrator. The security checklists I follow require me to subscribe to ISC's bind-announce mail list. This ensures that I am informed whenever ISC finds issues with their BIND packages.
2. US-CERT. The US Computer Emergency Readiness Team has a great site full of security information for business, government and home users. The Security Publication section is a great resource fur users at any level.
US Cert Link: http://www.us-cert.gov/
US-CERT maintains a threat alert list with threat descriptions, reference data and solutions.
US-CERT (Alerts) Link: http://www.us-cert.gov/ncas/alerts
3. Symantec.com. Symantec is a reliable name in the IT security business. They maintain a great listing of threats, risks and vulnerabilities. The non-Symantec vulnerabilities are actually linked to another site--Security Focus that has a searchable database with descriptions and recommended fixes.
Symantec (Vulnerabilities) Link:
http://www.symantec.com/security_response/landing/vulnerabilities.jsp
4. Security Week. Is an online security related publication providing news and articles related to computer security. This week, in the INFOSEC Island is a very interesting article "Sun Tzu and the Art of Cyber-War" by Krypt3ia: http://www.infosecisland.com/blogview/22989-Sun-Tzu-and-the-Art-of-Cyber-War.html
Link to Security Week: http://www.securityweek.com/
Well, that will wrap it up this for this week--stay secure out there!
Sunday, March 17, 2013
So, for my first post, I was checking out cyber security news and came across a link to Homeland Security News Wire:
http://www.homelandsecuritynewswire.com/topics/cybersecurity
The leading article about Google and privacy seemed interesting--if somewhat old news. What I found more interesting was the number of articles talking about China and cyber attacks originating from China.
This becomes more interesting when you consider the Chinese government recently decreed that all new homes built in the country must have fiber optic connectivity. Could this be an infrastructure build up for a future cyber war?
http://usa.chinadaily.com.cn/business/2013-01/09/content_16099801.htm
That will do it for this week. I'll be back with more security tidbits next week...
http://www.homelandsecuritynewswire.com/topics/cybersecurity
The leading article about Google and privacy seemed interesting--if somewhat old news. What I found more interesting was the number of articles talking about China and cyber attacks originating from China.
This becomes more interesting when you consider the Chinese government recently decreed that all new homes built in the country must have fiber optic connectivity. Could this be an infrastructure build up for a future cyber war?
http://usa.chinadaily.com.cn/business/2013-01/09/content_16099801.htm
That will do it for this week. I'll be back with more security tidbits next week...
Subscribe to:
Posts (Atom)