Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Enterprise Risk Management: Selected Agencies’ Experiences Illustrate Good Practices in Managing Risk

Enterprise Risk Management: Selected Agencies’ Experiences Illustrate Good Practices in Managing Risk, GAO-17-63: Published: Dec 1, 2016. Publicly Released: Dec 1, 2016.
“Federal managers often handle complex and risky missions, such as preparing for and responding to natural disasters, and building and managing safe transportation systems. While it is not possible to eliminate all uncertainties in these types of projects, there are strategies that can help plan and manage them. One such strategy is Enterprise Risk Management. It provides ways to better anticipate and manage risk across an agency. Our enterprise risk management framework has 6 essential elements to consider when implementing ERM, as shown below. We also identified good practices, as well as examples from federal agencies that are using ERM.”

IRS IG – Improvements Are Needed to Ensure the Protection of Data the IRS Transfers to External Partners

“When the Internal Revenue Service (IRS) has shared data, including Personally Identifiable Information, taxpayer information, and other sensitive data, with external entities, it has not always adequately protected the data through secure file transfer technology, according to an audit report that the Treasury Inspector General for Tax Administration (TIGTA) released today. The IRS shares data… Continue Reading

Report – IBM and Ponemon Study Reveals Organizations Remain Unprepared to Respond to Cyberattacks

PRNewswire – “Resilient, an IBM Company and the Ponemon Institute unveiled the results of the annual Cyber Resilient Organization study, which found that only 32 percent of IT and security professionals say their organization has a high level of Cyber Resilience – down slightly from 35 percent in 2015. The 2016 study also found that… Continue Reading

European Commission target of DDoS attack

Via Politico: “This afternoon, the European Commission was subject to a cyberattack (denial of service) which resulted in the saturation of our Internet connection.” Continue Reading

Audit of OPM Security Systems Shows Continued Material Weakness

OPM IG Federal Information Security Modernization Act Audit – FY 2016: “This audit report again communicates a material weakness related to OPM’s Security Assessment and Authorization (Authorization) program. In April 2015, the then Chief Information Officer issued a memorandum that granted an extension of the previous Authorizations for all systems whose Authorization had already expired,… Continue Reading

Enhanced Cyber Risk Management Standards: Advanced Notice of Proposed Rulemaking

“The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) are inviting comment on an advance notice of proposed rulemaking (ANPR) regarding enhanced cyber risk management standards (enhanced standards) for large and interconnected entities under their supervision. The agencies… Continue Reading

Accenture Survey – One in Three Cyberattacks Result in a Security Breach

“A new security survey from Accenture finds that in the past twelve months, roughly one in three targeted attacks resulted in an actual security breach, which equates to two to three effective attacks per month for the average company. Still, a majority of security executives (75 percent) surveyed are confident in their ability to protect… Continue Reading

Check if you have an account that has been compromised in a data breach

“This site [have i been pwned] came about after what at the time, was the largest ever single breach of customer accounts — Adobe. [Troy Hunt, a Microsoft Regional Director] often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then… Continue Reading

Paper – Learning to Protect Communications with Adversarial Neural Cryptography

Learning to Protect Communications with Adversarial Neural Cryptography, Martın Abadi and David G. Andersen – Google Brain. 21 October 2016. “We ask whether neural networks can learn to use secret keys to protect information from other neural networks. Specifically, we focus on ensuring confidentiality properties in a multiagent system, and we specify those properties in… Continue Reading

FCC Adopts Broadband Consumer Privacy Rules

“WASHINGTON, October 27, 2016 – The Federal Communications Commission today adopted rules that require broadband Internet Service Providers (ISPs) to protect the privacy of their customers. The rules ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs. The rules implement the privacy requirements of Section… Continue Reading

What to Do When You Suspect a Data Breach: FTC Issues Video and Guide for Businesses

“If your business has experienced a data breach, you are probably wondering what to do next. The Federal Trade Commission’s new Data Breach Response: A Guide for Business, an accompanying video and business blog can help you figure out what steps to take and whom to contact. Among the key steps are securing physical areas,… Continue Reading