Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Federal Acquisition Regulation – Basic Safeguarding of Contractor Information Systems

Final Rule by the Defense Department, the General Services Administration, and the National Aeronautics and Space Administration on 05/16/2016 – “DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation (FAR) to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. The clause does not relieve the contractor of any other specific safeguarding requirement specified by Federal agencies and departments as it relates to covered contractor information systems generally or other Federal requirements for safeguarding Controlled Unclassified Information (CUI) as established by Executive Order (E.O.). Systems that contain classified information, or CUI such as personally identifiable information, require more than the basic level of protection.”

Cyberstates 2016 Report

“CompTIA’s 17th annual Cyberstates is the definitive source for state-by-state analysis of the U.S. information technology industry and the tech workforce. The report quantifies the size and scope of the tech sector and tech occupations across multiple vectors, while providing context with time-series trending, economic impact, average wages, business establishment analysis, IT jobs postings, careerContinue Reading

DHS IG Security Audit Security Identifies Workplace Violations

Information Technology Management Letter for the Office of Financial Management and Office of Chief Information Officer Components of the FY 2015 Department of Homeland Security Financial Statement Audit,May 6, 2016. “We recommend that OFM, in coordination with the DHS Chief Information Officer and Chief Financial Officer, make improvements to its financial management systems and associatedContinue Reading

IG Report – GSA Data Breach – 18F and Slack

MANAGEMENT ALERT REPORT: GSA Data Breach JE16-004 May 12, 2016 “During the course of an ongoing evaluation, the OIG Office of Inspections and Forensic Auditing identified an issue that warrants immediate attention. Due to authorizations enabled by GSA 18F staff, over 100 GSA Google Drives were reportedly accessible by users both inside and outside ofContinue Reading

FCW – OPM’s sensitive data on feds still not encrypted

Federal Computer Week, Adam Mazmania, May 13, 2016 – “More than a year after a hack of Office of Personnel Management systems compromised more than 22 million records, the agency has not been able to encrypt all the sensitive data on 4 million federal employees, including Social Security numbers. “There are still elements of OPMContinue Reading

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

“The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, finds that criminal attacks are the leading cause of half of all data breaches in healthcare.  Employee mistakes, third-party snafus, and stolen computer devices—are the root cause of the other half of data breaches. The study also found thatContinue Reading

Lack of Trust in Internet Privacy and Security May Deter Economic and Other Online Activities

National Telecommunications and Information Administration (NTIA): “Every day, billions of people around the world use the Internet to share ideas, conduct financial transactions, and keep in touch with family, friends, and colleagues. Users send and store personal medical data, business communications, and even intimate conversations over this global network. But for the Internet to growContinue Reading

Multiple data security breaches reported by FDIC

Washington Post: “In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers were breached by an employee leaving the agency. The breach occurred in February and was outlined in an internal FDIC memorandum obtained by The Washington Post. The March 18 memo from Lawrence Gross Jr.,Continue Reading

NIST Report on Post-Quantum Cryptography

NISTIR 8105 Report on Post- Quantum Cryptography. Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, Daniel Smith-Tone. Computer Security Division Applied and Computational Mathematics Division Information Technology Laboratory. This publication is available free of charge from: http://dx.doi.org/10.6028/NIST.IR.8105. April 2016 U.S. Department of Commerce. “In recent years, there has been a substantialContinue Reading

UK Gov – Password Guidance Simplifying Your Approach

UK Center for the Protection of National Infrastructure – Password Guidance Simplifying Your Approach – By simplifying your organisation’s approach to passwords, you can reduce the workload on users, lessen the support burden on IT departments, and combat the false sense of security that unnecessarily complex passwords can encourage. “Passwords are an essential part ofContinue Reading

Judicial Conference Committee seeks to implement wider law enforcement surveillance

Follow up to Supreme Court expands surveillance powers of intelligence agency via EFF – With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government – The government hacking into phones and seizing computers remotely? It’s not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committeeContinue Reading

2016 Data Breach Investigations Report

Via Verizon: “For the ninth time, the 2016 Data Breach Investigations Report (DBIR) lifts the lid on what’s really happening in cybersecurity. The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and governmentContinue Reading