Weblink Items (50)
Dyman Associates Risk Management review: Manufacturers Should Upgrade Practices
Study: Manufacturers Should Upgrade Risk Management Practices
A new report from Deloitte and the Manufacturers Alliance for Productivity and Innovation recommends that manufacturers convert their risk management practices to "an ongoing conversation rather than a periodic presentation."
The study, titled "Understanding Risk Assessment Practices at Manufacturing Companies," said the evolution of technology within the manufacturing sector presents vulnerabilities as well as opportunities, and that new threats can strike with unprecedented speed.
The report argued companies should improve their use of technology in risk management, consider increasing the frequency of assessments and embed those practices within all levels of company operations.
"In short, risk assessment and management techniques should advance at a rate equal to or greater than the underlying business," the report said.
Companies surveyed by Deloitte and MAPI identified cyber security as the biggest IT risk three years from now, with product design and development innovation as the top business risk over that span. The report said companies should utilize cyber security controls, but that they should also increase their insight into potential threats and how to appropriately respond to them.
They study also noted that 93 percent of companies indicated oversight of their risk management rested with the full board or an audit committee, and suggested that "given the rising complexity facing most manufacturing organizations ... it may be time to give risk management a clear subcommittee."
The involvement of a committee, meanwhile, could result in such panels becoming increasingly involved in day-to-day operations. The report called for a "proper executive champion" for that role, potentially including the creation of a chief risk officer.
Improved risk management and audit practices, meanwhile, could also help create a more resilient supply chain, as well as improve employee recruitment and retention amid ongoing concerns about a manufacturing skills gap.
Although improving risk management practices wouldn't dramatically alter a company’s bottom line, the report said the potential benefit to competitive advantages and shareholder confidence "will naturally make its way into earnings."
"Organizations should establish a risk assessment program that fits into its unique culture and risks," said MAPI deputy general counsel Les Miller. "Since change is constant and can occur suddenly, ongoing efforts to enhance the sophistication and variety of risk assessment techniques are needed."
The study conducted an online poll of 68 members of MAPI's Internal Audit and Risk Management Councils in June of 2014. The respondents ranged from less than $1 billion in annual revenue to more than $25 billion; the majority ranged between $1 billion and $10 billion.
Dyman Associates Project: The Unfolding Role of Risk Managers
Melissa Sexton, CFA is the head of Product and Investment Risk for Morgan Stanley MS -0.48% Wealth Management. Prior to this, she spent nearly a decade serving as Chief Risk Officer at two different hedge funds in New York. Most of Melissa’s 25 years of experience has been in a variety of risk management roles, though she has also traded derivatives and worked in operations, and has continuously worked on projects which integrate risk management with information technology. Ms. Sexton is a member of PRMIA New York’s steering committee, received a BA in Mathematics and Economics from Boston University, and was awarded her CFA charter in 2001.
Christopher Skroupa: You started your career in risk management in the 1990s, a decade notable for rapid changes in information technology combined with extraordinary growth and development of financial products. How have these changes affected the risk management function over your career?
Melissa Sexton: The changes have been significant and continue to be. When I started in the field, the most sophisticated financial instrument was an exchange-traded option – a standardized product with fully transparent pricing and contract terms. Software for standardized products can be commoditized and developed fairly quickly, but products with multiple triggers and non-standard underlyings meant that technology and risk models needed to be flexible and much more complex.
Dyman & Associates Risk Management Projects: New Chip can Turn Smartphone into 3D Scanner
With 3D printers all but widely-known now, it only remains to have an accurate and portable 3D scanner to practically produce anything on-the-go. The current 3D scanners are all bulky and very expensive but we may soon have that functionality installed in our smartphones.
A team of CalTech researchers led by Ali Hajimiri has designed a small camera chip that can enable a smartphone to do an accurate 3D scan of an object.
The tiny silicon chip called nanophotonic coherent imager (NCI) only measures one millimeter square and can conveniently be placed within smartphones. It uses a type of Light Detection and Ranging (LIDAR) technology in capturing an item's width, depth and height. Basically, a laser is shined on the object so the light waves that bounce off of it can serve as guide for the imager when capturing the measurement data.
The technology used on the chip is further explained by Caltech:
"Such high-res images and data provided by the NCI are made possible because of an optical concept known as 'coherence'. If two light waves are coherent, the waves have the same frequency, and the peaks and troughs of light waves are exactly aligned with one another. In the NCI, the object is illuminated with this coherent light. The light that is reflected off of the object is then picked up by on-chip detectors, called grating couplers, that serve as 'pixels', as the light detected from each coupler represents one pixel on the 3-D image."
According to Dyman & Associates Risk Management Projects, LIDAR technology is commonly used in self-driving cars, robots and precision missile systems due to its effectiveness in identifying locations and objects. Although the concept of LIDAR is not that new, their idea of having "an array of tiny LIDARs on our coherent imager can simultaneously image different parts of an object without the need for any mechanical movement" is a novel one.
Basically, every pixel on the sensor can separately assess the intensity, frequency and phase of the reflected waves, thereby creating a piece of 3D information. The combination of all those pieces of 3D data from all the pixels results in the full 3D scan.
Caltech's concept allows for the development of a tiny and relatively cheap scanner without sacrificing the accuracy. Dyman & Associates Risk Management Projects reported that the new chip can create scans that closely resemble the original within microns.
At present, the prototype Caltech has made only has 16 pixels on it, just enough to scan small objects such as coins, but they are reportedly working on scaling it up to thousands of pixels.
Dyman & Associates Risk Management Projects: 10M Passwords Publicized For Research
We've all heard of this before: a hacker releasing a certain number of passwords and usernames, presumably just for the lulz. But this time, we're talking about 10 million records posted by no less than a security specialist himself.
Security expert Mark Burnett has published 10 million sets of usernames and passwords online in an effort to equip the security sector with more information, while also getting himself potentially tagged as a criminal.
He clarified that his release of the username-password list is solely for white-hat purposes -- to aid research in making login authentications more effective and fraud-proof. Burnett insisted that he does not intend to help facilitate any illegal activity or defraud people by his actions.
"I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us," he said in his post.
Leaking a massive amount of user data into the wild certainly does not sound like great help for most people but for security professionals, it's an important tool for research. For instance, how else would they know that online users are generally bad at choosing passwords?
In his post, he shared that he would often get requests for his password data from researchers but he would just decline them before. But since he also know its importance, he decided to publish a clean data set for the public.
"A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."
To be fair, Dyman & Associates Risk Management Projects confirms that analyzing a username-password set seems to be more helpful for the security researchers.
According to him, it was by no means an easy decision but he eventually posted it after weighing down a number of factors. And though Burnett said he believes most of the data are already expired and unused, the domain part of the logins and any keyword that could link it to a certain site were still removed to make it difficult for those with criminal intent.
Besides, Dyman & Associates Risk Management Projects experts agreed with him in saying that if a hacker would need such a list in order to attack someone, he's not going to be much of a threat.
Burnett has previously helped in collecting the recent list of worst passwords to alarm people into adopting better practices when it comes to their login credentials.
Lastly, he imparted the following warning for complacent users: "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords."
Dyman & Associates Risk Management Projects: 10M Passwords Publicized For Research
We've all heard of this before: a hacker releasing a certain number of passwords and usernames, presumably just for the lulz. But this time, we're talking about 10 million records posted by no less than a security specialist himself.
Security expert Mark Burnett has published 10 million sets of usernames and passwords online in an effort to equip the security sector with more information, while also getting himself potentially tagged as a criminal.
He clarified that his release of the username-password list is solely for white-hat purposes -- to aid research in making login authentications more effective and fraud-proof. Burnett insisted that he does not intend to help facilitate any illegal activity or defraud people by his actions.
"I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us," he said in his post.
Leaking a massive amount of user data into the wild certainly does not sound like great help for most people but for security professionals, it's an important tool for research. For instance, how else would they know that online users are generally bad at choosing passwords?
In his post, he shared that he would often get requests for his password data from researchers but he would just decline them before. But since he also know its importance, he decided to publish a clean data set for the public.
"A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."
To be fair, Dyman & Associates Risk Management Projects confirms that analyzing a username-password set seems to be more helpful for the security researchers.
According to him, it was by no means an easy decision but he eventually posted it after weighing down a number of factors. And though Burnett said he believes most of the data are already expired and unused, the domain part of the logins and any keyword that could link it to a certain site were still removed to make it difficult for those with criminal intent.
Besides, Dyman & Associates Risk Management Projects experts agreed with him in saying that if a hacker would need such a list in order to attack someone, he's not going to be much of a threat.
Burnett has previously helped in collecting the recent list of worst passwords to alarm people into adopting better practices when it comes to their login credentials.
Lastly, he imparted the following warning for complacent users: "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords."
Dyman & Associates Risk Management Projects: Boeing Black: the phone that 'self-destructs'
Another treat for sci-fi fans: a highly secure smartphone that 'self-destructs' is now being offered by BlackBerry and Boeing after 2 years of painstakingly developing the tech.
Well, it's not something that literally destroys itself or anything flashy like that -- it's more in the lines of scrubbing all data from the phone even when traces of tampering are detected. Does not sound too cool after all but you can be sure it does the work just fine.
Apparently, the phone dubbed as "Boeing Black" is capable of deleting all data it contains once it detects tampering or any attempt at disassembly. According to an expert from Dyman & Associates Risk Management Projects, "...any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable."
The Boeing-BlackBerry collaboration which was announced last week is a pretty good partnership considering the mobile company's leading role when it comes to security and privacy features.
The announcement came from BlackBerry's CEO John Chen. He said, "We're pleased to announce that Boeing is collaborating with BlackBerry to provide a secure mobile solution for Android devices utilizing our BES12 (BlackBerry Enterprise Service 12) platform."
Aside from the so-called "self-destruct" feature, there are other useful features added on Boeing Black like biometric scanners and encryption programs for a more secure line that prevents eavesdropping. Also, it has dual SIM capability, presumably to accommodate easier switching between commercial and government networks. It can even connect to satellites via a modular expansion port.
According to an update from Dyman & Associates Risk Management Projects, it is going to use BES12, a security platform usually dedicated for businesses. It is also reported to run on Android OS with encrypted storage and data transmission. This is definitely welcome news for governments as it makes it easier to keep tabs on their staff's communication lines.
As of yet, it is not known when the said phone will be available though Boeing has reportedly started providing some to prospective customers. And knowing that Boeing has been a long-time space, weapons and jet provider to the government, it's obviously offering it first to staff of the Department of Homeland Security or Pentagon.
Though BlackBerry and Boeing apparently built the phone mainly for government use, it's not far fetch to think that they could bring the same tech to the public. Why should you care? Well, it's quite obvious that smartphone security is a big issue so its users are always on the lookout for options to secure their data. And a phone that can self-destruct sounds just about right.
Dyman & Associates Risk Management Projects: Google Lease Navy Base for 60 Yrs
Google has secured the lease of a NASA airbase in San Francisco for 60 years, possibly to house their upcoming space-exploration vehicles and robotics research.
The agency's press release at Dyman & Associates Risk Management Projects indicated that the lease, which will cost the tech giant $ 1.16 billion, is for " research, development, assembly and testing in the areas of space exploration, aviation, rover/robotics and other emerging technologies".
NASA Administrator Chris Bolden said, "As NASA expands its presence in space, we are making strides to reduce our footprint here on Earth." He added that the agency wants "to invest taxpayer resources in scientific discovery, technology development and space exploration – not in maintaining infrastructure no longer needed."
According to the report, a real-estate offshoot of Google called Planetary Ventures will be managing the Moffett airbase and will take over the $200 million improvement to the site, which includes educational facilities to let the public "explore the site's legacy".
The 1,000 acres of airfield in the southern part of SF Bay include two runways, a golf course, office space, NASA's Ames research center and three hangars, one of which is the iconic Hangar One. It's expected that the agency will save around $6 million worth of operation and maintenance expenses per year because of the lease.
Hangar One is one of the biggest freestanding edifice which covers 8 acres and was constructed in the 1930s for US naval airships. In 1966, it was recognized as a US Naval Historical Monument but has recently been placed as an endangered historic place according to a Dyman & Associates Risk Management Projects' press release.
“GSA was proud to support NASA in delivering the best value to taxpayers while restoring this historic facility and enhancing the surrounding community," said Dan Tangherlini of the US General Services Administration.
The Moffett lease shouldn't really come as a surprise as it's practically just next to Googleplex HQ. In fact, it's already servicing private jets owned by the company's executives such as Sergey Brin, Larry Page and Eric Schmidt.
Both Brin and Page, the firm's co-founders, are evidently interested in space exploration and aviation as shown by their X Lab's Project Loon and Project Moonshot. Their company has also acquired satellite and robotics firms recently such as Meka Robotics and Redwood Robotics.
NASA and Google have also previously teamed up in 2005 when the latter made office at the agency's research facility and launch a new lab.
Dyman Associates Risk Management Review: 3 Ways to Make Your Outlook.com Account Safer
Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).
Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you're logged in, and selecting "Account settings".
1. Protect your password
Your first step should be to make sure your password is well chosen and not shared.
If you need to set a new one, visit the "Security & privacy" section of the Account settings page.
You'll then have to verify your account with a security code, which you can do by email or text.
At the top you'll see when your password was last changed, with an option to change it below.
Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.
Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.
These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.
2. Set up two-step verification
On the same screen you can also set up two-step verification.
Scroll down to the next section of the "Security & privacy" page.
When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.
Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.
Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.
If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.
When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.
Only check the box if you're on a machine you use regularly and know to be kept well-secured.
As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.
Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.
In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.
3. Check your settings
You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.
There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.
There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".
This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.
There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.
In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.
Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.
You should make sure any entries in here are expected and necessary.
Once you're done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.
Dyman Associates Risk Management Review: 3 Ways to Make Your Outlook.com Account Safer
Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).
Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you're logged in, and selecting "Account settings".
1. Protect your password
Your first step should be to make sure your password is well chosen and not shared.
If you need to set a new one, visit the "Security & privacy" section of the Account settings page.
You'll then have to verify your account with a security code, which you can do by email or text.
At the top you'll see when your password was last changed, with an option to change it below.
Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.
Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.
These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.
2. Set up two-step verification
On the same screen you can also set up two-step verification.
Scroll down to the next section of the "Security & privacy" page.
When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.
Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.
Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.
If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.
When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.
Only check the box if you're on a machine you use regularly and know to be kept well-secured.
As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.
Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.
In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.
3. Check your settings
You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.
There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.
There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".
This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.
There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.
In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.
Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.
You should make sure any entries in here are expected and necessary.
Once you're done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.
Dyman Associates Risk Management Review: Office 365 Getting Mobile Device Management, Security Boosts
Microsoft on Tuesday unveiled several upcoming Office 365 improvements, including mobile device management (MDM) and data loss protection (DLP) controls.
The announcements were made during the Day 1 keynote of the Microsoft TechEd Europe conference, taking place this week in Barcelona. Julia White, general manager of Microsoft Office, took the stage to demonstrate the ability to connect the cloud-based Azure Active Directory (AD) service with an on-premises Active Directory in "six clicks" during a setup process. With Azure AD in place, IT pros can have their security and auditing functions in one place, she said.
White also described the ability to edit policies for MDM. The policies get embedded into managed apps, such as Office for iPad apps, she said, and the capability will be "natively built into Windows 10." For instance, IT pros can set copy and paste restrictions on managed apps to protect company data.
White also talked about the coming DLP capabilities. With DLP, IT pros have access to Office 365 console reports, which show the rules that can be set up. They also show if users are trying to override the rules. If they are, IT pros can modify the policies to add additional restrictions, if wanted. For instance, restrictions can be set regarding the disclosure of credit card information. Alerts can be set up, as well. End users will get policy tips, so they will become aware of the policy restrictions set by IT.
These Office 365 capabilities are being rolling out at various times, but the target date seems to be the first quarter of next year.
Data Loss Prevention
Microsoft already has some DLP capabilities in its OneDrive for Business and SharePoint Online services, including an e-discovery capability. However, the capability to add policy restrictions that can block and restrict access to content will be rolled out in these apps "in the coming months," according to a Microsoft blog post on DLP.
The first app to get the new DLP controls will be Excel, followed by Word and PowerPoint. DLP will work "natively" in Office applications, Microsoft is promising, and the protection scheme will work at the file level, as well as for e-mail, document libraries or OneDrive for Business folders.
IT pros will have access to built-in DLP templates to add rules. They can review incident reports showing attempted policy overrides. Additional policy controls for Office 365, such as information rights management, will arrive in the first quarter of 2015.
File Classifications
Microsoft also plans to extend its file classification infrastructure capability of the Windows File Server to Exchange Online, OneDrive for Business and SharePoint Online, starting in the first quarter of 2015. Office documents can be classified using this scheme and policies can be set to avoid information disclosure.
OneDrive for Business and SharePoint Online also have "advanced encryption at rest," which is a capability that Microsoft calls "per-file encryption." Per-file encryption creates a key for every file stored. It also creates a new key for any variants of those files.
Mobile Device Management Capabilities
Microsoft is planning to roll out its new MDM capabilities for Office 365 in the first quarter of 2015. Some of these capabilities are being built into Office 365 management, but other capabilities will be available through Microsoft Intune.
A Microsoft MDM blog post outlined the following Office 365 MDM capabilities:
• Ability to set security policies for devices that connect to Office 365.
• Ability to set specific security policies for devices, such as "device level pin lock and jailbreak detection."
• Ability to set "selective wipe," which allows corporate data to be removed remotely, while retaining personal data on a device.
• Ability to have MDM management built "directly into productivity apps," which avoids having to set all-in-one management policies across apps.
• Ability to manage MDM policies through the Office 365 administration portal.
Microsoft is planning to add these new MDM capabilities to its Office 365 "Business, Enterprise, EDU and Government plans."
Microsoft Intune Enhancements
Microsoft Intune optionally will add other MDM capabilities for Office 365 users. It's not quite clear when those capabilities will be available, but Microsoft listed them as follows:
• Ability to restrict user actions, such as copy and paste, including the ability to set policies for line-of-business apps using the Microsoft Intune app wrapper.
• Ability to control the viewing of content via the "Managed Browser, PDF Viewer, AV Player and Image Viewer Apps."
• Ability to integrate Microsoft Intune with System Center 2012 Configuration Manager for a single-console MDM view.
• Ability to automatically provision enrolled devices, which will automate the deployment of "certificates, Wi-Fi, VPN and email profiles."
• Ability to bulk enroll corporate devices.
• Ability to provide end users with a "self-service Company Portal," which allows them to enroll their devices and install their own apps.
On top of that Office 365 news, veteran Microsoft reporter Mary Jo Foley has reported from the TechEd Europe event that Microsoft plans to release the next version of the Microsoft Office suite, which she called "Office 16 for Windows," in the "second half of 2015."
Dyman Associates Risk Management review: Experts Identify Easy Way to Improve Smartphone Security
Assigning risk scores to apps may slow down unwarranted access to personal information
October 28, 2014
What information is beaming from your mobile phone over various computer networks this very second without you being aware of it?
Experts say your contact lists, email messages, surfed webpages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission.
"Smartphones and tablets used by today's consumers include many kinds of sensitive information," says Ninghui Li, a professor of Computer Science at Purdue University in Indiana.
The apps downloaded to them can potentially track a user's locations, monitor his or her phone calls and even monitor the messages a user sends and receives--including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue.
Li, along with Robert Proctor and Luo Si, also professors at Purdue, lead a National Science Foundation (NSF)-funded project "User-Centric Risk Communication and Control on Mobile Devices," that investigates computer security. The work pays special attention to user control of security features in mobile systems.
Li, Proctor and Si believe they may have a simple solution for users, who unknowingly allow voluntary access to their personal data.
Most users pay little attention
"Although strong security measures are in place for most mobile systems," they write in a recent report inthe journal IEEE Transactions on Dependable and Secure Computing, "the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device."
Most users pay little attention, say the researchers, to unwanted access to their personal information. Instead, they have become habituated to ignore security warnings and tend to consent to all app permissions.
"If users do not understand the warnings or their consequences, they will not consider them," says Proctor, a Distinguished Professor of psychological sciences at Purdue.
"If users do not associate violations of the warnings with bad consequences of their actions, they will likely ignore them," adds Jing Chen, a psychology Ph.D. student who works on the project.
In addition, there are other influences that contribute to users ignoring security warnings. In the case of Android app permissions, of which there are more than 200, many do not make sense to the average user or at best require time and considerable mental effort to comprehend.
"Permissions are not the only factor in users' decisions," says Si, an associate professor of Computer Science at Purdue, who also led research on a paper with Li that analyzed app reviews.
"Users also look at average ratings, number of downloads and user comments," Si says. "In our studies, we found that there exist correlations between the quality of an app and the average rating from users, as well as the ratio of negative comments about security and privacy."
"This is a classic example of the links between humans and technology," says Heng Xu, program director in the Secure and Trustworthy Cyberspace program in NSF's Social, Behavioral and Economic Sciences Directorate. "The Android smartphones studied by this group of scientists reveals the great need to understand human perception as it relates to their own privacy and security."
"The complexity of modern access control mechanisms in smartphones can confuse even security experts," says Jeremy Epstein, lead program director for the Secure and Trustworthy Cyberspace program in NSF's Directorate for Computer and Information Science and Engineering, which funded the research.
"Safeguards and protection mechanisms that protect privacy and personal security must be usable by all smartphone users, to avoid the syndrome of just clicking 'yes' to get the job done. The SaTC program encourages research like Dr. Li's and colleagues that helps address security usability challenges."
Dyman Associates Risk Management Crucial To The Mining Industry’s Growth
Managing Director of Marsh Botswana, Fritzgerald Dube, said the mining industry is faced with exposures that need to be identified, measured and controlled economically in order for the mine’s operations to flourish. Speaking at a mining seminar hosted by Marsh Botswana last week, Dube explained that while the environment in which they operate in is always changing and presenting new threats, they are able to understand risk trends and develop effective programmes. Although a lot of mines have fully fledged risk management departments, Dube noted that mining is a dynamic and ever evolving specialty and that new risk that were not previously anticipated would always evolve.
“As such, risk managers need to be forever considering and devising risk management plans for those risks which they have never been exposed to before,” he advised. Dube added that risk managers need to recognise that they play a critical role in ensuring stability of operations and sustained production in whatever environment that they operate in.
He underscored the importance of risk management, stating that it is a critical function in all mines. He urged top management to commit to instilling a risk management culture throughout the entire organisation.
“Risk management should not be a ‘nice to have’ but rather a ‘must have’ that carries the full weight and support of senior management,” he stressed.
However, Dube regretted that the impact of uncertain events on mine productivity is not limited to loss of property and revenue alone, but possible death as well. An earlier report that was issued by a leading reinsurance advisor, Willis Group Holdings, warned mining companies not to be tempted to cut back on their risk management spending as they try to deal with rising costs, falling commodity prices and decreased productivity levels.
The report titled, Mining Risk Review 2011, identified the main challenges mining companies are facing. They further stated that the bulk of cost cutting had come from reductions in head office spend, exploration and business development.
On the same topic, Botswana Confederation of Commerce and Manpower (BOCCIM) CEO Maria Machailo-Ellis acknowledged that the mining industry had been experiencing fatal accidents around the country. She however noted that they had moved ahead with efforts to prevent recurrence.
Marsh Botswana was established in 1984 and is a subsidiary of Marsh & McLennan Companies, a world leader in delivering risk and insurance services and solutions. Marsh currently provides insurance brokerage and risk advisory services to over 70 percent mines across the globe.
Dyman Associates Risk Management Review on the Best Password Managers for PCs, Macs, and Mobile Devices
6 local and cloud-based password managers make passwords stronger and online life easier for Windows, Mac, iOS, Android, BlackBerry, and Windows Phone users.
Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach, and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.
Dyman Associates Risk Management: Fundamentals of cloud security
For many companies, security is still the greatest barrier to implementing cloud initiatives. But it doesn't have to be.
Organisational pressure to reduce costs and optimise operations has led many enterprises to investigate cloud computing as a viable alternative to create dynamic, rapidly provisioned resources powering application and storage platforms. Despite potential savings in infrastructure costs and improved business flexibility, security is still the greatest barrier to implementing cloud initiatives for many companies. Information security professionals need to review a staggering array of security considerations when evaluating the risks of cloud computing.
With such a broad scope, how can an organisation adequately assess all relevant risks to ensure that their cloud operations are secure? While traditional security challenges such as loss of data, physical damage to infrastructure, and compliance risk are well known, the manifestation of such threats in a cloud environment can be remarkably different. New technologies, combined with the blurring of boundaries between software-defined and hardware infrastructure in the datacentre, require a different approach.
One of the first steps towards securing enterprise cloud is to review and update existing IT polices to clearly define guidelines to which all cloud-based operations must adhere. Such policies implement formal controls designed to protect data, infrastructure, and clients from attack, and enable regulatory compliance. Government bodies such as NIST, the US Department of Commerce, and the Australian Government Department of Finance and Deregulation (PDF) have produced cloud computing security documents that outline comprehensive policies for their departments, which can be a useful starting point for implementing a corporate policy.
It is important to recognise that cloud security policies should provide protection regardless of delivery model. Whether building private, public, or hybrid cloud environments within the enterprise, cloud security is the joint responsibility of your organisation and any cloud service providers you engage with. When conducting due diligence on third-party cloud service providers, carefully review the published security policies of the vendor and ensure that they align with your own corporate policies.
A fundamental security concept employed in many cloud installations is known as the defence-in-depth strategy. This involves using layers of security technologies and business practices to protect data and infrastructure against threats in multiple ways. In the event of a security failure at one level, this approach provides a certain level of redundancy and containment to create a durable security net or grid. Security is more effective when layered at each level of the cloud stack.
When implementing a cloud defence-in-depth strategy, there are several security layers that may be considered. The first and most widely known protection mechanism is data encryption. With appropriate encryption mechanisms, data stored in the cloud can be protected even if access is gained by malicious or unauthorised personnel. A second layer of defence is context-based access control, a type of security policy that filters access to cloud data or resources based on a combination of identity, location, and time. Yet another popular security layer in cloud-based systems is application auditing. This process logs all user activity within an enterprise application and helps information security personnel detect unusual patterns of activity that might indicate a security breach. Finally, it is critical to ensure that all appropriate security policies are enforced as data is transferred between applications or across systems within a cloud environment.
Unfortunately, there is no one-size-fits-all solution for cloud security that can protect all of your IT assets. Nor is it wise to adopt a closed-perimeter approach. Organisations can no longer rely on firewalls as a single point of control, and security practices must expand beyond the datacentre to include key control points for endpoints accessing the cloud and edge systems. When incorporating third-party public and hybrid cloud solutions in your enterprise IT strategy, you cannot assume that the security policies of these service providers meet the standards and levels of compliance required. Make sure you spell out and can verify what you require and what is delivered. Read More
Dyman Associates Risk Management: 10 lessons learned from major retailers' cyber breaches
There has been extensive adverse publicity surrounding what has become the largest data breach in the retail industry, affecting Target and two other U.S. retailers. In November-December 2013, cyber thieves executed a well-planned intrusion into Target’s computer network and the point-of-sale terminals at its 1,800 stores around the holiday season and successfully obtained not only 40 million customers’ credit and debit card information, but also non-card customer personal data for as many as 70 million customers. In addition, 1.1 million payment cards from Neiman Marcus and 3 million cards used at Michaels were reportedly exposed.
Dyman Associates Risk Management : So You Think You Have a Point of Sale Terminal Problem?
If your company has a Point of Sale (POS) terminal anywhere in its infrastructure, you are no doubt aware from the active media coverage that malware attacks have been plaguing POS systems across the country.
Just within the past week, the New York Times has reported that:
Companies are often slow to disclose breaches, often because of the time involved in immediately-required investigations;
Congress is beginning to make inquiries of data breach victim companies; and
Even those companies who have conducted cybersecurity risk assessments still get attacked, often during the course of implementing new solutions to mitigate potential problems and protect their customers’ payment cards or other personal information.
Former employees can be a source of information to the media about your efforts to investigate and secure your POS systems.
Dyman Associates Risk Management: eBay In Security Storm With Dangerous Flaw Wide Open
Auction site eBay has found itself in the midst of another security storm after apparently choosing to leave a security hole wide open – in the interests of user functionality – as customer details were being stolen.
It is the latest in a trio of serious cybersecurity problems at the company this year, following a database breach in May, and the theft of details from its StubHub ticket site customers two months later.
eBay allows highly visual JavaScript and Flash content to be included in its listings, which is a somewhat unsurprising step – however, the company reportedly knew for months that a number of hackers were manipulating this code for malicious content, and left the ability to add the code largely as it is, in the interests of offering sellers attractive auction listings.
Cyber criminals have been using the technology to introduce cross-site scripting (XSS) – in which customers are led to a fake, eBay-mimicking site to enter their payment details. At least 100 exploited listings have been identified by the BBC, which reports that the problems continue even though eBay may have been aware of them since February.
‘Not An Okay Situation’
Security experts have lambasted eBay’s handling of the problems. Chris Oakley, principal security consultant at testing firm Nettitude, says he would expect “all organizations, particularly those with vast quantities of customer data to protect” to have the required, standard cross site scripting defenses in place.
“This hat-trick of security incidents will surely do the company no favors in terms of restoring and maintaining consumer confidence,” adds Paul Ayers, European VP at data security vendor Vormetric, and Mikko Hypponen, chief research officer at security firm F-Secure, describes the situation as “not okay”. Independent expert Graham Cluley told The Drum website that eBay was not in “proper control” of the situation, which he described as “embarrassing”.
Solving The XSS Problem
Experts have proposed a number of solutions for eBay, including simply removing the harmful code or listings, or providing its own Javascript editor in which sellers’ code can be more easily managed and controlled.
Dr Adrian Davis, EMEA managing director at security organization (ISC)2, tellsForbes that XSS is a well known threat, adding that “we can’t afford to tolerate relatively simple security issues like this, especially for a company as massive as eBay”.
Sites with the issue “need to update their current code to remove the vulnerability”, he says. “Functionality for the user would not be impaired, providing the code running in the browser and application is written properly.”
He warns that developers need to be much better trained to write secure code and not focus solely on usability, with “fully qualified and certified individuals, such as those holding (ISC)2’s CISSP or CSSLP” qualifications being involved “throughout the entire process”.
“This is an issue that must rise above the purely technical considerations and go onto the agendas of management and business leaders that are driving the development projects. Only then would we see investment in curbing incidents like these.”
Act Much More Quickly
Randy Gross, chief information officer at industry association CompTIA, says that it is “always difficult” for organizations to strike the right balance between security and convenience. But he adds: “With financial transactions, especially given recent high profile attacks, the pendulum needs to swing hard back toward security and give consumers the confidence their information is secure.”
Fayaz Khaki, an associate director of information security at IDC, adds in aForbes email interview that it is always difficult for large and complex sites, such as eBay, to be completely XSS free. “However, once an XSS vulnerability has been identified the organization must act quickly to remove the vulnerability”, even if it means removing a listing.
Active content such as Javascript, he says, should only be used where completely necessary, and regular monitoring and vulnerability assessments ought to be carried out to minimize risk.
“XSS vulnerabilities have existed for a number of years and really companies such as eBay, that came into existence solely as an internet organization, should be on top of these types of vulnerabilities and should have the capability to identify and mitigate these vulnerabilities very quickly.”
eBay said in a statement that cross site scripting risks exist across the internet, and that it has “hundreds” of engineers and security experts who collaborate with researchers to make its own site both usable and safe.
It added: “We have no current plans to remove active content from eBay. However, we will continue to review all site features and content in the context of the benefit they bring our customers, as well as overall site security.”
Criminals behind cross site scripting and phishing activity adapt their code and tactics “to try to stay ahead of the most sophisticated security systems”, it said. “Cross site scripting is not allowed on eBay and we have a range of security features designed to detect and then remove listings containing malicious code.”
Dyman Associates Risk Management Study: Mobile Health Apps Need Risk Assessment, Framework
Mobile health applications need a risk assessment model and a framework for supporting clinical use to ensure patient safety and professional reputation, according to a study published in the Journal of Medical Internet Research, FierceHealthIT reports.
Dyman Associates Risk Management: A Mobility Checkup
I recently attended the Healthcare Innovation Challenge where I met some customers and took a look at various healthcare IT challenges and innovations. I came away with a couple of strong impressions about the role of mobility in healthcare, in addition to some best practices for healthcare companies to follow.
Dyman Associates Risk Management: what is Risk Management
The Importance of Risk Management to Business Success
Risk management is an important part of planning for businesses. The process of risk management is designed to reduce or eliminate the risk of certain kinds of events happening or having an impact on the business.
Definition of Risk Management
Risk management is a process for identifying, assessing, and prioritizing risks of different kinds. Once the risks are identified, the risk manager will create a plan to minimize or eliminate the impact of negative events. A variety of strategies is available, depending on the type of risk and the type of business. There are a number of risk management standards, including those developed by the Project Management Institute, the International Organization for Standardization (ISO), the National Institute of Science and Technology, and actuarial societies.
Dyman Associates Risk Management Approach and Plan
Dyman Associates Risk Management – As a management process, risk management is used to identify and avoid the potential cost, schedule, and performance/technical risks to a system, take a proactive and structured approach to manage negative outcomes, respond to them if they occur, and identify potential opportunities that may be hidden in the situation [4]. The risk management approach and plan operationalize these management goals.
Because no two projects are exactly alike, the risk management approach and plan should be tailored to the scope and complexity of individual projects. Other considerations include the roles, responsibilities, and size of the project team, the risk management processes required or recommended by the government organization, and the risk management tools available to the project.
Dyman Associates Risk Management on How to Develop a Risk Management Plan
Developing an effective Risk Management Plan can help keep small issues from developing into emergencies. Different types of Risk Management Plans can deal with calculating the probability of an event, and how that event might impact you, what the risks are with certain ventures and how to mitigate the problems associated with those risks. Having a plan may help you deal with adverse situations when they arise and, hopefully, head them off before they arise.
Dyman & Associates Risk Management Projects: 75% of mobile security breaches will result from misuse
With use of smartphones and tablets on the rise and sales of traditional PCs on the decline, attacks on mobile devices are maturing, says IT research and advisory firm Gartner Inc.
By 2017, the focus of endpoint breaches will shift to tablets and smartphones. And, according to Gartner, 75 percent of mobile security breaches will be the result of mobile application misconfiguration and misuse.
Common examples of misuse are “jailbreaking” on iOS devices and “rooting” on Android devices. These procedures allow users to access certain device resources that are normally unavailable — and remove app-specific protections and the safe "sandbox" provided by the operating system, putting data at risk.
Dyman & Associates Risk Management Projects on How to Prioritize the Alerts - Malware
In late May, online security firm Trusteer, an IBM company, raised alarms about a new online banking Trojan it calls Zberp. According to Trusteer, more than 450 global banking institutions in the U.S., the United Kingdom and Australia have been targeted by this malware strain, which combines features from Zeus and Carberp, two well-documented banking Trojans.
Just days earlier, global cyber-intelligence firm IntelCrawler warned of new point-of-sale malware known as Nemanja, which had reportedly infected retailers in nearly 40 countries.
Dyman & Associates Risk Management Projects on Threat intelligence versus risk
Security officers who view threat intelligence and risk management as the cornerstone of their security programs may have advantages over peers who face constraints when it comes to taking advantage of the available data.
CISOs are generally tasked with evaluating security controls and assessing their adequacy relative to potential threats to the organization, and its business objectives. Their role in cybersecurity risk management -- the conscious decisions about what the organization is going to do and what it is not going to do to protect assets beyond compliance -- is still hotly debated.
Dyman & Associates Risk Management Projects on Top 20 mSecurity Companies 2014
Leaders in Software as a Service (SaaS), Mobile Device Management (MDM) & Bring Your Own Device (BYOD) Security
Mobile devices have become an intrinsic part of everyday life, for individual consumers and large organizations alike. Consequently, the popularity of smart devices is an increasingly attractive target for cybercriminals with regards the potential value of personal data found on a device.
The increasing demand for mobile security software is seeing the emergence of security specialists offering solutions aimed at mobile as well as PC.
Established market players in internet security are adapting their services to mobile, while a number of new companies are specializing specifically in smartphone and tablet security. Solutions including software, device management and security as a service are looking to answer this nascent security demand.
Dyman and Associates Projects: A New Graduate’s Survival Guide Against Identity Hackers
As fresh graduates descend from the ivory tower (bearing their unstained diplomas), many will eventually encounter “real world” interactions for the very first time, and they run the risk of being eaten alive out there. Identity-connected scams, dark schemes and credit status traps litter the way to financial success. And for many of those new graduates who confidently say, “It will never to me,” get ready for you bubble to burst.
Information violations and the identity-theft crimes that arise from them have become realities in life, next only to death and taxes. But there are a few things you can undertake to improve your protection against them, identify the problems and reduce the effects in case the inevitable happens. However, if you believe a compromise to your identity or credit will never cause you to incur a good amount of money, you will be surprised to realize the emotional turmoil and endless moments of annoyance spent regretting things which are non-refundable.
New grads must bear this in mind: Your personal identity and credit are significantly precious assets. And whereas it might be quite early in the game to seriously consider your investment portfolio, you now have a built-in two investment-grade portfolios that you ought to manage well: your identity portfolio and your credit portfolio.
Dyman & Associates Risk Managements Projects: For cloud providers, fraud detection is integral part of business plan
Cloud providers have attracted enterprise customers with the promise of rapid elasticity, on-demand provisioning, high availability and a pennies-per-hour pricing model. But there's just one problem: These very qualities have enticed criminals to adopt cloud services as well.
When a scam artist is looking to set up a phishing scheme to gain access to victims' bank accounts, the built-in redundancy, scalability and automation capabilities of cloud servers are extremely appealing. And when all it takes to procure cloud services is a working credit card -- without ever needing to deal with a live salesperson -- the cloud becomes an even more viable base from which criminals can commit fraud.
"All of the advantages of the cloud for enterprises are the advantages for the bad guys," said Jeff Spivey, international vice president of ISACA, a founding member of the Cloud Security Alliance (CSA) and president of Security Risk Management Inc., a Charlotte, N.C., and information security consultancy. "It's that anonymity and scale that's attractive to the fraudsters."
Without proper cloud-based fraud detection and prevention practices in place, cloud providers can become unwitting hosts for cybercriminals. It's a threat that can expose providers to legal liabilities, profit loss and blacklisting. What's more, any cloud provider can become a target.
Dyman Associates Management 5 Things You Need to Know About Cybersecurity Insurance
Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. But it doesn’t do a good job of covering the reputation damage and business downturn that can be triggered by a security breach.
CIO — Cybersecurity insurance does mitigate some financial damage should you suffer an attack, but it's not a complete solution. Here are five things CIOs need to know.
Dyman Associates Management Japan, EU planning cybersecurity summit
(Japantimes) - With China a suspected source of cyberattacks, Prime Minister Shinzo Abe and European Union leaders will agree at a summit in Brussels on May 7 to launch a dialogue to boost cybersecurity, according to a draft of a statement to be issued after the meeting.
“Facing more severe, widespread and globalized risks surrounding cyberspace . . . protection of a safe, open and secure cyberspace is needed,” according to the draft, a copy of which was obtained Sunday.
Abe and the EU leaders, European Council President Herman Van Rompuy and European Commission President Jose Manuel Barroso, will also agree to hold an inaugural meeting of a Japan-EU dialogue on the stable use of outer space in the latter half of this year in Tokyo, the draft says.
Dyman Associates Management ISACA launches cyber-security skills programme
(computerweekly) - Global IT association ISACA has launched its Cybersecurity Nexus (CSX) programme to help address the global security skills shortage.
According to the Cisco 2014 Annual Security Report, more than one million positions for security professionals remain unfilled around the world.
CSX is aimed at helping IT professionals with security-related responsibilities to “skill up” and providing support through research, guidance and mentoring.
A recent ISACA survey found that 62% of organizations’ have not increased security training in 2014, despite 20% of enterprises reporting they have been hit by advanced persistent threats.
Dyman Associates Management U.S., UK advise avoiding Internet Explorer until bug fixed
(Reuters) - The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks.
The Internet Explorer bug, disclosed over the weekend, is the first high-profile computer threat to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year-old operating system will remain unprotected, even after Microsoft releases updates to defend against it.
The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.
Dyman Associates Management: Project Management
Unpredictability justifies the need for project management. How we prepare for the unpredictable is at the heart of enhancing project implementation — executing projects both in a rapid manner and with superior dependability on the committed targeted dates of delivery.
Usually neglected, the value of project management is vital to a company. Projects render business needs into answers applicable for lasting sustainability and development. Dyman & Associates Risk Management Projects fully realizes the essence of implementing projects promptly and within budget. Our project strategy is founded on Goldratt's Theory of Constraints and guarantees the shortest time for delivering your requirements.
Dyman Associates Management: Project Management Office (PMO)
A Project Management Office (PMO) is a group or department within a business, agency or enterprise that defines and maintains standards for project management within the organization.
The primary goal of a PMO is to achieve benefits from standardizing and following project management policies, processes and methods. Over time, a PMO generally will become the source for guidance, documentation, and metrics related to the practices involved in managing and implementing projects within the organization. A PMO may also get involved in project-related tasks and follow up on project activities through completion. The office may report on project activities, problems and requirements to executive management as a strategic tool in keeping implementers and decision makers moving toward consistent, business- or mission-focused goals and objectives.
A PMO generally bases its project management principles, practices and processes on some kind of industry standard methodology such as PMBOK (Project Management Body of Knowledge) or PRINCE2 (Project in Controlled Environments). Such approaches are consistent with the requirements related to ISO9000 and to government regulatory requirements such as the US Sarbanes-Oxley (SOX) program.
Dyman Associates Management: Why mobile security requires a holistic approach
Its remarkable how much can change over the course of just a couple of years. We've seen bring-your-own-device (BYOD) evolve from a buzzword to an accepted practice with a strong business use case. Cyber criminals are savvier than ever and using mobile-optimized techniques and malware to obtain more targeted prizes, such as Social Security numbers and credit card information. Decade-old attacks are even resurfacing under new guises, and with far greater precision than their predecessors. And of course, the proliferation of mobile devices available to an increasingly remote workforce continues to plague IT security professionals who are all too aware of the potential threats.
However, for all the considerable hype around each emerging mobile threat vector, one simple truth remains often overlooked: The only secure way of handling mobile devices is in a managed way. But what exactly does a managed approach look like?
IT security professionals and cyber criminals are continuously battling to gain the upper hand. The trouble is, for the most part, the good guys are being more reactive than proactive. While we are learning from mistakes or flaws in security frameworks as they are breached, cyber criminals are already plotting the next attack, carefully considering areas of network security that are most susceptible to infiltration. How many more high profile incidents, such as the Adobe or Target hacks, must we endure before going on the offensive? As an industry, it's time to realize that mobile security has been, and continues to be, a systemic problem. Unfortunately, despite myriad expert warnings and sensitive data being put at risk, many mobile technology companies' primary focus remains on the consumer market instead of the enterprise market.
Dyman Associates Management, China on frontlines of cyber security threat
Twenty years after it embraced the internet, China has become a cyber-giant, but a weak one vulnerable to a skyrocketing number of threats.
Since China formally became a member of the global internet club on April 20, 1994, internet users had grown to 618 million at the end of last year, the largest number in the world.
However, due to the lack of technology, experience and strong teams to counter online crime, China finds itself embroiled in cyber security threats from both within and outside the country, especially from the West.
A sign of China's weakness in cyberspace is the fact that China annually imports CMOS chips worth more than US$200 billion, which far exceeds its crude oil imports, according to Deng Zhonghan, a member of the Chinese Academy of Engineering.
Disadvantages in software and hardware for information technology mean the Chinese government and industries are unprepared for cyber espionage. Any sabotage could pose dangers to the country's security and development as well as people's lives and work, experts say.
Dyman Associates Management, Focus on global effort to ensure cybersecurity
Muscat: With the number of cybersecurity attacks increasing, regional and global cooperation is necessary to face the challenge, speakers at the third annual regional Cybersecurity Summit that opened in Muscat on Monday, stressed.
Organized by the Information Technology Authority (ITA), represented by Oman National CERT (OCERT) in cooperation with the International Telecommunication Union (ITU), IMPACT and French business information group naseba, the 3rd Annual Regional Cybersecurity Summit opened under the auspices of Yousuf bin Alawi bin Abdullah, Minister of Foreign Affairs.
Commenting on the summit, he said, "This regional conference is very important for the Sultanate as it has assumed responsibility for cybersecurity in the region. The cooperation between the regional countries and other countries that have important interests in this region should be real. The Sultanate welcomes such cooperation, which aims to protect the common electronic interests from theft and other bad behaviors that could result in losses for the business community and companies, investments and others."
Dyman & Associates Risk Management Projects on Staff editorial: The internet, is it a privilege or human right?
There’s no denying that in this day and age, technology has taken over a considerable portion of our lives. Aside from cellphones, the most prominent technology to have hit our generation is the Internet. Now information, news and even people are literally a Google search away.
Back in 2011, the United Nations (UN) released a statement that said the UN has recognized that Internet access is a human right.
We here at the Sundial believe that Internet access is as of now a privilege, since we have to pay to have access to the net. Given the precedence of the Internet, we believe that the internet should become a human right. Even so, there are some precautions to understand if we were to hand universal control of the Internet to a single power.
Dyman & Associates Risk Management Projects on Data privacy shapes up as a next-generation trade barrier
Revelations about U.S. digital eavesdropping have fanned concerns about Internet privacy and may complicate U.S. attempts to write rules enshrining the free flow of data into trade pacts with European and Pacific trading partners.
As more and more consumers and businesses shop and sign up for services online, the IT industry is working to fend off rising digital protectionism it sees as threatening an e-commerce marketplace estimated at up to $8 trillion a year.
"Restrictions on information flows are trade barriers," Google's executive chairman, Eric Schmidt, said at a Cato Institute event last month, warning that the worst possible outcome would be for the Internet to turn into "Splinternet."
The unease of U.S. technology companies has mounted in lockstep with rising worries overseas about data privacy.
German Chancellor Angela Merkel — a target of U.S. spying — has called for a European Internet protected from Washington's snooping. Brazil and the European Union plan to lay their own undersea communications cable to reduce reliance on the United States. And other countries are showing a preference for storing data on local servers rather than in the United States.
Dyman & Associates Risk Management Projects on Hughes: Digital spying casts chill on global trade
WASHINGTON - Revelations about U.S. digital eavesdropping have fanned concerns about Internet privacy and may complicate U.S. attempts to write rules enshrining the free flow of data into trade pacts with European and Pacific trading partners. As more and more consumers and businesses shop and sign up for services online, the IT industry is working to fend off rising digital protectionism it sees as threatening an e-commerce marketplace estimated at up to $8 trillion US a year. “Restrictions on information flows are trade barriers,” Google’s executive chairperson Eric Schmidt said at a Cato Institute event last month, warning that the worst possible outcome would be for the Internet to turn into “Splinter net.”
Dyman & Associates Risk Management Projects: The Weakest Link in Security?
Hardly a day goes by without news of another data breach. It's safe to say that we live and work in risky times. But there's a growing recognition that cybercriminals aren't the only threat—or even the primary threat to an enterprise. "There's a far greater need to educate and train employees about security issues and put controls and monitoring in place to increase the odds of compliance," says John Hunt, a principal in information security at consulting firm PwC.
It's a task that's easier said than done, particularly in an era of BYOD, consumer technology and personal clouds. According to Jonathan Gossels, president and CEO of security firm SystemsExperts, it's critical to construct policies and security protections around two basic areas: malicious insiders and those who inadvertently breach security. "The best security program in the world can be undermined by ill-advised behavior," Gossels explains.
Dyman & Associates Risk Management Projects: Information, Disinformation and the Credibility Crisis
A large percentage of the American population no longer trusts mainstream news outlets either on television or in print. A June 2013 Gallup poll indicates nearly 4 out of 5 Americans among younger generations from age 21-64 cannot trust the major news networks, not when the likes of NBC and MSNBC are owned by General Electric, Comcast and possibly Time Warner in this age of super-mergers. Both the circulation and very survival of America’s news print organizations have shriveled or dried up completely.
Amongst the nation’s largest cities, few traditional newspapers are still left today. Even the perennial powerhouse dailies like the New York Times, Washington Post and LA Times have gravely suffered, and in an attempt to keep up with the changing times, years ago moved to the internet as their mainstay means of surviving the computer age. Time Magazine and Newsweek similarly have been forced to downsize with Newsweek permanently suspending its print circulation. In recent years’ Time Magazine in print has been reduced in size to a mere skimpy little shadow of what it once was.
Dyman & Associates Risk Management Projects: Application awareness using data inspection
The modern enterprise presents numerous challenges to IT security leaders, as it requires a diverse array of applications, websites, protocols, and platforms. Mobile devices are changing the fundamental composition of network traffic and introducing new types of malware, while consumerization trends such as BYOD are introducing new devices over which IT has little control.
To organize the chaos, IT must look beyond a network packet’s site, port, or IP address and determine a security posture that relies on the complete context of data usage. A deep, thorough inspection of real-time network data can help provide the content awareness required for the granular management that a flexible, modern enterprise requires.
New Oracle Software Tackles Mobile Security Head On, Dyman & Associates Risk Management Projects
Mobility. It’s not a new trend, but it’s a growing one. Indeed, the workforce is becoming increasingly mobile and that mobility is driving security concerns that software giants like Oracle are trying to solve.
Oracle sees a critical need for solutions that help enterprises control access to business data and also protect that data on mobile devices. Advanced security controls for personal and corporate devices, are needed, without complicating the user experience.
To meet these needs, the enterprise-software maker is launching the Oracle Mobile Security Suite, which lets users securely access enterprise data from their own devices, while at the same time protecting that information by isolating corporate and personal data.
Seagate Backup Plus Fast Portable Review, Dyman & Associates Risk Management Projects
The Seagate Backup Plus Fast portable drive is performance-heavy mobile device that provides users a plethora of storage and is the first portable drive that offers 4TB of storage space. Backup plus Fast is fully USB powered, allowing users to bring along their videos, music, and pictures without having to carry an extra external power supply while on the go. Also included is the Seagate Dashboard, which offers users the ability to schedule and automate backups for their computer, social networks and mobile devices.
Appthority App Risk Management, Dyman & Associates Risk Management Projects
Appthority App Risk Management provides service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data.
According to a recent Appthority blog post, the National Cyber Security Alliance recently promoted its internationally recognized annual holiday, Data Privacy Day. The theme of Data Privacy Day, “Respecting Privacy, Safeguarding Data, and Enabling Trust,” came just on the heels of new revelations from the N.S.A. around how they target mobile. The company indicated that the New York Times, the National Security Agency let it slip that they use mobile apps as a method to access personal information. These “leaky apps” such as the popular gaming app Angry Birds give away things such as smartphone identification codes and pinpointed locations throughout the day.
Card Brands Launch Security Initiative, Dyman & Associates Risk Management Projects
Ending weeks of relative silence by the two major payment card brands in the wake of payments breaches at Target Corp., Neiman Marcus and others retailers, MasterCard and Visa have announced the formation of a cross-industry group to work on improving U.S. payment security. The collaborative effort aims to advance the migration to chip cards as well as point-to-point encryption.
In addition to the card brands, the coalition will include banks of all sizes, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups, the card brands say in announcing the effort.
Dyman & Associates Risk Management Projects, Is the cloud the next stop for enterprise risk management?
Could enterprise risk management become a common cloud-based service at most government agencies? It's an idea being explored by other industries, especially within the financial management and manufacturing sectors. There's a good chance that the idea could take root in the public sector too.
Once an organization assesses its potential safety and economic risks, specific rules can be then be set to help mitigate those risks. Historically organizations have not always taken an enterprise wide approach to risk management. More often solutions were done piecemeal, such as requiring locks on certain doors or passwords on specific machines. As risk management became more formalized, it slowly became an evaluation process to be followed, a set of formal decisions to be made and a way to track and enforce specific rules.
Safety products: Web-based driver risk management, Dyman & Associates Risk Management Projects
Utility vehicles: Alert Driving, a provider of web-based driver risk management solutions, has announced the launch of Hazard Perception 360, an interactive mobile driver risk assessment solution. The new release builds on Alert Driving’s proven, industry-standard Hazard Perception Evaluation program.
Hazard Perception Evaluation is designed to identify high-risk drivers by assessing their risk awareness and reaction time across six core safe driving categories. Based on each individual’s specific deficiencies, the program assigns targeted training to mitigate a driver’s assessed risk.
Dyman & Associates Risk Management Projects
Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. Several risk management standards have been developed including the Project Management Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards.
BagTheWeb Recommends
Related Bags (0)
No bags have been linked.
BagTheWeb Suggests
Axis Capital Group Singapore
Axis Capital Group based in Singapore is a company that sells and rents construction capital equipment from cranes to excavators and related heavy construction equipment throughout Southeast Asia. The company is a multi-line dealership that is committed in assisting you in finding the products that will meet your job requirements.
Abney and Associates
We know about the 10 kinds of people. (You know, those who can read binary and those who can’t.) This is PC Speak: An Abney and Associates Internet and Technology Research Lab - Technology related to every day life!
Correspondence distance learning in India
Here student get all information about Correspondence distance learning in India
Juvenile Prison Outreach for Libraries
A compilation of "best practice" resources for youth services librarians who are interested in or are currently providing outreach services to juvenile detention centers.