Welcome!

@CloudExpo Authors: Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Liz McMillan, Elizabeth White

Blog Feed Post

NIST Publishes IT Supply Chain Risk Guidance, FBI Explores Wisconsin Payroll Hack and more

By

Here are the top cyber news and stories of the day.

  • NIST publishes IT supply chain risk guidance - Supply Chain Risk management will be a growing concern as we continue to source almost all of our silicon and technology from foreign countries. The NIST document “calls for procurement organizations to establish a coordinated team approach to assess the ICT supply chain risk and to manage this risk by using technical and programmatic mitigation techniques.” Full document here. Via FedScoop, more here.
  • VanRoekel: Open data policy to be published in early 2013 - The OMB is planning to release a government-wide open data policy next year. Federal CIO VanRoekel says the policy will be informed by open data initiatives now underway by the Presidential Innovation Fellows.” VanRoekel sees these policies as informing the way agencies buy. Via FierceGovernmentIT, more here.
  • Standardising cloud encryption is key to improving security - The first problem that we lawyers have when we hear “data” and “cloud” used in the same sentence is that data is valuable, and the cloud concentrates that value.” Via TechWorld, more here.
  • FBI explores $150,000 payroll hack at Wisconsin school - A hacker rerouted $150,000 from a school payroll into a bank account. It appears that the money was rerouted in transfer, rather than at the bank. Via InfoSecurity Magazine, more here.
  • ‘Significant deficiency’ with Social Security Administration cybersecurity, say auditors - The SSA’s annual FISMA report is not looking rosy for the agency. There are issues with the continuous monitoring strategy, lack of access controls and weak controls allowing red-teamers to obtain PII. Via FierceGovernmentIT, more here.
  • DOD on target with data center consolidation - One of every 13 DoD data centers has already been shut down. DoD has shut down a total of 114 data centers, more than one-quarter of the federal data centers that have closed. This is a great first step, but only about one-tenth of the total data centers DoD needs to consolidate. Via Federal Computer Week, more here.
  • BYOD: Why Mobile Device Management Isn’t Enough - Michael Davis over at InformationWeek examines what to look for in mobile device management software. He takes a look at what limitations IT organizations face when allowing employee devices. Via InformationWeek Global CIO, more here.
  • New DoD safeguards for autonomous systems exempt cyber – The new rules which DoD issued 21 Nov to prevent collateral damage from autonomous weapons do not apply to cyber systems. Under the directive, autonomous and semi-autonomous weapon systems must be designed so human operators can exercise judgment over the use of force.” These issues will have ramifications on viruses such as Stuxnet and other cyber weapons. Via FierceGovernmentIT, more here.
  • Mobile Security Threats Expected in 2013 - The Dubai Chronicle has an excellent list of mobile security threats that may change in the new year. This includes cross-platform mobile threats and malware that resides in the App Stores. Via Dubai Chronicle, more here.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

CloudEXPO Stories
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
Digital Transformation is well underway with many applications already on the cloud utilizing agile and devops methodologies. Unfortunately, application security has been an afterthought and data breaches have become a daily occurrence. Security is not one individual or one's team responsibility. Raphael Reich will introduce you to DevSecOps concepts and outline how to seamlessly interweave security principles across your software development lifecycle and application lifecycle management. With these new automated application security methodologies, organizations will be able to minimize their risk with digital transformation & migration to the cloud, comply to new regulations, and prevent data breaches from ever happening.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading these essential tips, please take a moment and watch this brief video from Sandy Carter.