Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

NIST – Security and Privacy Controls for Information Systems and Organizations

Security and Privacy Controls for Information Systems and Organizations, August 2017. Draft NIST Special Publication 800-53 Revision 5.
This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile attacks, natural disasters, structural failures, human errors, and privacy risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, Executive Orders, directives, regulations, policies, standards, and guidelines. The publication describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions and business functions, technologies, environments of operation, and sector-specific applications. Finally, the consolidated catalog of controls addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms) and an assurance perspective (i.e., the measure of confidence in the security or privacy capability). Addressing both functionality and assurance ensures that information technology products and the information systems that rely on those products are sufficiently trustworthy.”

GAO reports continuing security controls for protecting confidentiality of taxpayer data

Information Security: Control Deficiencies Continue to Limit IRS’s Effectiveness in Protecting Sensitive Financial and Taxpayer Data, GAO-17-395: Published: Jul 26, 2017. Publicly Released: Jul 26, 2017. “The Internal Revenue Service (IRS) made progress in addressing previously reported control deficiencies; however, continuing and newly identified control deficiencies limited the effectiveness of security controls for protecting the… Continue Reading

Those supposed;y secure passwords you routinely create are not secure at all

WSJ.com – “…Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” [this is the 2017 version] The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and… Continue Reading

New Tool for Looking at Federal Cybersecurity Spending

“With malicious hacking and other cyber threats on the rise, Taxpayers for Common Sense recently turned our attention to how much the federal government spends to keep us safe from cyber threats and where it spends that money.  Our analysts spent two years reviewing hundreds of thousands of pages of federal budget documents in an attempt to answer those questions. When… Continue Reading

Your Social Security Number is a major target of ID theft – government has yet to implement an alternative

Social Security Numbers: OMB Actions Needed to Strengthen Federal Efforts to Limit Identity Theft Risks by Reducing Collection, Use, and Display, GAO-17-553: Published: Jul 25, 2017. Publicly Released: Jul 27, 2017. “Governmentwide initiatives aimed at eliminating the unnecessary collection, use, and display of Social Security Numbers (SSN) have been underway in response to recommendations that… Continue Reading

State Department Telecommunications: Information on Vendors and Cyber-Threat Nations

State Department Telecommunications: Information on Vendors and Cyber-Threat Nations, GAO-17-688R: Published: Jul 27, 2017. Publicly Released: Jul 27, 2017. “Federal telecommunications systems can include a variety of equipment, products, and services which may be produced by foreign manufacturers—and may potentially be vulnerable to manipulation by a cyber-threat nation like China, Iran, North Korea, or Russia.… Continue Reading

HHS Unveils Improved Web Tool to Highlight Recent Breaches of Health Information

“The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) today launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved.  The HIPAA… Continue Reading

Adobe announces demise of Flash in coordination with tech partners

Adobe Blog: “The Adobe Flash Player has played a pivotal role in advancing interactive and creative web content for over 20 years. At the core of our company’s mission statement of changing the world through digital experiences is the invention of formats where none previously existed- we did this with Flash and will continue to… Continue Reading

EPIC’s Voter Data Case Moves Forward After Court Denies Injunction

Follow up to previous postings – States reject demand to provide all voter personal info to Trump election fraud commission – today via EPIC – “A federal district court in Washington, DC has denied EPIC’s motion for an injunction against the Presidential Election Commission and declined to block the Commission’s nationwide collection of voter data.… Continue Reading

Report – 66% of US law firms reported a breach in 2016

NetSecurity – “The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments. The degree of preparation and vigilance… Continue Reading

Personal data of millions of Verizon customers exposed in cyber breach

Public Knowledge Urges FCC to Investigate Verizon Customer Data Breach – “Today, reports indicate that one of Verizon’s business partners, Nice Systems, exposed millions of Verizon customer records. According to ZDNet, “as many as 14 million records of subscribers who called [Verizon’s] customer services in the past six months were found on an unprotected Amazon S3… Continue Reading

Global Study – The need for a new IT security architecture

“Cyber-attacks happen by the minute—and in our industry on the whole, they’re not being handled adequately. To get a better view of why that is, Citrix teamed up with the Ponemon Institute to find out what’s holding up businesses from appropriately addressing security issues. Here’s what we found and how businesses can take smarter steps… Continue Reading