Government Security News

More Celebrity Records Snoopers Fired RSS Syndication - Mon, 07/15/2013 - 11:20pm
Cedars-Sinai Medical Center Latest To Boot Nosy Workers
The recent firings of six workers at Cedars-Sinai Medical Center offers yet another reminder for health records snoopers everywhere: Curiosity kills your job.

Survey Says: ACH, Wire Fraud Growing RSS Syndication - Mon, 07/15/2013 - 11:20pm
Banks, CUs Report Increased Losses Despite New Tech
Preliminary results of the 2013 Faces of Fraud Survey show institutions are still suffering big financial losses linked to ACH and wire fraud. Why are they still getting hit, in spite of investments to detect and prevent account takeover?

Applying Iris Images to PIV Cards RSS Syndication - Mon, 07/15/2013 - 11:20pm
New Guidance from NIST Details Biometric Advances
Organizations could choose to add iris images as an alternate biometric over fingerprints on personal identity verification cards, because, for some users, fingerprint collection can be difficult.

No Time-Out for Certain Feds at DEF CON RSS Syndication - Mon, 07/15/2013 - 11:20pm
Hackers' Conference Asks Federal Officials to Stay Away
Angered over the Edward Snowden revelations, DEF CON says the feds should take a 'time-out' from this year's hackers' conference. But a top DHS cybersecurity policymaker says he's still invited to participate in a conclave panel discussion.

DHS's Napolitano Resigns: The Impact RSS Syndication - Mon, 07/15/2013 - 11:20pm
Secretary Leaving to Head University of California System
Janet Napolitano's departure as homeland security secretary could have an adverse impact on the nation's cybersecurity policy, at least temporarily, considering the posts of deputy secretary and deputy undersecretary for cybersecurity remain vacant.

WellPoint to Pay $1.7 Million Settlement RSS Syndication - Mon, 07/15/2013 - 11:20pm
Website Glitch Exposed Information on 612,000
Insurer WellPoint has agreed to pay the Department of Health and Human Services $1.7 million to settle a HIPAA case stemming from a website data breach that may have exposed information on more than 612,000 individuals.

Illegal Pharmacy Sites Pose Cyberthreats RSS Syndication - Mon, 07/15/2013 - 11:20pm
FDA Crackdown Highlights the Risks Involved
The FDA and law enforcement officials recently busted 9,600 illegal online pharmacy websites. In addition to health risks, these and other sites pose cyberthreats as well. Find out about the risks.

NIST Readies Incident Coordination Guide RSS Syndication - Mon, 07/15/2013 - 11:20pm
A new incident response publication coming from the National Institute of Standards and Technology will include guidance on how to form circles of trust - networks of IT security experts spanning multiple organizations, says NIST's Lee Badger.

Is IRS Legally Free to Expose Private Info? RSS Syndication - Mon, 07/15/2013 - 11:20pm
Tax Agency Finds Itself Between a Rock and a Hard Place
FISMA and the Privacy Act allow agencies to redact personally identifiable information from public postings. But the IRS says another law requires it to post public forms without altering them to remove PII. What's the agency to do?

An Insurance Exchange Tackles Security RSS Syndication - Mon, 07/15/2013 - 11:20pm
One of the biggest security challenges the Washington state health insurance exchange faces as it prepares for its Oct. 1 launch is building interfaces with its partners, says CIO Curt Kwak.

Man Behind the Cybersecurity Framework RSS Syndication - Mon, 07/15/2013 - 11:20pm
Getting critical infrastructure operators involved is the biggest challenge the federal government faces in creating a cybersecurity framework, says NIST's Adam Sedgewick, who leads efforts to create the framework ordered by President Obama.

Mobile Security Q&A with Intel's Malcolm Harkins RSS Syndication - Mon, 07/15/2013 - 11:20pm

In an exclusive session brought to you by Information Security Media Group, Harkins will expand upon topics discussed in his two webinars, Mobile: Learn from Intel's CISO on Securing Employee-Owned Devices and Mobile Security: Intel's CISO on Identity & Access Management (IAM) and Data Security.

In previous insight focused on mobile security and employee-owned devices, Harkins says organizations must tackle these risks head-on. "Doing nothing is not an option" when it comes to BYOD. "Employees will work around and unknowingly expose the enterprise," he says. Organizations now must focus on protecting data and networks, as well as ensuring a whole new level of identity and access management.

"The thing [organizations] have to do is ... establish a cross-functional mobile governance view of this, so you can understand the dynamics of what the business is trying to achieve," Harkins says. With a more global view of goals and challenges, security leaders can hone in on the true inhibitors to mobile security. "That way, you can focus on: Is it an application issue you need to work on in a particular category? Is it the encryption? The identity and access management? You can get into the uses and where the company is trying to achieve value with the mobile device proliferation."

The Case for a 'Borderless' Breach Law RSS Syndication - Mon, 07/15/2013 - 11:20pm
The best argument for enactment of a federal data breach protection law to replace 46 state statutes is that physical location is not relevant in a society that relies on mobile technologies, says public policy advocate David Valdez.

Beyond BYOD: 2013 Mobile Security Survey Results RSS Syndication - Mon, 07/15/2013 - 11:20pm

Organizations of all sizes are dealing with the solution - mobility - before they even have had adequate time to manage the risks of the challenge: How do we secure the systems and data accessed broadly by employees' mobile devices? The Beyond BYOD: Mobile Security Strategies Survey, sponsored by Accellion, looks at how organizations will address today's top mobile security challenges, with emphasis on:

  • State of Security - Which mobile platforms will organizations support, and how do they rate their state of mobile security?
  • Policy - What formal policies do organizations have in place for concerns such as inventory, mobile device/application management and data/device encryption?
  • Controls - What security solutions are in place to manage and secure identity and access management, content and the use of third-party applications?
  • Metrics - How do organizations measure the tangible business results of mobile initiatives, including cost-savings and improved productivity?
  • Investments - What are the top areas of mobile security investment for the coming year?

In addition to delivering an overview of key survey results, this session includes a panel discussion analyzing the results and offering mobile security tips for organizations.

Expert panelists include Elayne Starkey, CISO of the State of Delaware, and Malcolm Harkins, Chief Security and Privacy Officer at Intel.

Survey Results: 2013 Faces of Fraud RSS Syndication - Mon, 07/15/2013 - 11:20pm

What are today's top fraud schemes, and how are banking institutions responding to them?

These are among the questions to be answered by this latest study, 2013 Faces of Fraud: The Threat Evolution. A follow-up to ISMG's 2010 and 2011 Faces of Fraud surveys, this new research looks not only at the latest fraud trends and how institutions are fighting back, but also at how they are affected by the impact of ever-evolving threats.

This web-based research study, created by ISMG with the counsel of top fraud experts, covers:

  • Malware - How are institutions faring against today's leading banking Trojans, including Zeus, Gozi Prinimalka, Eurograbber and others?
  • Mobile Attacks - How do escalating mobile malware attacks impact strategies for mobile banking and payments?
  • Account Takeover - Are banks succeeding at reducing the number of successful takeover attempts? And are fraud losses also being reduced?
  • DDoS - Are these attacks, as regulators warn, merely a diversion to distract institutions from fraud behind-the-scenes?
  • POS and Retail Breaches - Recent months have brought a steady stream of network breaches at retailers and payments processors, as well as point-of-sale device and system attacks, resulting in payment card fraud and replacement. How are card issuers and acquirers tracking and responding to these attacks?
  • Anti-Fraud Investments - What new investments are institutions making in layered security controls - particularly in the U.S., where institutions now are responding to the findings of their first exams for conformance to the FFIEC Authentication Guidance?

The 2013 study will also benchmark the most common fraud schemes, including payment cards, checks and phishing; the ongoing impact of account takeover resulting from ACH/wire fraud; the detection and prevention of insider crimes; and whether institutions see significant fraud reductions resulting from new investments in employee and customer education.

Using Big Data and Identity Intelligence to Nix Fraud RSS Syndication - Mon, 07/15/2013 - 11:20pm

Trends in fraud management have evolved as more business has moved online, where the applicant can easily hide under a stolen or made-up identity. Now it's time to move beyond chasing after the fact to preventing fraud before it happens.

Equifax has extensive experience working in the financial sector and with major government agencies to help identify fraudulent applicants before they get in the front door. Working across verticals means that lessons from each are combined to create a complete view of fraud behavior and best practices for combating it.

In this session, Ryan Fox, Principal in Equifax Identity and Fraud Solutions consulting group, will review implementations across federal agencies built from analytic models that serve to successfully prevent fraud in the financial, e-retail and telecommunications space. These sophisticated analytics assess the likelihood of fraud through extensive matching within proprietary data sources, and assessment of network activity associated with that identity.

He'll be joined by Rich Huffman, Senior Product Manager for Fraud, discussing best practices in fraud mitigation that result in a tiered process. Among the core elements to be discussed:

  • Focus on prevention measures, including identity proofing that uses a broad range of data elements to verify the applicant's identity;
  • Gauge the risk profile of the device used to interact with the institution;
  • Review information within a channel, across channels and between internal and external sources;
  • Reduce portal abandonment rate by limiting intrusive procedures to high-risk applicants;
  • Comply with appropriate regulations and industry guidelines;
  • Minimize manual processing time and costs.

DoD: Notice of Proposed Rulemaking on Privacy Training RSS Syndication - Mon, 07/15/2013 - 11:20pm
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.

NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide RSS Syndication - Mon, 07/15/2013 - 11:20pm
Guidance on establishing processes to rapidly detect and respond to cyber incidents.

NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT RSS Syndication - Mon, 07/15/2013 - 11:20pm
Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.

NIST SP 800-39: Managing Information Security Risk RSS Syndication - Mon, 07/15/2013 - 11:20pm
Organization, Mission and Information System View