Cyber Security Summit Blog « Cyber Security Summit

Cyber Security Summit Blog

U.S. Air Force awards $3.3 million contract for cyber security training

TeleCommunication Systems, which specializes in secure mobile communication technology, today reported it has entered into a contract with E-volve Technology Systems to provide training services to the U.S. Air Force for its Cyber Operations Training Program. The subcontract includes a base award term of five months and two one-year option terms for a total possible value of $3.3 million. The Air Force is funding the Cyber Operations Formal Training Support contract awarded to E-volve Technology Systems, and TeleCommunication Systems will provide training services including course planning, design and development; training, instruction and administration; technical analysis and courseware maintenance. Additionally, TeleCommunication Systems will provide ...
Read More

Survey: Companies not prepared for cyber security risks of outsourcing

Post-resession, partnering with third-party vendors and outsourcing tasks that were once handled in-house has become a common cost-saving strategy. Unfortunately, many organizations aren't prepared to address the information technology and security risks that can emerge from outsourcing, according to a new survey by the Shared Assessments Program and consulting firm Protiviti. The survey, which asked companies about their current vendor risk management programs, found a general lack of mature vendor risk management practices as well as insufficient resources and staff to meet current best practice standards. "Managing the risks associated with outsourced services and vendor relationships is one of the many challenges facing ...
Read More

Retailers association launches cyber intelligence sharing center

Retailers were among the hardest hit and most talked about victims of cyber crime in 2013. Now they are doing their best to fight back. Just yesterday, the Retail Industry Leaders Association and key retailers from around the country launched the Retail Cyber Intelligence Sharing Center, otherwise known as R-CISC. The center is an independent organization whose key feature is a "Retail Information Sharing and Analysis Center," which is designed to do exactly what its name suggests. According to RILA, the center will allow retailers to share cyber threat information both among themselves and with others, including the U.S. Department ...
Read More

NIST releases systems security engineering guidelines

At a presentation at the University of Minnesota this morning, National Institute of Standards and Technology Fellow Ron Ross announced the publication of a new set of systems security engineering guidelines designed to help improve information security. NIST Special Publication 800-160 was released in draft form and is now available for public comment. You can download the publication here: "Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems." Ross said the announcement was made at the university to highlight where the skills needed to combat tomorrow's cyber security challenges will come from. He said the University of Minnesota's Technological Leadership Institute represents a model ...
Read More

NIST official to announce new cyber security guidelines in Minnesota

Ron Ross, a fellow at the National Institute of Standards and Technology and leader of the Federal Information Security Management Act Implementation Project, will announce new draft cyber security guidelines at the University of Minnesota on Tuesday. The guidelines are contained within "Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems." They were written to help both private- and public-sector officials build more resilient IT infrastructures. Ross is the principal architect of the NIST Risk Management Framework and leads the Joint Task Force Transformation Initiative Working Group, an effort to develop a unified information security framework for the federal ...
Read More

Cyber security items every vendor contract should include

Following recent high profile data breaches, many companies are wondering what terms and conditions should be in vendor contracts. That is great question to ask. Many companies – big and small – sign vendor contracts without considering the data security issues. Often times, a contract that is “small potatoes” from a dollar standpoint has the potential to create a disproportionate level of risk. (Consider, for example, a company hired to empty your company’s shredder bin.) Such contracts often get signed without careful review, putting companies at risk. While each company should get individualized legal advice, here are six things that ...
Read More

Symantec releases 2014 threat report

Symantec recently released its latest Internet Security Threat Report, which looks back at data from last year and offers an analysis of what happened. Not surprisingly, the company labeled 2013 “The Year of the Mega Breach.” “The total number of breaches in 2013 was 62 percent greater than in 2012 with 253 total breaches. It was also larger than the 208 breaches in 2011. But even a 62 percent increase does not truly reflect the scale of the breaches in 2013. Eight of the breaches in 2013 exposed more than 10 million identities each. In 2012 only one breach exposed over ...
Read More

What is Cyber Security Business?

For a period of time last month, the most popular new paid Android app on the Google Play store was antivirus software. According to multiple reports, it was also a scam. Both facts tell us something about the digital world we're living in today. First, the threat of cyber crime is prevelent enough that antivirus software can top the charts of a popular online marketplace (although whether all the downloads for this particular app were legitimate is hard to know). Second, when it comes to cyber crime, no one — not even Google, one of the most powerful companies in the ...
Read More