Blog Postings

View more Government_Industries news and analysis from Computerworld.com

View more IT Governance and Compliance news and analysis from Computerworld.com

From sophisticated new forms of malware to the nation-state and the advanced persistent threat (APT), cybersecurity incidents have evolved at a rapid pace and are disrupting organizations and damaging reputations. But are organizations' incident response programs, personnel and tools evolving to keep up with the new threat landscape?

According to the 2013 Incident Response Survey results, only 20% of organizations rate their incident response programs as "very effective." Their biggest gaps: Being able to detect and contain malware, which can also be the precursor to advanced persistent threats.

Aimed at determining how organizations are prepared to respond to today's new breed of cyber-attacks, the survey also finds many respondents experienced malicious code in the past year, had lost or stolen devices, or were victims of spear phishing, resulting in system downtime, lost or compromised data or financial loss. Only 26 percent of respondents rate their current anti-malware tools as "very effective."

In this session, thought-leaders from FireEye and ISMG will present and analyze responses to key questions, including:

• How are organizations prepared to respond to advanced persistent threats?
• What are the technical challenges that impact the ability for effective incident response?
• How can organizations evolve their incident response plans to address the new threat landscape?

Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.

Organization, Mission and Information System View

Guidance on establishing processes to rapidly detect and respond to cyber incidents.

Boston Public Health Agency, Police Union Argue Over Medical Data
A privacy dispute has erupted between the city's public health officials and first responders in the wake of the Boston marathon bombing. Find out what's being debated.

Hackers Exploit Commercial Software to Gain Access to Data
A breach of the Washington State Administrative Office of the Courts' public website may have exposed as many as 160,000 Social Security numbers and 1 million driver's license numbers.

The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.

Jason Clark, Neil Thacker of Websense on New Strategies
Is the cyber-criminals' desire to steal critical data greater than our abilities to protect it? That's the question posed by advanced threats. Jason Clark and Neil Thacker of Websense discuss how to defend.

House Panel Places Few Limits on How Money Could Be Spent
A House Appropriations Committee bill would earmark $786 million for Department of Homeland Security cybersecurity operations in fiscal 2014. That's $24 million less than President Obama seeks, but 4 percent more than this year's appropriation.

DDoS was thought to be a threat from the past until it was reactivated and re-energized by the hacktivist group known as the Izz ad-Din al-Qassam Cyber Fighters.

Since the fall of 2012, the attackers have used DDoS to disrupt the online functions of nearly 50 U.S. financial institutions, causing website outages that alarmed customers and caused two federal regulatory agencies to issue fraud alerts to member institutions.

Following the two initial waves of attacks, in the fall and winter of 2012, the hacktivists took time off to regroup. Each time they came back stronger.

But the third wave, which commenced in March 2013, shows no sign of abating. Not only have the attacks morphed, targeting different vulnerabilities, but the attackers' botnet has strengthened. In April, the FBI warned that attack scripts have been modified in an attempt to increase the effectiveness with which the scripts evade detection. The actors are changing their attack methodology, the FBI says, to circumvent mitigation efforts of the financial institutions.

Concurrently, electrical utilities, gaming sites and European banking institutions all have experienced different forms of DDoS.

How can organizations from across industry defend themselves against attacks that some of the world's largest banks cannot prevent?

That is the key question that will be answered in this panel discussion from three unique perspectives:

• The Bank - Michael Wyffels, SVP and CTO of QCR Holdings Inc., a multibank holding company, will discuss how his institutions assess and respond to DDoS risks, as well as what DDoS means to the banks and their customers.
• The Journalist - Tracy Kitten, Executive Editor of BankInfoSecurity and CUInfoSecurity, will share insight she's gleaned from covering the DDoS story exhaustively since it first broke.
• The Expert - Rodney Joffe, SVP & Senior Technologist, Neustar, is one of the foremost industry experts on DDoS and can explain exactly what the latest attack trends show us, and how you can make your organization a less desirable DDoS target.

The false hopes of unnecessary solutions can drown out meaningful conversation about how to fix government processes.

Good management is a four-quarter commitment, not a last-ditch effort.

Reality TV reveals the problems with government services, but how do we fix them?

Management lessons from the teachers' strike.

But black belts, "Lean" t-shirts and TQM posters are forever. Well, not really.

Above all else, citizens want results. When they don't get them, they morph into selfish people.

The leader of Colorado’s prison system, who was killed last week, was a hero to communities that probably never knew his name.

IT isn’t the solution to all our problems, and it shouldn’t take a rocket scientist to see that NASA should postpone liftoff for its new procurement system.

There are many, but tracking software -- which various government agencies make use of every day -- is one of the biggest.

The Games may be over, but public workers must still find the drive to go for the gold.