Musings of a state government CSO.
Recent news headlines are full of intriguing stories about real-life consequences to virtual actions at home and work. Virtual world travels, combined with Web 2.0 interactions, are merging with real life behaviors at the office as never before. Secu....
From Newsweek to The Drudge Report to The Huffington Post, it seems that everyone is talking about an unexpected big winner on election night - The Internet.
NASA has joined the National Science Foundations (NSF's) Research.gov portal. The site offers great information on federally funded research projects, grants, policies and more.
After over two years of writing and some very early mornings, my first book has finally launched. I invite your to come learn more about "integrity theft," seven habits of online integrity, a "what if" look at the future of the In....
Microsoft's latest anti-piracy tactic is to turn computer screens black if pirated copies of Windows software are detected. But Chinese computer users are reacting with outrage and calling this a privacy issue. At stake, both Microsoft's im....
In a recent government technology conference, Frank Abagnale, whose life was the subject of the movie "Catch Me if You Can," said that there is minimal risk for criminals involved in identity theft. He said only about 1 in 700 thieves are c....
We've all heard war stories of Internet hot spots that are actually too hot (with bad guys capturing keystrokes). And yet, millions of web surfers use this convenient, free online access every day. What should be the message from the security co....
Despite major progress over the past decade regarding digital government, a recent report by the Brookings Institute claims that e-Government progress has fallen short of expectations. While powerful success stories abound, the report highlights area....
I never cease to be amazed by the new scams that are released. I don't know who these bad guys hire, but it almost seems as if they hire their own PR firms to help them figure out what Internet tricks to try next. Most of these eventually show u....
McAfee's Avert antivirus labs found that almost half of all password-stealing Trojan software detected in the last year target multiplayer online games like "World of Warcraft," "Everquest" and "Lineage." Just a gam....
As the election stories heated up during August, a number of articles appeared around the country regarding roles and responsibilities in cyberspace - and especially on cyber security. While everyone wants more money, two different camps have differe....
What does it take to be a successful CSO or CISO? While there are entire books on this topic, one important attribute is to think like an entrepreneur. No, I'm not talking about starting a side business. I am talking about a focus on the custome....
Everyone knows that almost anything goes at Black Hat. But the Associated Press (AP) released a story yesterday about three French reporters who were just bounced from Black Hat for spying on eWeek and CNET in the Press room. Wow ...
Experts have been saying for years that our virtual and real worlds are merging. Well now we've reached a new level with "virtual speed bumps" in Philidelphia. That's right, the government is now tricking drivers into slowing down....
Are more and more of your workers going mobile and accessing the Internet via portable devices? Well security help has arrived. The National Institute of Standards (NIST) has released an excellent new publication entitled: "Guidelines on Cell Ph....
The Department of Homeland Security (DHS) recently issued a request for information from contractors to provide technical support and analysis for their information security program.
Recent reports says huge numbers of home PCs connected to the Internet are infested with malware. What strategies should we be using to deal with this situation? Some technology CEOs and other leaders imply that we need to move on ...
Firefox 3 is set for release on Tuesday, June 17. The security benefits suggest a good look is a good idea. Many are even planning launch parties. What are your plans?
The National Institute of Standards and Technology (NIST) would like feedback on it's draft scoring system which evaluates various security configurations within operating systems and applications.
As I've traveled across the country, I've often been asked the same question: What's the 2008 key to success as a security leader? From Seattle, Washington to Novi, Michigan, from big state leaders to small county CIOs, people are feel....
SANS Internet Storm Center updated their website with additional information related to large numbers of SQL injection attacks. Their site includes some very helpful links. One of the links is for Shadowserver.org who has begun maintaining a list of ....
Everyone's talking about Virtual Alabama. Well maybe not everyone, but at least the Homeland Security and Emergency Management crowd that cares about new ways to leverage Google Earth to integrate geospatial applications, databases, and more. Th....
Is it safe to blog about security in government? That may sound like a pretty dumb question coming from a security blog that's been around for over 18 months. And yet, I often get asked that question. Now, Federal Computer Week (FCW) may have se....
The Multi State Information Sharing & Analysis Center (MS-ISAC) held their annual meeting in Seattle, Washington from April 28-30. Approximately 150 federal, state & local government security leaders participated in the gathering. So what was....
The conventional security wisdom is to lock down your endpoints in order to enforce security policy. That approach was thrown out at Google, according to Douglas Merrill, Google Inc.'s Chief Information Officer (CIO). Is this a trend? Should we ....
For years I've heard colleagues proclaim: "You must go to the RSA conference. It is the biggest security conference of them all. It is unlike anything else you'll attend. You must see to believe. They were right, but for different reas....
On April 9, I participated in an excellent panel at the RSA Conference in San Francisco. The topic was Cyberstorm II, and although participants didn't discuss exercise scenarios or detailed action items, the discussion was interesting and receiv....
Every good IT management team is talking about the coming wave of retiring Baby Boomers. Well I just came across a report that might help. The Partnership for Public Service released an interesting report back in January 2008 entitled: "A Golden....
Last Friday (March 28), I attended the MidWest Regional. No this wasn't an NCCA Men's Basketball Tournament game in Detroit, but the Cyber Defense Competition at Jackson Community College in Jackson, Michigan. I was encouraged by what I saw....
The conventional wisdom is that government security culture at all levels suffers from a lack of training. But leaving the quality, timeliness and relevance of specific courses aside for a minute, is it possible that the real problem is too much trai....
Everybody seems to be convening cyber summits. Governments from New York to California, organizations from InfraGard to SANS to EDUCAUSE, more and more states and even private businesses are holding various types of cyber security summits. Why? Do th....
Should the Department of Defense (DoD) ban the personal use of their networks? Federal Computer Week (FCW) recently ran several stories stating that they are seriously considering it. But the ramifications go much further than just the DoD.
The National Association of State CIOs (NASCIO) released a great new video this week to help in selling the security message. The video addresses why securing government technology is a critical concern in the digital world. While this video is inten....
A string of articles have just been released regarding what most CSOs and security professionals have known for over a year. Namely that visiting social networking sites increases organizational security risks, and sometimes dramatically. Another asp....
Back in June, Federal Chief Information Officers (CIOs) and Chief Acquisition Officers (CAOs) received a policy memo from the Office of Management & Budget (OMB). The message: implement standard security configurations by February 1, 2008 for Win....
On January 1, 2008, Teri Takai will become California's new Chief Information Officer (CIO). Fasten your seat belts and get ready.
Security predictions for 2008 are rolling in. Here's a summary of what's being said in cyberspace as well as a few of my own thoughts on 2008.
It's that time of year again, only this year it's bigger than ever. Online shopping at work is up this year, with better bargains online than ever before. So what's security's role in this?
Over the weekend, The US CERT, the Multi-State Information Sharing and Analysis Center, and others had us on guard for a potential "Electronic Jihad." It didn't happen, but never? Be Careful.
Company takeovers are nothing new - especially in the tech space. CxOs have always been expected to select the right product mix for their environment, independent of who might buy who or rumors of looming company mergers. And yet, it's getting ....
It's never supposed to rain in Tucson, but it did. That was ok, because the National Association of Chief Information Officers (NASCIO) conference program was outstanding. Why go outside?
Most government technology organizations around the country are in the midst of some type of consolidation. Whether you're reducing the number of software packages, servers, data centers, or buildings, consolidation almost always brings a nice R....
The National Association of State CIOs (NASCIO) has been known for publishing many outstanding briefing papers which provide invaluable insight into improving technology in the public sector. A newly released briefing entitled: "IT Security Awar....
What is the Wall Street Journal Online doing? My opinion: their article on ten ways to get around cybersecurity is shocking. Here's my letter to the author of the article and their online editor:
Telework is a no-brainer, right? You can, theoretically, help the environment, reduce road congestion, lower your rent, increase morale, and save money at the same time. But two problems remain - managing remote workers and security.
I recently read a interesting article by John C. Reece entitled: "Forget about Security and Privacy: Focus on Trust." John's experience as the CIO with the IRS and Time Warner are evident, and I agree with many of his points. Still, ....
So last time I exhorted you to read the NIPP IT Sector Plan. If you didn't take my bait, perhaps you're wondering: What's in it? Why is this important? Where can you learn more?
The Department of Homeland Security officially announced the release of Sector-Specific Plans on May 21. These plans provide important details to the National Infrastructure Protection Plan (NIPP) which was released last year. The Information Technol....
The National Association of State Chief Information Officers (NASCIO) held their annual Washington D.C. Fly-In, and 40 state representatives called on Congress to strengthen national cyber security through state homeland security funding. Additional ....
Cyber Leaders from 46 states and 20 local governments met in Minneapolis from April 22-25 as part of the Multi-State Information Sharing and Analysis Center (MS-ISAC) annual meeting.
Sponsored Links