Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S. Department of Health and Human Services Healthcare Industry Cybersecurity Task Force

US Government Sites Give Bad Security Advice

Krebs on Security

government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. government. Many U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

CISA Warns of Emotet Attacks Against Government Agencies

Data Breach Today

Cybersecurity and Infrastructure Security Agency is warning about a recent spike in Emotet botnet attacks - designed to spread other malware - that are targeting state and local government agencies Botnet Called 'One of the Most Prevalent Ongoing Threats' The U.S.

What Is Data Governance? (And Why Your Organization Needs It)

erwin

Organizations with a solid understanding of data governance (DG) are better equipped to keep pace with the speed of modern business. In this post, the erwin Experts address: What Is Data Governance? Why Is Data Governance Important? What Is Good Data Governance?

Enhancing the Security of Government Websites

Data Breach Today

Sites to Implement HTTP Strict Transport Security Protocol Federal agencies will add a layer of security to their websites that use the top-level domain.gov. All the sites eventually will use the HSTS protocol, which ensures that a users' connection to a website is encrypted and can protect against man-in-the middle attacks and cookie hijacking

UK Government Proposes IoT Security Measures

Data Breach Today

government is taking the first steps toward creating new security requirements for manufacturers to strengthen password protections and improve how vulnerabilities are reported Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

IoT 116

Iranian Government Hacking Android

Schneier on Security

US Government Ban on Kaspersky Formalized

Data Breach Today

Final Rule Includes Ban on Government Contractors Using Russian Firm's Products A final rule published in the Federal Register Tuesday officially bans U.S. government agencies and their contractors from buying or supporting Kaspersky security products

Data Governance Makes Data Security Less Scary

erwin

The Regulatory Rationale for Integrating Data Management & Data Governance. Now, as Cybersecurity Awareness Month comes to a close – and ghosts and goblins roam the streets – we thought it a good time to resurrect some guidance on how data governance can make data security less scary. It’s easier to protect sensitive data when you know what it is, where it’s stored and how it needs to be governed. Happy Halloween! Do you know where your data is? What data you have?

Russian Hackers Revamp Malware, Target Governments: Report

Data Breach Today

Turla Group Targeted Agencies in Eastern Europe, ESET Researchers Say Turla, a sophisticated hacking group with suspected ties to the Russian government, recently used a revamped version of its malware to target government entities in Eastern Europe, according to new research from the security firm ESET

Norwegian Government Blames Russia for Hacking Campaign

Adam Levin

The Norwegian government has blamed Russia for a hacking campaign that targeted the email accounts of parliament members. The Russian government has dismissed the allegations as baseless, citing a lack of evidence. “We

The British government aims at improving its offensive cyber capability

Security Affairs

The news is not surprising for people working in the cyber security sector, the British military claims to have had an offensive cyber capability for a decade. The post The British government aims at improving its offensive cyber capability appeared first on Security Affairs.

Government Shutdown: Impact on Health Data Security, Privacy

Data Breach Today

HIPAA Enforcement Agency Open, But Regulatory Activity Slows Down Some regulatory activity related to health data privacy and security is on hold as a result of the partial government shutdown. But the agency that enforces HIPAA remains open

Integrating Data Governance and Enterprise Architecture

erwin

Why should you integrate data governance (DG) and enterprise architecture (EA)? Data governance provides time-sensitive, current-state architecture information with a high level of quality. Automating Data Governance and Enterprise Architecture.

Data Governance 2.0: The CIO’s Guide to Collaborative Data Governance

erwin

In the data-driven era, CIO’s need a solid understanding of data governance 2.0 … Data governance (DG) is no longer about just compliance or relegated to the confines of IT. Today, data governance needs to be a ubiquitous part of your organization’s culture. As the CIO, your stakeholders include both IT and business users in collaborative relationships, which means data governance is not only your business, it’s everyone’s business. Data Security.

Doing Cloud Migration and Data Governance Right the First Time

erwin

And as you make this transition, you need to understand what data you have, know where it is located, and govern it along the way. By using automated and repeatable capabilities, you can quickly and safely migrate data to the cloud and govern it along the way.

Kazakhstan Government Intercepting All Secured Internet Traffic

Adam Levin

The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Under a new directive effective 7/17, the Kazakhstan government is requiring every internet service provider in the country to install a security certificate onto every internet-enabled device and browser. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic. .

Government Shutdown Hampers Cybersecurity

Adam Levin

Government has impacted federal cybersecurity according to several reports. The roughly 800,000 federal workers currently on furlough include: 45% of staff from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency , which is tasked with defending critical infrastructure from cyber and physical threats. The Department of Homeland Security’s 2019 Cybersecurity and Innovation Showcase, initially scheduled to begin January 8, was also cancelled.

CISA Warns Government Agencies of Increasing Emotet Attacks

Adam Levin

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of an increase in Emotet malware-based phishing attacks on state and local agencies. Since then, government agencies in the U.S.,

Recent DNS Hijacking Campaigns Trigger Government Action

Data Breach Today

governments to issues warnings and policy updates to improve security US and UK Agencies Respond to Increasing Attacks A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K.

Hackers Target Chinese Government Agencies Via VPNs: Report

Data Breach Today

Zero-Day Vulnerabilities in VPN Servers Exploited, Quihoo 360 Reports Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The agencies warn of risk to elections information housed on government networks.

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. .

Welcoming the Canadian Government to Have I Been Pwned

Troy Hunt

Following in the footsteps of many other national governments before them , I'm very happy to welcome the Canadian Centre for Cyber Security to Have I Been Pwned. The Canadian Centre for Cyber Security now has full and free access to query all Canadian federal government domains across both past and future breaches. Canada's inclusion in the service brings the total to 11 federal governments across North America, Europe and Australia.

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. Threat actors fraudulently acquired login credentials of 9,041 GCKey account holders and used them to try and access government services.

How to Respond as Demand for Governance Automation Accelerates

InfoGoTo

As organizations adapt to this changed environment, they will need to prepare for an uptick in the amount and type of information generated, and move more quickly toward governance automation to manage their data.

Security Risks of Government Hacking

Schneier on Security

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. From the report's conclusion: Government hacking is often lauded as a solution to the "going dark" problem. Backdoors, however, mean everybody is vulnerable and a security failure fails catastrophically.

Risk 63

The Changing Face of Data Security in Federal Government

Thales eSecurity

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. The post The Changing Face of Data Security in Federal Government appeared first on Data Security Blog | Thales eSecurity. Data security

Is the Belarusian government behind the surveillance Android app banned by Google?

Security Affairs

Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. App mimicked a popular anti-government news site and collected location and device owner details. SecurityAffairs – hacking, Belarusian government).

The importance of data governance

Collibra

Data governance is important because it brings meaning to an organization’s data. Why is data governance important? Data governance is about managing data and processes so data can be used as a consistent, secure and organized asset that meets policies and standards.

Government Agencies Field More Cybersecurity Maturity Models

Data Breach Today

Pentagon and DOE Pitch Security Frameworks - But Should They Defer to NIST? The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls. But should they defer to the NIST Cybersecurity Framework instead

U.S. government innovates cyber security job fulfillment

Information Management Resources

government has made in using creative and innovative approaches to hiring individuals for cyber security roles. Cyber security Data security Cyber attacksA number of agencies recently commented on the progress the U.S.

Russia's GRU Hackers Hit US Government and Energy Targets

WIRED Threat Level

Security Security / Cyberattacks and HacksA previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus.

Zoom Bombing Attack Hits U.S. Government Meeting

Threatpost

Web Security coronavirus Privacy Security US government work from home zoom zoom security Zoom-bombingA recent U.S. House Oversight Committee meeting was the latest victim of Zoom bombing, according to an internal letter.

Services Provider to Government Left Database Exposed: Report

Data Breach Today

federal and local government agencies left a massive production database exposed to the internet, potentially allowing attackers to rewrite content on websites or plant malware, according to a security researcher Researcher Says Exposed Granicus Database Could Have Made Websites Vulnerable One of the largest IT services providers for U.S.

Building a business case for your governance program

Collibra

Most data and IT leaders know that their organizations need data governance to stay afloat in the current market landscape. In order to implement data governance, your organization needs to see that there is value in embarking on the journey. 3 Building blocks of a governance use case.

Metadata Management, Data Governance and Automation

erwin

erwin released its State of Data Governance Report in February 2018, just a few months before the General Data Protection Regulation (GDPR) took effect. This research showed that the majority of responding organizations weren’t actually prepared for GDPR, nor did they have the understanding, executive support and budget for data governance – although they recognized the importance of it. Download Free GDPR Guide | Step By Step Guide to Data Governance for GDPR?.

Business Process Can Make or Break Data Governance

erwin

Data governance isn’t a one-off project with a defined endpoint. Data governance, today, comes back to the ability to understand critical enterprise data within a business context, track its physical existence and lineage, and maximize its value while ensuring quality and security. Historically, little attention has focused on what can literally make or break any data governance initiative — turning it from a launchpad for competitive advantage to a recipe for disaster.

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. It is also used to make data more easily understood and secure.

NIST Privacy Framework – Governance, risk management and compliance

OpenText Information Management

In this blog, we will focus on the importance of Governance, Risk Management, and Compliance (GRC) programs within the NIST Privacy Framework. Having an organizational governance structure increases the effectiveness and efficiency in privacy program management.