Internet Security Alliance News & Information Security Resources

•August 2, 2009 • 3 Comments

 

From The Internet Security Alliance

In The News…

July 24, Orange County Register – (California) FBI to investigate Placentia library hacking. The FBI is hunting down the hackers that hijacked the Placentia Public Library Web site the morning of July 24, a bureau official said the same afternoon. “The FBI will open and investigation into this incident,” said an FBI spokeswoman. The spokeswoman, who works out of the bureau’s Los Angeles field office, said that the FBI has a special unit that investigates “cyber crimes, computer intrusions, defacements, more traditional crimes like fraud and child exploitation.” Visitors to the Placentia Library Web site were greeted by an image of a flapping flag with a crescent moon and star behind a portrait of famed Turkish leader Mustafa Kemal Ataturk. Underneath was the phrase “Editaarruz is back.” A group calling itself the “Federal Atack Team” has apparently hacked www.placentialibrary.org — disabling the site completely. The word “taarruz” means “attack” or “offensive” in the Turkish language.
Source: http://www.ocregister.com/articles/site-web-search-2506225-google-placentia

Internet Security Alliance News 7-29-09 : Information Security Resources

Posted in Identity Theft, Computer breach, GRC, Governance, Risk, Compliance, Data Privacy

♪ Smile – Charlie Chaplin

•August 2, 2009 • Leave a Comment

Posted in Kevin M Nixon, www.information-security-resources.com, Economic Crisis

The Value of a Clear Moral Compass

•July 31, 2009 • Leave a Comment

By:  Mike Spinney, CIPP –  Privacy Analyst, Ponemon Institute

Here’s a brazen bit of breachery from the Miami Herald.

It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings.

Apparently the scheme went on for two years before the hospital employee blabbed about it. Luckily for Miami-area residents, someone with a clearer moral compass recognized the crime and told authorities.

This isn’t all that different from the revelation that UCLA Medical Center employees were abusing their access privileges to snoop the files of celebrity patients, either for their own amusement or to pass info along to the tabloids.

While both stories are a reminder of the serious threat posed by malicious insiders, the Jackson Memorial case offers another lesson: don’t overlook the importance of personal ethics in your security strategy.

We have no information about the security and ID/access management technologies in place at Jackson Memorial, and we don’t know if the person who tipped the police was a co-worker. But we do know that someone who knew right from wrong had the moral courage to do the right thing when confronted with information related to misconduct.

Good, consistent training and an ongoing awareness campaign – along with a visible example set from the top down –  can have a positive effect on your company’s overall security program (and at a very reasonable cost). We cannot emphasize enough the importance of creating a security-conscious culture within every organization.

Mike Spinney, Senior Privacy Analyst , CIPP

Mike Spinney is a senior privacy analyst with the Ponemon Institute, a research organization dedicated to advancing responsible information and privacy management practices in business and government. He works closely with founder Dr. Larry Ponemon to develop a better understanding of and new approaches to responsible information management.  Spinney serves on the Ponemon Institute’s RIM Council and is a frequent author and speaker on data privacy issues.

Spinney’s work on privacy has appeared in Privacy Advisor, 1to1: Privacy, RFID Journal, CSO, Computerworld, and other industry publications, and he has addressed audiences including the Privacy Summit, Secure Boston, Secure Chicago, IAPP/ISC(2) Security Series, INTERPHEX, and SecureWorld. He is a frequent media resource on privacy issues and has been quoted extensively by such media as the San Francisco Chronicle, BBC, Inc. Technology, Popular Science, American Medical News, Security Management, IDG News Service, SC Magazine, and many more.

del.icio.us Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Technorati Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
IceRocket Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
BuzzNet Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

 

The Value of a Clear Moral Compass – Mike Spinney’s Blog

Posted in Identity Theft, Computer breach, GRC, Governance, Risk, Compliance, Data Privacy

Securing a Hacker-Free Zone on the Internet

•July 28, 2009 • Leave a Comment

 

By Jacqueline Herships, Founder of Jacqueline Herships & Associates
(This article was first published in the Gerard Group International, Inc. newsletter “INTELANALYSIS”.)

Patented Telecommunications Plan Would Create Secure VoIP Communications

A recent patent series promises a new, secure telecommunications system by mitigating risks to Internet telephony like Voice over Internet Protocol (VoIP) from espionage, hacking, intrusion, and interruption of service.

The entire worldwide Domain Name System (DNS) was brought to its knees by hackers not too long ago; however, this new Internet telecommunications system will not depend on DNS.

In theory at least, the Wild West days of Internet telecommunications are over.

Based upon the inventions articulated in his five-patent suite, inventor Harry Emerson III, has mapped out a union between our secure and venerable telephone system – (Plain Old Telephone Service; a.k.a., POTS) – and the hyper-evolving, media-rich Internet which is so famously not one bit secure.

As it evolves, he believes this next generation telecommunications system, dubbed IronPipe™, will have huge implications for national security as well as tremendous new revenue opportunities for the carriers and supply chains which serve them.

Conceived in response to what he views as the seriously flawed paradigm, which is currently developing as telecommunications migrates to the Internet, Mr. Emerson says he designed IronPipe™ to offer an alternative with a high degree of security.

The Internet has produced something akin to a gold rush experience for those mining its resources and developing its vast potentialities, he said.

However, in the midst of this frenzy, he has observed that fundamental requirements of privacy, secrecy, and security are seldom openly discussed when it comes to Internet-based phone services known as Voice over Internet Protocol (VoIP) systems such as Skype, which are proliferating in cyberspace.

These are serious issues, he maintains, and they need to be fully considered by users such as corporations, telecommunications carriers, VoIP carriers, law enforcement agencies, and federal and state governments, as well as by the millions of Internet using individuals who are concerned with their own personal privacy.

According to Mr. Emerson, our current state of vulnerability came about because we have turned a blind eye to these issues of privacy, secrecy and security, combined with the scramble for profit, and an unregulated environment for VoIP.

“The Internet is a lawless frontier where nothing is safe and secure and reliability is always one step away from calamity,” he says.

“As things stand today, VoIP does little to protect the interests of the aforementioned entities, not to mention protecting the security of the United States. We are suffering untold numbers of hacker attacks DAILY, with systems broken into and identities stolen. Not too long ago the entire worldwide DNS system (Domain Name System) was brought to its knees by hackers,” Emerson said.

In his opinion, if the technology continues to develop in its current direction, no one will be able to guarantee that communications cannot be intercepted and monitored.

In addition, if we examine our circumstances, a lot of the excitement generating the rush to VoIP is based upon an illusion, the appearance that we are being offered new and sophisticated technologies.

In fact, existing VoIP offerings are simply discounted POTS service, he says, with no value-added features, only lower cost caused by fierce price pressure from cable TV and other low-overhead vendors.

The result is the continued downward spiral on price that has plagued the telecommunications industry for 30 years.

IronPipe™ is a re-thinking of 21st century telecommunications architecture, which will return a sense of safety to our society as a whole, reinvigorating our economy from the inside out.

If his vision is implemented, Mr. Emerson says we won’t have to put up with either the fear of intrusion or the huge financial burden of protecting ourselves from the ever-increasing army of those with malicious intent.

We will now have a choice.

The challenge is that VoIP companies such as Skype (NASDAQ: EBAY), Vonage (NYSE: VG) and the various Cable carriers (Comcast NASDAQ: CMCSA, Time Warner: NYSE TMC, and CableVision: NYSE CVC) , which have migrated to the Internet, did so not only to provide cheaper communications, but to avoid regulatory scrutiny.

“If you don’t have to deal with the regulations it tends to make it cheaper,” Emerson said, “but these profits come at a price.”

“The integrity of the communications system has been compromised because of this short term thinking geared towards reducing costs.”

In its simplest terms, IronPipe™ enables us to make Web 2.0 Internet-style media rich calls utilizing the existing private, protected, secure, Public Switched Telephone Network (PSTN), and its unseen private data network – known as Signaling System #7 (SS7), which connects all the main switches around the world.

While VoIP uses the Internet exclusively and thus can be, and regularly is, compromised by persons of malicious intent, if we establish Internet calls through these telephone company switches there will be no access from the outside.

We can create rich media visual telephone calls on broadband Internet connections, using wire-line or wireless touch-screen phones such as the Apple (NASDAQ: AAPL) iPhone, simply by dialing a phone number, and still enjoy the privacy, security and reliability of traditional telephone calls.

Mr. Emerson says that his technology seamlessly merges the best of the Internet with the best of the telephone network.

Considering the cost to government, industry and “society at large” to protect against intrusion and to remediate the damage caused by intrusion, IronPipe™ could be well worth looking into.

About Harry Emerson, Co-Founder Emerson Development LLC:

Mr. Harry Emerson is an expert in computers, voice and data communications, and the Internet.

His career history includes 25 years in various sales, management, and strategic capacities at AT&T (NYSE: T) and the design and management of large-scale, multi-million dollar enterprise applications and data systems.

He has numerous patents issued and pending against a variety of technologies including FM radio, Internet streaming, PC software, and telecommunications.

Mr. Emerson co-founded GEODE Electronics to commercialize a series of patented enhancements to commercial FM radio. Subsequently, Mr. Emerson co-founded SurferNETWORK, an Internet streaming media business.

His background in switching systems and data networking, along with concepts he developed in corporate architecture and strategy positions, ultimately led to the development of the patent portfolio that defines the next generation of secure telecommunications, known as IronPipe™, featuring secure, rich Multimedia capabilities.

He is a member of the New Jersey Technology Council (http://www.njtc.org/) Telecommunications/Media Industry Network Advisory board.

Emerson Development, LLC has been awarded a fifth telecommunications patent that introduces breakthrough technology combining the multimedia capability of the Internet with the safety, security, and reliability of the phone network.

This exciting new technology enables a world in which audio/visual phone calls will become the standard for routine, daily communications. The Emerson Development Multimedia Telecommunications technologies will create the next generation of telecommunications — visual, multimedia, and videophone communications on screen-based phones that require no knowledge or training for users. Just dial a phone number.

Emerson Development Multimedia Telecommunications provides the carrier class infrastructure, operations, management, and billing capabilities that will be absolutely necessary for the major telecommunications companies throughout the world to venture into this field.

These mandatory capabilities include requirements for security, privacy, secrecy of communications, and unlisted numbers, including the guaranteed ability to keep the identities of callers secret under every circumstance imaginable.

In addition, just as importantly, Multimedia Telecommunications provides for these privacy and security requirements while still enabling government mandated provisions for law enforcement wiretapping and call tracing.

Overview of the Emerson Development, LLC Patents

Patent #:  6,704,305 – “Integrated Device For Integrating The Internet With The Public Switched Telephone Network”

This patent, describes telephone devices such as screen phones that support audible and visual communications across the Internet simply by dialing a telephone number. These “Integrated” phones have both a telephone connection and an Internet connection. By using digital call control messages that are sent to and from the local telephone central office, an “Integrated” telephone can set up an Internet Multimedia call to a compatible phone. If the called phone is not Internet capable, a standard phone call is established.

Patent #:  6,700,884 – “Integrating the Internet With The Public Switched Telephone Network”

This patent, describes a system for a telephone device as described in 6,704,305 to be able to create an Internet call. The system includes a mechanism for correlating the telephone number of a calling or called device with its associated IP address. That information could be stored in the telephone itself, in a record system of the local central office, or in one or more central registries.

Patent #:  6,697,357 – “Call Management Managing System For Integrating The Internet With The Public Switched Telephone Network”

This patent describes a digital call management messaging system, that could be thought of as an extension of ISDN and SS7, that enables an “Integrated” telephone device to communicate across the Internet. When one of these telephones places a call, it sends a digital message to its serving central office switching system. That message includes its telephone number and IP address, as well as the telephone number of the called party. By sending a compatible message to the central office serving the called party, the originating central office can determine if the called party is capable of an Internet call. If so, once the called device receives the call setup message, it has the Internet IP address of the calling device, and can then establish a connection across the Internet.

 Patent #:  6,928,070 – “Integrating The Internet With The Public Switched Telephone Network”

This patent, describes a sophisticated system, which greatly enhances the privacy, secrecy, and security of Internet calls. This system enables the telephone-switching network to dynamically assign an IP address to both the calling and called device, and route the resulting Internet call through an intermediate proxy server. Internet phones require more than just “unlisted number” capability since a called party can easily determine the geographic location of a caller, and thus putting the life of some individuals at risk (such as a battered spouse). With this invention, the proxy servers can be in other geographic regions to cloak a device’s actual geographic location. Furthermore, the Internet call can be split into two unidirectional streams, and each of those streams can be routed through a separate pair of proxy servers. Since the proxy servers can be dynamically selected for each call, the true location of an “Integrated” phone can be protected.

Patent #:  7,327,720 – “Integrated Telephone Central Office Systems For Integrating The Internet With the Public Switched Telephone Network”

This patent describes a telephone central office switching system having a digital messaging capability to send and receive call setup and management messages to and from compatible phones. These call management messages can initiate and control a communications session transpiring across the Internet. The central office switching system can communicate similar digital messages to other central offices and central office systems to create and manage end-to-end Internet communications.

Emerson Development, LLC’s IronPipe™ Benefits

Telephone carriers stand to benefit from this new technology because it preserves their business position by providing high value in the PSTN and in the underlying private SS7 network that connects the PSTN together.

Traditional telephone carriers, as well as VoIP vendors that participate in this new technology, will benefit by offering new high value consumer services instead of competing by cutting prices.

Consumers will benefit from a flourish of new Multimedia features. The experience will be similar to accessing a web page with a browser, but would be done by dialing a phone number.

Industry and governments will benefit from a rich communications environment that is secure from espionage, hacking, intrusion, and interruption.

Questions and comments for Mr. Emerson may be directed to:
Direct –  (973) 641-7420 
Email – hemerson@EmersonDevelopmentLLC.com
Via LinkedIn: http://www.linkedin.com/in/harryemerson

Jacqueline Herships is the founder of Jacqueline Herships & Associates, a strategic communications and new business development company. Jacqueline developed her skills in the documentary film business, as a journalist, and as an organizer in her own right. She believes in the power of alliances and builds these into her strategic plans. In addition to her work with Emerson Development, Ms Herships’ client projects have included the US Green Building Council of New Jersey, the Sierra Club – NYC, the Local Initiatives Support Corporation Greater Newark & Jersey City (a funding agency for inner city community development), HANDS, Inc; Wildlight Productions, a critically acclaimed social issues documentary film company; and a variety of artists and arts projects. She is a workshop facilitator for the Support Center for Nonprofit Management in Manhattan and others on the subject of laser communications-developing attention in the age of information overload; she has twice been a member of the board of the International Furnishings and Design Association, IFDA/NY as well as their publicist for 2 years. And, she is the co-founder of Professionals in Media (PIM), a regional organization of media professional including writers, editors, publishers, filmmakers, consultants, etc., who meet across professional lines.

Comments and questions may be directed to: Jacqueline Herships & Associates: 
Direct –   (973) 763-7555
Email – jacqueline@jacquelineherships.com

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

© Copyright 2009 – Jacqueline Herships – All Rights Reserved  

(This article may be reprinted in whole or in part only with proper attribution to the author.  See: Information Security Resources)

Technorati Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
IceRocket Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
del.icio.us Tags: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

 

The Daily Sandbox!: Securing a Hacker-Free Zone on the Internet

Posted in 2009, Public Policy, Government, Cyber-Infrastructure, Cyber-Space, Kevin M Nixon

Cyberwar – Privacy May Be a Victim in Cyberdefense Plan – Series – NYTimes.com

•June 13, 2009 • Leave a Comment

 

June 13, 2009

Cyberwar – The New York Times

Privacy May Be a Victim in Cyberdefense Plan

By THOM SHANKER and DAVID E. SANGER

WASHINGTON — A plan to create a new Pentagon cybercommand is raising significant privacy and diplomatic concerns, as the Obama administration moves ahead on efforts to protect the nation from cyberattack and to prepare for possible offensive operations against adversaries’ computer networks.

President Obama has said that the new cyberdefense strategy he unveiled last month will provide protections for personal privacy and civil liberties. But senior Pentagon and military officials say that Mr. Obama’s assurances may be challenging to guarantee in practice, particularly in trying to monitor the thousands of daily attacks on security systems in the United States that have set off a race to develop better cyberweapons.

Much of the new military command’s work is expected to be carried out by the National Security Agency, whose role in intercepting the domestic end of international calls and e-mail messages after the Sept. 11, 2001, attacks, under secret orders issued by the Bush administration, has already generated intense controversy.

There is simply no way, the officials say, to effectively conduct computer operations without entering networks inside the United States, where the military is prohibited from operating, or traveling electronic paths through countries that are not themselves American targets.

The cybersecurity effort, Mr. Obama said at the White House last month, “will not — I repeat, will not — include monitoring private sector networks or Internet traffic.”

But foreign adversaries often mount their attacks through computer network hubs inside the United States, and military officials and outside experts say that threat confronts the Pentagon and the administration with difficult questions.

Military officials say there may be a need to intercept and examine some e-mail messages sent from other countries to guard against computer viruses or potential terrorist action. Advocates say the process could ultimately be accepted as the digital equivalent of customs inspections, in which passengers arriving from overseas consent to have their luggage opened for security, tax and health reasons.

“The government is in a quandary,” said Maren Leed, a defense expert at the bipartisan Center for Strategic and International Studies who was a Pentagon special assistant on cyberoperations from 2005 to 2008.

Ms. Leed said a broad debate was needed “about what constitutes an intrusion that violates privacy and, at the other extreme, what is an intrusion that may be acceptable in the face of an act of war.”

In a recent speech, Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff and a chief architect of the new cyberstrategy, acknowledged that a major unresolved issue was how the military — which would include the National Security Agency, where much of the cyberwar expertise resides — could legally set up an early warning system.

Unlike a missile attack, which would show up on the Pentagon’s screens long before reaching American territory, a cyberattack may be visible only after it has been launched in the United States.

“How do you understand sovereignty in the cyberdomain?” General Cartwright asked. “It doesn’t tend to pay a lot of attention to geographic boundaries.”

For example, the daily attacks on the Pentagon’s own computer systems, or probes sent from Russia, China and Eastern Europe seeking chinks in the computer systems of corporations and financial institutions, are rarely seen before their effect is felt inside the United States.

Some administration officials have begun to discuss whether laws or regulations must be changed to allow law enforcement, the military or intelligence agencies greater access to networks or Internet providers when significant evidence of a national security threat was found.

Ms. Leed said that while the Defense Department and related intelligence agencies were the only organizations that had the ability to protect against such cyberattacks, “they are not the best suited, from a civil liberties perspective, to take on that responsibility.”

Under plans being completed at the Pentagon, the new cybercommand will be run by a four-star general, much the way Gen. David H. Petraeus runs the wars in Afghanistan and Iraq from Central Command in Tampa, Fla. But the expectation is that whoever is in charge of the new command will also direct the National Security Agency, an effort to solve the turf war between the spy agency and the military over who is in charge of conducting offensive operations.

While the N.S.A.’s job is chiefly one of detection and monitoring, the agency also possesses what Michael D. McConnell, the former director of national intelligence, called “the critical skill set” to respond quickly to cyberattacks. Yet the Defense Department views cyberspace as its domain as well, a new battleground after land, sea, air and space.

The complications are not limited to privacy concerns. The Pentagon is increasingly worried about the diplomatic ramifications of being forced to use the computer networks of many other nations while carrying out digital missions — the computer equivalent of the Vietnam War’s spilling over the Cambodian border in the 1960s. To battle Russian hackers, for example, it might be necessary to act through the virtual cyberterritory of Britain or Germany or any country where the attack was routed.

General Cartwright said military planners were trying to write rules of engagement for scenarios in which a cyberattack was launched from a neutral country that might have no idea what was going on. But, with time of the essence, it may not be possible, the scenarios show, to ask other nations to act against an attack that is flowing through their computers in milliseconds.

“If I pass through your country, do I have to talk to the ambassador?” General Cartwright said. “It is very difficult. Those are the questions that are now really starting to emerge vis-à-vis cyber.”

Frida Berrigan, a longtime peace activist who is a senior program associate at the New America Foundation’s arms and security initiative, expressed concerns about whether the Obama administration would be able to balance its promise to respect privacy in cyberspace even as it appeared to be militarizing cybersecurity.

“Obama was very deliberate in saying that the U.S. military and the U.S. government would not be looking at our e-mail and not tracking what we do online,” Ms. Berrigan said. “This is not to say there is not a cyberthreat out there or that cyberterrorism is not a significant concern. We should be vigilant and creative. But once again we see the Pentagon being put at the heart of it and at front lines of offering a solution.”

Ms. Berrigan said that just as the counterinsurgency wars in Iraq and Afghanistan had proved that “there is no front line anymore, and no demilitarized zone anymore, then if the Pentagon and the military services see cyberspace as a battlefield domain, then the lines protecting privacy and our civil liberties get blurred very, very quickly.”

Cyberwar – Privacy May Be a Victim in Cyberdefense Plan – Series – NYTimes.com

Posted in Icerocket,"Kevin M Nixon",Government,Politics,Cyber-Security,Washington DC

WHO Declares Swine flu a Pandemic. Now What?

•June 11, 2009 • Leave a Comment

From: www.csoonline.com

The World Health Organization has raised its pandemic alert level to 6, making swine flu the first true pandemic in more than 40 years. Here’s what it means for your company.

WHO Declares Swine flu a Pandemic. Now What?

by Bill Brenner, Senior Editor, CSO

June 11, 2009

The World Health Organization (WHO) has officially declared swine flu the first pandemic in more than 40 years.

The news arrived with none of the panic that swirled in the air when news of the virus first emerged in late April. But security experts say there are still actions emergency planners should be taking to ensure order if later waves of the H1N1 virus prove more deadly.

By raising the pandemic level to Phase 6, WHO has confirmed that sustained human-to-human transmission of the virus is happening at the community-level in multiple countries. To date, the virus has appeared in 74 countries, including Mexico, the US, UK, Australia, Japan, and Chile. There have been approximately 28,000 cases with 141 deaths so far, though the move to Phase 6 does not necessarily mean swine flu is causing more severe illness or more deaths.

But it does mean the world is threatened by an unpredictable virus that could grow weaker or stronger with time. History has shown that pandemics often start with a mild first wave, followed in the fall and winter by a more lethal wave. The best example of this was the Spanish Influenza of 1918-19, which killed roughly 50 million to 100 million people worldwide.

Emergency preparedness experts say there’s no cause for panic, but that history serves as a reminder that organizations should always be thinking about how to keep the machinery moving in the event something big and unexpected happens. [See: Now That the Hype Is Over, Keep Planning]

For emergency planners, there are both physical and cyber security challenges to think about regarding swine flu and other potential pandemic viruses.

On the physical side, private entities should be hammering out a game plan for who would do what and where if the government decided to restrict our movements to contain an outbreak, says Kevin Nixon, an emergency planning expert who has testified before Congress and served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and the Federal Trade Commission.

"Companies and employers that have not done so are being urged to establish a business continuity plan should the government direct state and local governments to immediately enforce their community containment plans," Nixon says. [Podcast: How to Prepare for a Swine flu Pandemic]

If the Federal government does direct states and communities to implement their emergency plans, recommendations, based on the severity of the pandemic, may include:

  • Asking ill people to voluntarily remain at home and not go to work or out in the community for about 7-10 days or until they are well and can no longer spread the infection to others (ill individuals may be treated with influenza antiviral medications, as appropriate, if these medications are effective and available.
  • Asking members of households with a person who is ill to voluntarily remain at home for about 7 days (household members may be provided with antiviral medications, if these medications are effective and sufficient in quantity and feasible mechanisms for their distribution have been developed).
  • Dismissing students from schools (including public and private schools as well as colleges and universities) and school-based activities and closure of childcare programs for up to 12 weeks, coupled with protecting children and teenagers through social distancing in the community, to include reductions of out-of-school social contacts and community mixing. Childcare programs discussed in this guidance include centers or facilities that provide care to any number of children in a nonresidential setting, large family childcare homes that provide care for seven or more children in the home of the provider, and small family childcare homes that provide care to six or fewer children in the home of the provider.
  • Recommending social distancing of adults in the community, which may include cancellation of large public gatherings; changing workplace environments and schedules to decrease social density and preserve a healthy workplace to the greatest extent possible without disrupting essential services; ensuring work-leave policies to align incentives and facilitate adherence with the measures outlined above. [Source: swine flu: How to Make Biz Continuity Plans, by Kevin Nixon]

On the IT security side, organizations need to be thinking about how to stay on top of things like log monitoring and patch management in the event of sickness among the IT security staff.

Kevin Coleman, a strategic management consultant at Technolytics, says companies should also plan for limitations on business travel and even bringing in extra cleaning crews and keeping employees at home if they complain of so much as a sniffle.

"Encourage anyone who feels the least bit sick to stay home," Coleman says. "If an employee can do all the work from home on company laptops and VPNs that they do in the office, there’s no reason to have them come in. If you can limit exposure from the get-go, why wouldn’t you?"

Meantime, Coleman said, companies should ramp up the cleaning crew activity that’s already going on, mostly after office hours. Bringing in extra cleaning crews to wipe down heavily-touched surfaces like doors, walls, phones and keyboards is money well spent, he said.

"Employees can also do their part to limit the spread of flu by carrying around antibacterial hand wipes," he said, noting that some of his clients have already pulled back on the amount of business travel employees can do.

It’s far from certain that we’re in for a deadly 1918-style pandemic. Either way, security experts say going over the scenarios and building a game plan is time well spent.

© CXO Media Inc.

Subscribe to CSO Newsletters

Posted in Continuity Planning, Emergency Planning, Global Health Emergency, Influenza Pandemic

Protecting Your Most Critical Information

•June 10, 2009 • Leave a Comment

By John Watkins, Attorney with Chorey, Taylor & Feil

All business owners and executives, but particularly those with small and medium-sized businesses, should know the answers to these questions:

  • What is the key confidential information that puts you ahead of competitors?
  • What are the main risks of misappropriation of your confidential information?
  • Are you aware that survey data indicate that a high percentage of ex-employees admit taking company confidential information?
  • What is a trade secret is, what do you need to do to protect it?

  • When should consider non-disclosure agreements, or NDAs, to protect your confidential information?
  • What are the key provisions of NDAs?
  • What other provisions are sometimes included in NDAs that may affect your rights?
  • Why does “one size fits all” not apply to NDAs?
  • How does trade secret litigation proceed?
  • What are your potential rights and remedies in trade secret litigation?
  • Why should you get professional advice in dealing with trade secrets and NDAs?

Trade secrets and confidential information truly are the crown jewels of many businesses. This is the information that allows businesses to compete effectively, and that provides a competitive edge.

Most businesses must rely on protecting this information — assuming they are, as they should, be proactively trying to protect it — through trade secret protection and NDAs.

Many businesses do not, for example, have the expertise or resources necessary to prosecute and manage a large patent portfolio, and not all types of information are susceptible to patent protection.

Despite the critical nature of this information, my experience is that many business people do not understand what they should be doing to protect the crown jewels.

I repeatedly see posts on LinkedIn and elsewhere asking for a “form” or a link to a “free site” to get an NDA.

Other times, companies will try to re-use NDAs that were developed for another purpose.

Given the potential value of the information, this cavalier approach is surprising.

It was with this background that Tom McLain and I developed our series of podcasts on trade secrets and non-disclosure agreements.

The podcasts are available free at www.ctflegal.com/podcasts or www.ctflegal.blip.tv.

In the first podcast, Tom and I provide the general background regarding trade secrets and NDAs. In the second podcast, Tom goes deeper into the different uses and purposes for NDAs.

For example, what works in the employment context may not work for a business transaction. Tom then covers the details of NDAs and their typical provisions.

Tom also covers some provisions that may appear in NDAs, and that, perhaps without you realizing it, can substantially affect your company’s rights.

Throughout the discussion, Tom’s underlying message is simple: One size does not fit all for NDAs. Truer words were never spoken.

It is certainly worth the time and investment to get professional assistance in drafting NDAs, or in reviewing NDAs that you may receive from other companies.

Professional assistance in drafting and reviewing NDAs need not be expensive, certainly not in relationship to the potential importance of the subject.

Most importantly, it will provide you with the confidence that you know what you are signing and what obligations your company is undertaking and what obligations the other party is assuming.

In the final installment of the series, which has yet to be released, I will discuss the subject of trade secret litigation.

Trade secret litigation tends to be much faster moving than other forms of commercial litigation, and puts an even greater premium on preparation than is ordinarily the key.

I will discuss all aspects of trade secret litigation, from the initial investigation through trial.

John Watkins is a full time business litigation and business attorney and a part-time mediator for a firm in Atlanta, Chorey, Taylor & Feil, with a currently focus on trade secret, insurance coverage, shareholder and corporate and commercial contract disputes. At Chorey, Taylor & Feil, a Professional Corporation, we mean business. Serving Georgia, national, and international companies, we provide corporate and business litigation services to a highly diversified client base, ranging from new ventures to middle market companies to the Fortune 500.

Posted in Icerocket,"Kevin M Nixon",Government,Politics,Cyber-Security,Washington DC

Guide to Global Leadership: Two Recommended “Must Reads” for Corporate Executives

•June 5, 2009 • Leave a Comment

By Kevin M. Nixon, MSA, CISSP©, CISM©, CGEIT©

“The Age of the Unthinkable” by Joshua Cooper Ramo

Do not pass Go! Do not collect $200!  Go directly online and buy “The Age of the Unthinkable” by Joshua Cooper Ramo.  I have been telling everyone I know about this book and now I am writing about it too.

We can all agree, that each day we hear yet another discouraging news report on how something else unexpected has gone to hell in a hand-basket.  Just this past November 2008, Alan Greenspan in testimony before Congress said “I’ve discovered a flaw.”  The Congressman questioning Mr. Greenspan asked him to explain, and with much bewilderment Mr. Greenspan said that “using the vast knowledge he had accumulated of the last 40 years and on which he had based his most trusted decisions, was no longer valid.” 

Hearing that from Alan Greenspan must have had the same impact as someone overhearing Warren Buffet say “oops, I only wanted to buy 10% of that company and I accidentally added an extra zero.  Now I own 100%.  Can I change that order?”

Here is some background on the author: 

Joshua Cooper Ramo is the managing director at Kissinger Associates, one of the world’s leading geostrategic advisory firms and the former foreign editor and assistant managing editor of Time magazine.

Mr. Ramo has recently released an audio book entitled “The Age of the Unthinkable – Why the new world disorder constantly surprises us and what we can do about it”

Here is a brief section of the book’s introduction:

“Just a few years into a new century, we’ve arrived at a moment of peril that not long ago would have seemed unimaginable.  All around us, the ideas and institutions that we once relied on for our safety and security are failing, and the best ideas of our leaders seem to make our problems worse, not better.  A global war on terror produces,  in the end, more dangerous terrorists.  The fight to stop financial crisis seems to accelerate its arrival.  Carefully negotiated  peace plans produce less peace.

This wasn’t always the case.  For decades, our engagement with the world was based on the seductive belief that there was a logical relationship between the power of states and the physics of change.  But that traditional physics of power has been replaced by something radically different.  Drawing upon history, economics, complexity theory, psychology, human immunology, and the science of networks we learn about a landscape of inherent unpredictability and remarkable possibility.”

"ALL I REALLY NEED TO KNOW I LEARNED IN KINDERGARTEN" by Robert Fulghum

Most of what we really need to know about how to live, and what to do, and how to be, we learned in kindergarten. Wisdom was not at the top of the graduate school mountain, but there in the sand box at nursery school.

These are the things we learned.

    • Share everything.
    • Play fair.
    • Don’t hit people.
    • Put things back where you found them.
    • Clean up your own mess.
    • Don’t take things that aren’t yours.
    • Say you are sorry when you hurt somebody.
    • Wash your hands before you eat.
    • Flush.
    • Warm cookies and cold milk are good for you.
    • Live a balanced life.
    • Learn some and think some and draw some and paint and sing and dance and play and work everyday.
    • Take a nap every afternoon.
    • When you go out in the world, watch for traffic, hold hands, and stick together.
    • Be aware of wonder.
    • Remember the little seed in the plastic cup? The roots go down and the plant goes up and nobody really knows how or why. We are like that.

And then remember that book about Dick and Jane and the first word you learned, the biggest word of all: LOOK! Everything you need to know is there somewhere. The Golden Rule and love and basic sanitation, ecology, and politics and the sane living.

Think of what a better world it would be if we all, the whole world, had cookies and milk about 3 o’clock every afternoon and then lay down with our blankets for a nap. Or we had a basic policy in our nation and other nations to always put things back where we found them and clean up our own messes. And it is still true, no matter how old you are, when you go out in the world, it is best to hold hands and stick together.

Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, has testified as an expert witness before the Congressional High Tech Task Force, the Chairman of the Senate Armed Services Committee, and the Chairman of the House Ways and Means Committee. He has also served on infrastructure security boards and committees including the Disaster Recovery Workgroup for the Office of Homeland Security, and as a consultant to the Federal Trade Commission.

The Author gives permission to link, post, distribute, or reference the above article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

Posted in Icerocket,"Kevin M Nixon",Government,Politics,Cyber-Security,Washington DC

Susan Boyle 1st Runner-up ‘Britain’s Got Talent’!

•May 30, 2009 • Leave a Comment

Susan Boyle Fans can email Queen Elizabeth at: webeditor@royal.gsx.gov.uk  Perhaps Ms Boyle will receive a special invitation to perform for her Majesty.

May 30, 2009

Susan Boyle lost Britain’s Got Talent to the ten-person dance crew Diversity. "Lads, I wish you all the best," said Boyle graciously. It was a stunning loss. Boyle took second place in the voting.

Boyle chose to sing again the song that first brought her fame, "I Dreamed a Dream." Dressed in a blue gown and saying that this performance represented "forty years of doin,’" the Scottish sensation gave this final performance:

Given all the publicity Boyle received here in the States, it wasn’t clear to many of us just how close the competition has been all along. To American eyes, the hip-hop dance-troupe Diversity looks pretty ordinary, don’t you agree? But judge Simon Cowell hailed them as "the only act tonight I’d give a ’10’ to" and "sheer and utter perfection." Judge for yourself:

http://www.youtube-nocookie.com/v/b2xiAQCTy2E&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1

 

Diversity will perform before the Queen Elizabeth II in the Royal Variety Show and wins 100,000 pounds (about $159,000).

What do you think of the results? What do you think the future holds for Susan Boyle?

Piers Morgan’s blog: http://www.officialpiersmorgan.com/

IceRocket Tags: ,
43 Things Tags: ,
Technorati Tags: ,
del.icio.us Tags: ,

Posted in Entertainment

Speculation, Rumors and Whispers – Who could become the Cyber Tsar – Will Willie Win?

•May 30, 2009 • Leave a Comment

By Kevin M. Nixon, MSA, CISSP©, CISM©, CGEIT©

Got to thinking about all of the speculation, rumors and whispers, circulating around Washington DC tonight about who is on the short list with Tsar-like skills.   

First, disregard all of the qualifications, in-depth security knowledge etc. that are on the typical everyday run of the mill Tsar Job Postings.

Think about alternative candidates that have additional supplemental income to take the sting out of that capitated $150K pay grade.  Perhaps someone retired from the military, perhaps someone who has retained top level security clearance while in the private sector.  Perhaps someone with experience dealing with huge software suppliers and with experience in Government Relations and Federal Programs with companies located in Washington State.  And certainly someone with former responsibility for sales, business development, and the capture/proposal process for public sector opportunities.  Consider also, someone with experience developing a company’s Network Centric Systems, for Military Integration and Transformation.  After all of those additional qualifications, perhaps someone currently in the private sector with very close government ties.  

Rear Admiral Robert C. “Willie” Williamson, USN (Ret) joined Raytheon, Network Centric Systems in March 2004. He assumed the newly created position of Director, Naval Integration and Transformation and was assigned additional responsibilities as the Director of Business Development for Integrated Communications Systems (ICS) in December 2004. Currently, Willie is the vice president of International Programs for Integrated Communications Systems (ICS).

Another Washington whisper includes Paul B. Kurtz, a recognized cyber security and homeland security expert. He served in senior positions on the White House’s National Security and Homeland Security Councils under Presidents Clinton and Bush and is currently an on-air consultant to CBS News.   Paul Kurtz, is currently a Partner and security consultant with Arlington, Va.-based Good Harbor Consulting.  

Good Harbor Consulting Good Harbor Consulting, LLC was founded in 2002 by Good Harbor President Roger W. Cressey after he served in cyber security and counterterrorism positions in the Clinton and Bush administrations. He sought to establish a boutique consulting firm combining public and private sector knowledge and experience to develop a unique offering for government and commercial clients.

In 2003, Richard A. Clarke joined as Chairman of the firm and John S. Tritak joined as CEO. Clarke, an internationally recognized expert on security, including homeland security, national security, cyber security, and counterterrorism, has served the last three U.S. Presidents as a senior White House advisor. Prior to his 11 consecutive White House years, Clarke served for 19 years in the Pentagon, the Intelligence Community, and State Department.

So, President Obama has a number of players sitting on the bench and ready to play the game.  But something just keeps nagging me as I tried to figure out who might have the best odds in Vegas.  Add all of those ingredients together, stir and filtered and studied and still came up with Retired U.S. Navy Rear Admiral Robert C. "Willie" Williamson. 

Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White House Blog, at the moment that the President was speaking, I also noticed something very interesting, “Why would Raytheon remove Rear Admiral Williamson’s distinguished service Bio from the corporate website?”  Will Raytheon be doing an executive search for a new VP of International Programs?  (Just imagine job search skills would include:  “Successful candidate should possess Tsar like qualities and drive for advancement.)

It just seems to me that if one studies the subtle, nuance moves which Washington perfected and patented it would seems that Willie is the pick.  That is just my personal opinion and random thinking.

 

Posted in Icerocket,"Kevin M Nixon",Government,Politics,Cyber-Security,Washington DC

« Previous Entries