Morning Security Brief: Cybersecurity Talks, Bribery and Corruption Report, Train Wreck Clues, and Mobile Device Security
By Ann Longmore-Etheridge
The United states and China have held an inaugural meeting of a cybersecurty joint working group. Investigators of the deadly train crash in Lac-Megantic, Quebec, say the train's breaks may have been tampered with. Bribery and corruption are increasing worldwide, according to a new report. NIST has released new guidelines on mobile device security.
►The BBC reports that the United States and China are in the midst of formal discussions on cybersecurity that began on Monday. The hope is to create cooperation and address issues about cybersecurity that divide the two nations. This has included the inaugural meeting of a joint working group on cybersecurity that was announced last spring. The Hindu notes, "Washington is increasingly concerned about the Chinese theft of U.S. intellectual property, but it has put been on the defensive by the revelations about U.S. surveillance by National Security Agency leaker Edward Snowden."
►CNN reports that a criminal act may have caused the horrific train wreck in Lac-Megantic, Quebec. While not saying that it was an act of terrorism, investigators think that the train's breaks may have been disabled before it "barreled at a dangerous speed into the Quebec town, derailed and burst into a deadly inferno," says CNN. The crash killed 15 people, however the death toll may rise as 35 people are still missing.
►Transparency International has released the 2013 Global Corruption Barometer and, according to Voice of America, it "paints a bleak picture." The report says that corruption and bribery are perceived to be growing in countries worldwide. Transparency International interviewed 114,000 people in 107 countries for the annual report, which states that one in four people paid a bribe in the last 12 months when accessing public institutions and services.
►The National Law Review takes a look at the National Institute of Standards and Technology publication, Guidelines for Managing the Security of Mobile Devices in the Enterprise . The purpose of the publication is to help U.S. federal agencies secure the devices their employees use for government business . According to the Review, "The Guidelines explain the security concerns inherent in mobile device use and recommend that organizations use a technology solution that centralizes mobile device management at the enterprise level to secure mobile devices used by employees. A centralized mobile device management solution allows organizations to control and manage the configuration and security of both organization-provided and personally-owned mobile devices and provide secure access to enterprise resources, such as an organization’s computer network." Among the key recommendations presented are instituting a mobile device security policy that is documented in the system security plan; developing system threat models for mobile devices; considering the merits of each security service provided by mobile device solutions; implementing and testing a pilot of the mobile device solution; securing each organization-provided device; and regularly maintaining mobile device security through vulnerability scans, penetration testing, and other methods.