Site Map - Technofile

09/25/2007 - If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

09/25/2007 - Not long after a data breach involving the Department of Veterans Affairs, David M. Walker, Comptroller General of the United States and head of the Government Accountability Office, gave testimony to a House committee on steps that can be taken to reduce the likelihood of personal data being stolen. The first is to conduct a privacy-impact assessment before deploying new systems; Walker noted that agencies do not always do this. He also recommended limiting the collection of personal information, and limiting the time that such information is retained. @ "Privacy: Preventing and Responding to Improper Disclosures of Personal Information is available at SM Online.

09/25/2007 - Seventeen percent of employees have launched a hacking tool or keystroke-logging software on their network in the past year, an increase from 12 percent from the year before. That’s no surprise given that 47 percent of the 351 IT decision-makers interviewed by Websense said employees who received phishing e-mails clicked on the link they found in the message, while a third of those interviewed admitted that they don’t block executables in e-mails. The annual Web@Work survey interviewed 351 information technology managers from U.S. companies of all sizes. @ More results of the survey are at SM Online.

09/25/2007 - Anyone looking for an overview of the elements that make up an information security program can turn to a comprehensive guide released by the National Institute of Standards and Technology (NIST) titled Information Security Handbook: A Guide for Managers. The handbook covers every aspect of security, from awareness and training issues to incident response and recovery strategies. Intended for senior managers, it’s as appropriate for the private sector as it is for government readers; as the authors note, while private- and public-sector requirements may differ, “the underlying principles of information security are the same.” @ Security Management Online has the NIST handbook.

09/25/2007 - The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.

09/25/2007 - Guide for Developing Performance Metrics for Information Security analyzes legislative requirements, describes linkages between strategic planning and information security, and explains types of performance metrics.

09/24/2007 - Do financial services firms have to encrypt customer data? Also, a computer on a stick, and a cybersecurity checklist for business managers.

09/24/2007 - WeatherBug operates some 8,000 weather stations around the country, providing live local weather data to end users. “We’ve married this with detailed weather intelligence from the National Weather Service, radar information, [and] lightning information, and we can get down to a five-kilometer-grid resolution providing truly neighborhood-level weather information,” Jim Anderson, WeatherBug’s director of business development, explained in a recent Webinar.

09/24/2007 - Wireless continuity between access points, Web 2.0 under increasing attack, local weather updates, and more

09/24/2007 - Wireless continuity between access points, Web 2.0 under increasing attack, local weather updates, and more

09/24/2007 - If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

09/24/2007 - Number of daily cyberattacks launched against credit unions

09/24/2007 - John Bumgarner, research director for security technology with the US-CCU, says that the idea for the checklist evolved because, despite the number of industry-specific guidances (such as Sarbanes-Oxley and ISO standards), there was nothing aimed at nontechnical managers.