Posts Tagged ‘Interim CIO’

How to make sense of messy data? Google refine is an excellent solution….

March 2, 2011

Do you want to make sense of messy data? Google refine may prove to be the right tool!

It allows for cleaning up messy data, transforming it from one format into another, extending it with web services, and linking it to databases like Freebase or MySQL to name a few. Another great feature of this tool is of course the “no cost feature.”

 

A Move to the Cloud will actually benefit cyber security protection

February 7, 2011

A recent study by the Center for Strategic and International Studies observed the fact that the use of cloud computing technology could actually benefit national cyber security and data protection practices.   The study, by Network World reports, explains how actual cloud computing can actually “aggregate and automate” cyber security, because it takes data protection responsibilities away from customers and businesses and gives them to service providers, which are generally more capable of dealing with cyber threats.

“The move to the cloud is not a silver bullet that will solve all cyber security problems, but it is part of a larger move to a more mature infrastructure that includes the automation of security practices and monitoring,” the report goes on to state

It goes on to say that security practices will be further enhanced if government agencies can find a way to work more effectively with cloud service providers.

Both cloud computing and Cyber security are expected to play larger roles in government in 2011. In December, the Office of Management and Budget issued a memo to federal agencies urging them to adopt a “cloud-first approach” to IT solutions.

So you’ve been hacked–NOW WHAT?

November 9, 2010

Jill Liles of the Global Knowledge company has written a very good article that outlines the immediate steps required by Information Security Officers and CIOs  if they find that their systems have been hacked.  The essence of the article is below with a few additions.

First of all, don’t panic.  Obviously the plan that you had in place to prevent such an attack needs to be updated to reflect the current circumstances. But before you do that, you need to take the following  five steps in order to respond and defend against future attacks.

1. Execute your Emergency Plan

Every system should have some sort of disaster recovery plan associated with it before it goes into production. These plans usually cover such things as intruder scenarios and security breaches, natural disaster scenarios, man-made disaster scenarios and the steps required for remediation.

Like many first responders in critical situations the first step is to not make the situation worse than it is. Even though it will be difficult to stop your natural instincts to shut everything down and pull the plug on power or connectivity. You might be causing more issues than what the initial attack had caused.  Even though your efforts to protect the system or data have been compromised continue to evaluate the accuracy of your remediation plan as you learn more about the intrusion.

2.  Act Deliberately

Determine the extent of the intrusion by identifying which systems, routers, and data have been compromised.  Once this is done determine the amount of isolation that is required to limit the impact of the attack. Check inbound and outbound router logs to determine where the attack was initiated from.  Perform reverse IP lookups to see if the offending system can be easily located. Depending on the nature of the attack and the complexity of the attack

3.  Clean Up and Restore

Based on business priorities, bring systems back on-line and begin monitoring them regularly. Replace any hacked data with the most recent stable backup. Change the passwords for all affected devices, users, and applications, including the root password and default accounts.

4.  Prevent Other Attacks

Modify your security structure so this type of attack can be prevented in the future. Learn from this attack so remediation processes are updated accordingly. Some malware can lie dormant after being “removed,” waiting years for an opportunity to reactivate, so be sure you continually protect your network, including installing the latest software patches and performing a regular vulnerability assessment.

5.  Communicate

Depending on your industry, a security breach may require you to notify people outside the company, particularly if the incident affects your compliance with a regulation such as PCI, GLBA, or HIPAA.

If you want to pursue criminal charges or recover damages, you should contact your local law enforcement’s cybercrime unit or national law enforcement.