Netflix Pays for Direct Access to Comcast’s Broadband Network
Written by Angelo Castigliola   
Feb 22, 2014 at 08:00 PM

The Wall Street Journal is reporting that Netflix has entered into a paid agreement with Comcast, to increase the bandwidth to customers.  This is in direct response to the recent U.S. Court of Appeals ruling against the FCC to Enforce Net Neutrality.  No one is sure how the FCC will respond to this ruling, and now this recent deal between Netflix and Comcast.  The deal between Netflix and Comcast has been in negotiations for the past year.  Verizon is also accused of slowing traffic, and probably wants a deal for increased bandwidth to their customers also.

Write Comment (0 comments)

Noam Chomsky Calls Cryptocurrency a Fad
Written by Angelo Castigliola   
Oct 16, 2015 at 11:00 PM

Speaking at the Third Boston Symposium on Economics on February 10th 2014, sponsored by the Northeastern University Economics Society in Boston, MA, Noam Chomsky was asked what his thoughts were on cryptocurrency.  Noam Chomsky’s response “I know nothing about it.  I suspect that it is a fad that will leads to some crisis and collapse.”

Write Comment (0 comments)
Last Updated ( Feb 23, 2014 at 08:12 PM )

GSM Cellular Module for Arduino and Raspberry Pi
Written by Angelo Castigliola   
Feb 20, 2014 at 12:00 PM

GPRS Shield is a cellular module for Arduino and Raspberry Pi.  GPRS Shield uses an unlocked SIM card to transmit SMS, Audio, or GPRS Service data over GSM cellular networks.  I think this would be cool in addition to some of the pretesting tools for Raspberry Pi such as:

·         Raspberry Pwn

·         Rogue Pi

·         Pwn Pi

Write Comment (0 comments)
Last Updated ( Feb 23, 2014 at 08:08 PM )

NIST Framework for Improving Critical Infrastructure Cybersecurity v1.0
Written by Angelo Castigliola   
Feb 19, 2014 at 08:00 AM

NIST has released their Framework for Improving Critical Infrastructure Cybersecurity v1.0. The new framework is presented at a high level compared to the NIST Special Publication 800-53 “Recommended Security Controls for Federal Information Systems and Organizations,” which is a catalogs security controls, for all U.S. federal information systems, except national security information systems. 

The goals of the new NIST Framework are:

1) Describe their current cybersecurity posture;

2) Describe their target state for cybersecurity;

3) Identify and prioritize opportunities for improvement within the context of a

continuous and repeatable process;

4) Assess progress toward the target state;

5) Communicate among internal and external stakeholders about cybersecurity risk.

The NIST Framework Core consists of the following activities:

·         Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

·         Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

·         Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

·         Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

·         Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Each activity is slew of regulatory compliance standards from the Council on Cyber Security Critical Security Controls (CCS CSC,) COBIT, ISA, ISO/IEC, and NIST.

The risk management implementation is described in Tiers:

Tier 1: Partial

·         Risk Management Process – Organizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner.

·         Prioritization of cybersecurity activities may not be directly informed by organizational risk objectives, the threat environment, or business/mission requirements.

·         Integrated Risk Management Program – There is limited awareness of cybersecurity risk at the organizational level and an organization-wide approach to managing cybersecurity risk has not been established. The organization implements cybersecurity risk management on an irregular, case-by-case basis due to varied experience or information gained from outside sources. The organization may not have processes that enable cybersecurity information to be shared within the organization.

·         External Participation – An organization may not have the processes in place to participate in coordination or collaboration with other entities.

Tier 2: Risk Informed

·         Risk Management Process – Risk management practices are approved by management but may not be established as organizational-wide policy. Prioritization of cybersecurity activities is directly informed by organizational risk objectives, the threat environment, or business/mission requirements.

·         Integrated Risk Management Program – There is an awareness of cybersecurity risk at the organizational level but an organization-wide approach to managing cybersecurity risk has not been established. Risk-informed, management-approved processes and procedures are defined and implemented, and staff has adequate resources to perform their cybersecurity duties. Cybersecurity information is shared within the organization on an informal basis.

·         External Participation – The organization knows its role in the larger ecosystem, but has not formalized its capabilities to interact and share information externally.

Tier 3: Repeatable

·         Risk Management Process – The organization’s risk management practices are formally approved and expressed as policy. Organizational cybersecurity practices are regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape.

·         Integrated Risk Management Program – There is an organization-wide approach to manage cybersecurity risk. Risk-informed policies, processes, and procedures are defined, implemented as intended, and reviewed. Consistent methods are in place to respond effectively to changes in risk. Personnel possess the knowledge and skills to perform their appointed roles and responsibilities.

·         External Participation – The organization understands its dependencies and partners and receives information from these partners that enables collaboration and risk-based management decisions within the organization in response to events.

Tier 4: Adaptive

·         Risk Management Process – The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. Through a process of continuous improvement incorporating advanced cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner.

·         Integrated Risk Management Program – There is an organization-wide approach to managing cybersecurity risk that uses risk-informed policies, processes, and procedures to address potential cybersecurity events. Cybersecurity risk management is part of the organizational culture and evolves from an awareness of previous activities, information shared by other sources, and continuous awareness of activities on their systems and networks.

·         External Participation – The organization manages risk and actively shares information with partners to ensure that accurate, current information is being distributed and consumed to improve cybersecurity before a cybersecurity event occurs

The risk tolerance for the organization determines the framework profile.  The profile is used to determine which tier the risk management implementation should be at.

Additional notes:

The Department of Defense Information Assurance Certification and Accreditation Process is used to secure national security information systems. Information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). You may remember the Department of Defense Rainbow Books that was published in the 1980-1990s.

Write Comment (0 comments)
Last Updated ( Feb 23, 2014 at 08:11 PM )

Gartner Forecast on Big Data Analytics for Security/Fraud Detection Use Cases
Written by Angelo Castigliola   
Feb 18, 2014 at 04:00 PM

Gartner predicts that by 2016, 25% of large global companies will use big data analytics to solve at least one security or fraud detection use case.  Currently only 8% of global companies use big data analytics for security/fraud detection use cases.  Alexandre Pinto’s presentation at Defcon 21 “Defending Networks with Incomplete Information: A Machine Learning Approach” explains how he used machine learning, to solve a firewall defense security use cases.  Machine learning is how some of the largest IT companies such as Google, and Amazon, perform data analytics.  Stanford has a complete course for machine learning on YouTube.

From Gartner’s recent announcement:

Big data analytics gives enterprises faster access to their own data than ever before. Big data analytics enables enterprises to combine and correlate external and internal information to see a bigger picture of threats against their enterprises. It is applicable in many security and fraud use cases such as detection of advanced threats, insider threats and account takeover.

Information needed to uncover security events loses value over time, and timely intelligent data analysis is critical as criminals and bad actors move much more quickly to commit their crimes. For example, a year or two ago, hackers would look around, conduct extensive cyberespionage on their targets, and then go in for the theft — whether it was for money or information. Now, hackers — aware of more-effective security and fraud prevention measures erected by their target victim enterprises — simply go directly to the theft without a drawn-out reconnaissance phase.

To address these issues in the past, enterprises relied on various siloed monitoring or detection systems that were optimized for various use cases, such as data loss, financial fraud, or privileged user monitoring.

Now, with big data analytics, enterprises can:

·         Cut down on the noise and false alerts in existing monitoring systems by enriching them with contextual data and applying smarter analytics. This is especially important as the number of security events increase substantially year over year.

·         Correlate the resulting high-priority alerts across monitoring systems to detect patterns of abuse and fraud, and to get the big picture on the security state of the enterprise.

·         Pool their internal data and relevant external data into one logical place, and look for known patterns of security violations or fraud.

·         Profile accounts, users or other entities, and look for anomalous transactions against those profiles.

·         Remain agile, and stay ahead of malicious actors and activities, via faster tuning of rules and models tested against data streaming in near real time.

Big data analytics is ahead of most organizations' abilities to successfully adopt them, and most vendors have barely begun to prove their software's effectiveness, so it's still early days for this market. Enterprise are recommended to start small, but think big, and develop a road map that encompasses multiple use cases and applications across the organization. The return on investment (ROI) on big data analytics is typically too big to ignore.

Write Comment (0 comments)
Last Updated ( Feb 18, 2014 at 10:27 PM )

<< Start < Previous 1 2 3 4 5 6 7 8 9 10 Next > End >>

Angelo Castigliola     View Photos of Angelo (8)
    Send Angelo a Message
Sec and Sec-Tech Newsletter

Upcoming Events