CIO, CTO & CISO
CIO: FDIC Was Hacked by China, and CIO Covered It Up. Problems uncovered after employees walk off job with thousands of SSNs on flash drives. A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015. Read more
CTO: Census Seeks CTO. The Census Bureau is looking for a new chief technology officer. In the midst of the bureau’s 2020 technology push — an ambitious overhaul that watchdogs are monitoring closely — the agency posted its official CTO job listing on July 11. The posting comes three weeks after Avi Bender, who had served as Census CTO since 2010, moved to the National Technical Information Service. The next CTO will serve under another newly arrived leader — CIO Kevin Smith, who joined the bureau in June. Read the rest
CISO: What Is IDaaS? A CISO Clears Up Confusion Around the Definition of Cloud IAM. Identity and access management-as-a-service, also known as IDaaS or cloud identity and access management (IAM), has become a hot topic among CISOs over the past few years. Alas, confusion about the cloud-based service still exists; even the most basic question is left unanswered or answered incorrectly. With so much uncertainty and inaccuracy existing around the definition of IDaaS, it seemed fitting to tap into the expertise of a security thought leader and early adopter of IAM-as-a-service. Joseph Burkard, a CISO for a global health care organization, delivers a complete definition of IDaaS and discusses how his choice of a cloud IAM vendor reflects this definition. Read more
THREE THINGS: Every CISO Should Know. To reduce their organisation’s attack surface – and improve their team’s ability to detect, react, respond and recover – CISOs should keep three things in mind. Read the rest
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems June 2016 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-june-2016.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.