CIO, CTO & CISO
CIO: For Government CIOs, Accountability Comes without Authority. Federal CIO Suzette Kent sees progress for federal CIOs, but says more needs to be done to make tech leaders full-fledged partners with top agency brass. Read more
CTO: Twitter CTO…”We Didn’t Have To” Tell Users About the Password Debacle. Twitter has owned up to a pretty serious bug that allowed passwords to be stored, unencrypted, on an internal log. The company says it doesn’t believe this data was compromised or accessed by bad actors, but honestly, who knows. Twitter’s CTO, Parag Agrawal, is very sorry for this blunder, but instead of simply saying “we messed up,” he took to Twitter to imply that users should be thanking Twitter for informing them of the bug. In a tweet, Agrawal wrote that he is sharing news of this bug “to help people make an informed decision about their account security.” If you talk to anyone who has a semblance of OpSec finesse, the “informed” decision would be to change every password immediately. That’s not all Agrawal had to say. In the same tweet he goes on to say, “We didn’t have to, but believe it’s the right thing to do.” Read more
CISO: Advice for New CISOs – How to Get a Head Start on Information Security Governance. A new Chief Information Security Officer (CISO) starting the first day on the job has many challenges to juggle – navigating infrastructure complexity, keeping up with ever-changing compliance and regulatory requirements, working through team skills shortages, and overcoming inadequate funding. In April, the Ponemon Institute surveyed more than 500 CISOs to assess their level of preparedness for a data breach. According to the results, 67 percent stated their company was more likely to suffer a data breach or cyber attack in 2018. More than half of CISOs pointed to an inability to protect sensitive data from unauthorized access, keep up with the sophistication of hackers, and failure to control third parties’ use of sensitive data as potential reasons for more data breaches. Read more
VIDEO: How F5 Networks’ CISO Defends the Enterprise. Mike Convertino, CISO of F5 Networks, discusses the technology tools and human resources he uses to help secure his network and inform F5’s product development. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems April 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-april-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.