HHS: Incident Response Will Be Scrutinized. A federal watchdog agency has added two security-related evaluations to its to-do list: assessing the Department of Health and Human Services’ incident response capabilities and reviewing internal IT and security controls of federal Affordable Care Act health insurance enrollment systems. Read more
IoT: Operational Integrity and Incident Response for IoT Security. Given the increasing volume of connected devices throughout society, Internet of Things (IoT) security should be a key consideration for businesses and consumers alike. Embedded in everything from our homes and cars to commercial and industrial manufacturing, IoT solutions are already providing significant benefits. As a result, IDC expects organizations to increase their IoT investments to an estimated $1.29 trillion by 2020. Click here for key takeaways.
ADOBE: In Spectacular Fail, Adobe Security Team Posts Private PGP Key on Blog. Having some transparency about security problems with software is great, but Adobe’s Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT’s e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead. Find out more
CISO: When Responding to a Data Breach, Cooperation Is Nine-Tenths of the Law. In recent years, several high-profile breaches involving customer data have led to long and costly litigations. These events demonstrated that data protection is more than just a cybersecurity concern. When responding to a data breach, legal teams have to work closely with the chief information security officer (CISO) to ensure that security policies, regulatory compliance and response plans are adequate to effectively protect sensitive data. Together, these departments can develop a sound incident response strategy that protects both the organization’s data and its legal interests in the event of a breach. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems August 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-june-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.