HOW-TO: Using Search Engines as Penetration Testing Tools. Search engines are a treasure trove of valuable sensitive information, which hackers can use for their cyber-attacks. Good news: so can penetration testers. Read more
DHS: How DHS Hacks Agency Networks to Make Them Stronger, More Resilient. Hackers in Virginia are the good guys. Their job is to educate agencies and protect federal networks by looking for the weaknesses and helping agency chief information officers and chief information security officers close the gaps to stop the bad guys. The Homeland Security Department’s National Cybersecurity Assessments and Technical Services team (NCATS), in the National Cybersecurity and Communications Integration Center (NCCIC), has been building up its technical capabilities over the last seven-plus years to provide a service to civilian agencies like none before. Read more
READ: Social Engineering Penetration Testing: An Overview. Social engineering has proved to be extremely efficient hacking technique, as it exploits both human weaknesses (greed, vanity, authority worship) and virtues (compassion, willingness to help others). The technique has already made a name for itself with 43% out of 1,935 documented data breaches (2017 VERIZON DBIR). Quite a reason for companies to add social engineering penetration testing to their security wish list. Read more.
LEGAL: Simulations Test Law Firm System Security. Last fall, MacKenzie Dunham was a law student working at a personal injury firm in Houston when one of the firm’s two partners called the office to say their car had been broken into and he would not make it in. Not worried, the partner mentioned that among his stolen belongings was a MacBook he used for work. This was when Dunham realized the theft was not just a nuisance—it was a major breach of client documents. Read more.
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems January 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-january-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.