Net Neutrality comments deeply corrupted – NY Attorney General

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
New York Attorney General Eric Schneiderman called a press conference on Monday to demand a postponement of a 14 December 2017 vote by the Federal Communications Commission (FCC) on a proposed rollback of net neutrality regulations, declaring that the public comment process in advance of it has been “deeply corrupted.”
But Schneiderman is late – very late – to the party. Reports of fake and bot-generated comments started more than six months ago, before the official public comment period even began on 18 May 2017, after FCC Chairman Ajit Pai proposed the rollback.
ZDNet reported on 10 May 2017 that more than 128,000 identical comments had already been submitted. Some whose names were on those comments told ZDNet they had not submitted them – including one “commenter” who said that they didn’t even know what net neutrality was.
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
Those reports continued regularly through the year, and the flawed comments process, as Naked Security reported in October this year, was almost embarrassingly obvious.
Data analytics company Gravwell claimed at the beginning of October that only about 18% (3,863,929) of the 21.8 million comments submitted on the FCC website and via its API were unique.
The rest were likely from “automated astroturfing bots,” Gravwell founder Corey Thuen said, adding that the fakes were easy to spot.
Schneiderman, who was joined at the press conference by FCC commissioner Jessica Rosenworcel, demanded that the vote be delayed. Rosenworcel, an Obama appointee, was nominated for another term in July by President Trump, and confirmed by the Senate.
Schneiderman said his office carried out a review of the comments on the impending vote. They found that at least one million of these may have been made by impersonators, including up to 50,000 claiming to be from New York. He also accused the FCC of failing to help investigate who might be behind the fakes. Rosenworcel added that nearly 50,000 of the comments to the FCC were from Russian email addresses.
Sophos Home
Free home computer security software for all the family
Learn More
The FCC has now agreed to assist, but Schneiderman said that offer came on the morning of the press conference, after nine previous requests for FCC logs to show the origin of the comments.
It is not just fake comments at issue, either. There are also complaints from advocacy groups, including the National Hispanic Media Coalition (NHMC), saying that the docket – the collected files for and against the proposed rollback – doesn’t include the 50,000 consumer complaints filed about Internet Service Providers (ISP) since the Obama net neutrality rules took effect in 2015.

According to Ars Technica, 28 Democratic senators are also complaining about that omission. In a letter to Pai, they wrote:
近场通讯技术NFC在西方发达国家还未有大规模应用,新的无线通讯技术又不断涌现,手机支付的安全性越来越引起人们的关注,互联网金融搭上移动终端的普及,看来传统的金融机构压力越来越大了。
50,000 consumer complaints seem to have been excluded from the public record in this proceeding… we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding.
At the press conference, Schneiderman contended:
You cannot conduct a legitimate vote on a rulemaking proceeding if you have a record that is in shambles, as this one is.
Advocates of the rollback agree that the comment process has been corrupted, but they say it has been happening on both sides. Brian Hart, an FCC spokesman, told the Washington Post that 7.5 million comments in favor of maintaining net neutrality appeared to come from 45,000 email addresses, “all generated by a single fake e-mail generator website.”
He said another 400,000 comments in favor of net neutrality appeared to come from a Russian mailing address.
And Tina Pelkey, also speaking for the FCC, declared in an emailed statement on Monday to reporters that neither Schneiderman nor Rosenworcel had identified, “a single comment relied upon in the draft order as being questionable.”
The key phrase there is, of course, “relied upon” – a tacit acknowledgement of the fake comments, but also an assertion that nobody on the FCC, including Pai, is giving them any credence.
There is no indication yet that the vote will be delayed. But opponents say they think the number of bogus comments will help them in a court battle to overturn the vote, if Congress doesn’t block it until an investigation is complete. Evan Greer, campaign director for the advocacy group Fight for the Future, told the Post:
It’s all about Congress for right now. But this (fake comments) will absolutely show up in court if we get there.
大批青少年“网络成瘾”,家庭上网安全引发重视,家长和孩子都要学习必要的网络安全知识。

猜您喜欢

SSL信息安全加密,为你的网站提供100%信息安全保障
信息安全第一课——丢弃毁坏的U盘
网络安全法培训短片
奶茶妹妹章泽天入选达沃斯全球杰出青年
SOOVI MTVIEWLUTHERAN
建立有效的信息安全管理矩阵的关键在沟通

NIST Releases New Cybersecurity Framework Draft

NIST Releases New Cybersecurity Framework DraftUpdated version includes changes to some existing guidelines – and adds some new ones. The National Institute of Standards and Technology (NIST) has released the second draft of a proposed update to the national Cybersecurity Framework of 2014.
The draft document contains important changes to some existing guidelines, especially around self-assessment of cybersecurity risk, and introduces some new ones pertaining to authorization, authentication, identity proofing, and vulnerability disclosure.  
NIST also released a proposed update to its Roadmap for Improving Critical Infrastructure Security that describes planned future activities and topics to focus on for upcoming versions of the framework.
The changes and refinements reflect feedback and comments from public and private sector stakeholders to an earlier draft update to the Cybersecurity Framework that NIST released in January 2017. NIST will make draft 2 of the Framework open for public comment through close of day January 19, 2018 and will likely go live with the changes shortly after.
“NIST is hoping Framework version 1.1 will lead to a greater consideration of supply chain risk management [SCRM], cybersecurity within SCRM, and application of [the] Framework for that cybersecurity,” says Matt Barrett, NIST’s lead on the framework.
The hope also is that the new self-assessment section and related topics in the Roadmap such as Governance and Enterprise Risk Management will prepare stakeholders for a discussion on how to better align cybersecurity measures to support business outcomes and decisions, he says.
NIST developed the Framework as required by the Cybersecurity Enhancement Act of 2014. It is designed to provide a formal framework for managing cyber risk in critical infrastructure organizations. The goal is to provide organizations in critical infrastructure with guidance on the processes, practices, and controls they can use to manage cyber risk in line with their business imperatives.
The Cybersecurity Framework establishes a common language for security models, practices, and controls across industries. At a high-level, the framework provides guidance on how organizations can identify, protect, detect, respond to, and recover from, cyber threats. It offers a tiered set of implementation practices that organizations can choose from to deploy and manage these capabilities. The methods, processes, and controls in the framework are based on globally accepted best practices and standards.
Mandatory for the Feds 
Until recently, adherence to the Framework was purely voluntary for everyone. But the Trump Administration’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure in May has now made it mandatory for federal agencies, Barrett says. The order required agency heads to provide a risk management report to the White House Office of Management and Budget describing their plans to implement the Framework, he says. Originally designed for use by operators and owners of critical infrastructure, the Framework has become a de facto standard for developing and implementing cyber-risk management practices at organizations across all sectors.
The new version clarifies some of the language around cybersecurity measurement and provides more guidance on managing cybersecurity within the supply chain — an issue that has become critical in recent years. It also explains how the framework can be used to mitigate risk in the Internet of Things (IoT), operational technology and cyber-physical systems environments. In addition, NIST’s updated Cybersecurity Framework makes some refinements to the identity and access management control category to accommodate changing requirements around authentication, authorization, and identity vetting.
“The NIST updates are meant to be a dynamic, working document,” says Edgard Capdevielle, CEO of Nozomi Networks. “[They] cover a lengthy list of topics from confidence mechanisms, cyberattack lifecycles, beefing up the cybersecurity workforce, to reviewing supply chain risk management along with governance and enterprise risk management.”
While critical infrastructures cannot adapt to all prescriptive guidance overnight, the framework serves as a good roadmap to start implementation of best practices, collaboration, and new security technologies, he says. 
“With Draft 2 of Version 1.1, I expect critical infrastructure operators and federal agencies to focus more closely on supply chain, especially as weak links there have contributed to several well-known data breaches,” says Robert Vescio, managing director at Secure Systems Innovation Corporation (SSIC). “To reduce the impact of cyber incidents, it is crucial that each and every organization understands its role within the larger ecosystem, and actively contributes to proactively address emerging threats.”
Vescio believes that while most organizations can benefit from the framework, adoption should remain voluntary. A forced adoption would destroy the concept of each organization tailoring security strategies to their risk appetite and lead to spending on irrelevant controls, he says.
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
“NIST CSF should be important to everyone,” he says.  “Implemented correctly, [it] can help organizations evolve, while maintaining or working toward a pre-selected risk posture.”
 
Q&A: Matt Barrett, NIST’s Lead on the CyberSecurity Framework
(Excerpts from a Dark Reading email interview with Matt Barrett)
Q. What are the most significant changes in this draft?
Firstly, Section 4.0, previously entitled Measuring and Demonstrating Cybersecurity, has been reframed as Self-Assessing Cybersecurity Risk with the Framework to better emphasize how organizations might use the Framework to measure their risk. In acknowledgement of the wide variety of stakeholder perspectives on cybersecurity measurement and the need for a stakeholder dialog on the topic, the section was summarized and refined and NIST officially acknowledged Measuring Cybersecurity as an item on the Roadmap to Improving Critical Infrastructure Cybersecurity.

NIST clarified the use of the Framework to manage cybersecurity within supply chains by refining Section 3.3 Communicating Cybersecurity Requirements with Stakeholders. This included a simpler description of the parties involved in an organizations supply chain. We also further integrated cyber supply chain risk management language into the Implementation Tiers. This will better enable organizations to determine their current status and desired state with regard to cyber supply chain risk management practices.
We added a few Subcategories to account for authentication and coordinated vulnerability disclosure.
Q. Are federal agencies/critical infrastructure operators required to adopt the framework?
不要轻易接收、运行陌生人发来的程序和文件,特别是那些带有诱惑字眼的文件,要特别注意。
Yes. On May 11, 2017, the President issued Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Among other things, the order states that “each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order” and “describe the agency’s action plan to implement the Framework.”
NIST issued draft report NIST Interagency Report (IR) 8170 to support agency heads and senior cybersecurity leadership in Framework implementation planning. The draft summarizes eight private sector uses of the Framework, which may be applicable for federal agencies. By leveraging NISTIR 8170, agencies can better understand how to implement the Framework in conjunction with other NIST cybersecurity risk management standards and guidelines.
Q. Going forward, do you expect agencies/CI operators to be assessed against their adherence or failure to adhere to the framework?
With increasing use of Framework, this topic increasingly comes up. Whether it will or won’t, NIST doesn’t have charter to control such things, nor latitude to comment. However, I will offer this up.
Given the increasing dependence of organizations on technology, digital trust is an increasingly important topic. In other words, not only does an organization need to manage their cybersecurity risk, but they also need to communicate it in various forms to suppliers, partners, customers, auditors, and regulators. Framework provides a basis for a standardized communication – increasing and organizations efficiency and reducing the chances of miscommunication – and it also provides the high-level methods of determining cybersecurity state, deciding desired state, and planning the improvements necessary to achieve the desired state. 
Organizations may elect to use Framework to self-assess cybersecurity risk and communicate judiciously with others. They may also enlist external parties to assess cybersecurity risk. For this reason, NIST continues to encourage and support private sector in evaluating and implementing Framework confidence mechanisms.
Q. How should organizations use the framework?
There are many ways to use Framework and all the varied uses have a value.Out-of-the-box and without alteration, Framework offers a common and accessible vocabulary for cybersecurity risk management. In its simplest form, that vocabulary is Identity, Protect, Detect, Respond, and Recover. This allows people who are not cybersecurity experts to participate in the cybersecurity dialog. 
The Framework is also meant to be customized for a given sector, subsector, or organization.  That customization ultimately means some form of prioritization. 
Framework has some native methods of customizing and prioritizing. For instance, Framework Profiles help an organization determine and communicate the outcomes that are most important for a given set of circumstances, whether those circumstances are derived from the technical environment, cybersecurity requirements such as law and regulation, or desired organizational objectives. Similarly, the Implementation Tiers of Framework help and organization decide how they would like to manage cybersecurity risk for a given part of the organization. 
Related Content:
NIST Releases Cybersecurity Definitions for the Workforce
NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds
NIST Releases Preliminary Cybersecurity Framework
 
不要轻信中奖类信息,侥幸心理最要不得;不要登录钓鱼网站,尤其是要求填写个人信息的中奖网站;而曾经受骗的网友,应直接将该类网站曝光,提醒其他人,让更多无辜的人避免损失。

猜您喜欢

WiFi万能钥匙上线安全应急响应中心WiFiSRC
网络信息安全好歌曲
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
辽宁一学生作业一字没写 被老师一脚踢到肾出血
JVALENZUELA GEORGETHOROGOOD
信息安全素养快速小贴士

Mad River Twp. Fire and EMS data hacked, encrypted with ransomware

攻防技术一直处于对抗之中,昨天人们迷信的HTTPS加证书尚比较安全可信,明天就不够了,提升人们的安全意识,令其敢怀疑,会辨识,才是以不变应万变的信息安全管理长久之策。
Parker Perry reports:
The Mad River Twp. Fire and EMS station is without years of data after its server was breached and encrypted with ransomware.
Security-Frontline-安全前线
Chief Elmer Beard said the virus was found in August and the department has tried to work out solutions to get the information unencrypted. The hackers demanded payment for the information in Bitcoin, which translates to thousands of dollars he said.
Read more on Springfield News-Sun.

亡羊补牢,不如未雨绸缪;信息安全,重在防患未然。

猜您喜欢

CyberSecurity网络安全意识——是否该分享4G无线给工作电脑
国内医疗卫生行业信息化应该避免数据泄露
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
这是雄安新区的“马路”
CAMPUSSUITE HIPREPLACEMENTALERT
产业巨鳄的安全意识教育创新体验分享

Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones

Google patched a critical encryption bug found on its Pixel, Pixel 2 and Nexus phones this week along with delivering 49 other fixes, part of its December Pixel / Nexus Security Bulletin.
Five of the patches relate to vulnerabilities rated high. One of the patches (CVE-2017-13167) is for an elevation of privilege vulnerability and four others could open the door for a denial of service attack, according to Google.
Related Posts
The only critical patch (CVE-2017-14907) is tied to a bug in “Qualcomm closed-source components” that weakens the cryptographic strength of handsets while it derives a disk encryption key, Google stated.
彭劲松:云计算时代IT职能将从服务保障转变为IT治理

A Common Vulnerabilities and Exposures (CVE-2017-14907) description of the encryption bug states: “In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.”
Android CAF (Custom Android Firmware) releases are custom branches of the Linux kernel developed to support Qualcomm chipsets. Qualcomm MSM chips are processors made for older model high-end phones. And Android for MSM, Firefox OS for MSM and QRD (Qualcomm Reference Design) Android each are Android projects that extend support for the Qualcomm MSM chips.
According to those familiar with the encryption bug, the vulnerability was discovered, patched and an update was released to customers and partners in May by Qualcomm. Qualcomm declined to comment on the vulnerability.
The Pixel/Nexus Security Bulletin coincided with the release of Google’s Android Security Bulletin. A total of 47 vulnerabilities and patches were listed in that report, with 10 rated critical in severity.
“The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” according to the bulletin.
Google lists critical Media framework vulnerabilities (CVE-2017-0872, CVE-2017-0876, CVE-2017-0877, CVE-2017-0878 and CVE-2017-13151) that each create conditions favorable to a remote code execution attack on Android handsets. Media framework codecs impacted are libmpeg2, libhevc, libavc and libskia.
Google’s Android bulletin also warns of four critical Qualcomm component vulnerabilities, three of which are also tied to remote code execution conditions. Other vendors mentioned in the Android bulletin are Broadcom, Kernel, MediaTek and NVIDIA.
Patches are delivered over the air by handset manufactures and Google urges customers to accept and apply patches to their devices.
我们经常教育员工,密码用于识别我们的身份,保护密码就是保护我们的身份,要将私人帐户的密码与工作用账户的密码设置为不同。否则,一旦私人账号密码被击破,不良的攻击者可能会冒用我们的身份在公司进行破坏,反之亦然。
丢失电话远程定位、锁定及删除程序热火,多数智能手机都已经有远程定位手机的功能,用于在手机丢失后减少相应的损失。

猜您喜欢

蚂蚁金服成立企业安全响应联盟 聚生态力量为企业构筑网络安全屏…
安全管理者的利器——安全意识培训工具箱
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
国防科大连续4年夺得国际遗传工程机器设计大赛金奖
ATEN TMSNEURO
儿童监控、安防产业、智能家庭与信息安全

注重安全的系统的默认安全保护设置可能让初级用户感觉不大方便,让初级用户很爽的系统可能将默认的安全级别设置较低。
Black Hat Cyber threats have evolved from been a solely technical issues to core issues of government policy, according to a senior US lawyer and former cyber diplomat.
Chris Painter, former co-ordinator for cyber issues at the US State Department, told delegates at the Black Hat EU conference that cyber issues have emerged as a core topic for governments worldwide. “Cyber is now seen as a core issue for defence policy, foreign policy and more… it’s not just a technical issue.
“Cyberspace is a new domain of war and all countries are involved in it,” he added.
The US, China and Russia have agreed that the rules of international law apply in cyberspace, so the rules of war apply to cyber attacks. That means that an attack on civilian infrastructure such as a dam would be considered as warranting reprisals, but the situation is more complicated than that in practice.
“A lot of malign activity is occurring below the high threshold of what could be classified as an act of war,” Painter explained.
“We’re doing a poor job at deterrence in cyberspace. The credibility of response is OK but timeliness is a problem partly because of attribution.”
Painter argued that although you can never have absolute certainty in attribution, by using a combination of technical and political analysis it’s possible to have a high degree of confidence about who is behind particular attacks, especially if they are long term campaigns.
Launching missiles in response to a cyber attack is unlikely unless there is a loss of life involved. This means that response boils down to applying diplomatic or political pressure on governments. “We need to expand the tool set,” Painter concluded.

《中国互联网定向广告用户信息保护行业框架标准》的影响力前瞻
One thing that is already possible in greater international co-operation, something that can be achieved through diplomatic channel. Painter explained how whilst at the US State Department he struck a deal to get help from other countries in taking down nodes of a botnet that was attacking US banks in return for a promise of co-operation from the US in the event of those countries needing assistance at some future date.
Painter also outlined efforts to promote norms – or “rules of the road” – in cyberspace. He also examined challenges that lie ahead and the need for the policy and technical communities to work together globally to meet those challenges. “We didn’t see the Russian threat coming,” Painter said. “Tech people need to tell policy people about the next coming threat.”
The former White House and US State Department official made his comments during an opening keynote presentation at the Black Hat Europe conference in London on Wednesday. ®
公司应该根据内部控制与审计的要求,保存信息系统相关日志,并采取适当措施确保日志内容不被删除、修改或覆盖。

猜您喜欢

信息安全意识公开课提升国民网络素养
网络安全知识科普——如何保护个人信息
网络安全法培训短片
好奇号拍到火星古城堡遗址,火星文明存在与否,再次引发热议
THEGROVE BASICBET
五花八门的数据丢失渠道

BlackBerry pens framework for securing connected and autonomous cars

(Image: BlackBerry)
BlackBerry on Wednesday laid out a recommended framework for automakers to address the cybersecurity challenges surrounding connected and autonomous vehicles.
No more Uber, Hertz, or even car owners: How Amazon and Apple will take us all for a ride
As driverless technologies improve, cars will likely become more of a membership perk than objects of ownership.
Read More
“内鬼”出售个人信息获利的案子隔些日子就曝光一例,运营商应该对员工访问客户资料的权限设置一下吧,另外定期也得审核员工查询和导出客户数据的操作日志啊。
BlackBerry sees four industry trends that are making vehicles vulnerable to cyber attacks and failures: vehicles access, software control, autonomous driving, and the changing state of software. In its whitepaper, BlackBerry recommended changes through a seven pillar approach: Secure the supply chain: Ensure the supply chain and the software and hardware components it delivers are safe and secure.Use trusted components: Create a security architecture that is deeply layered in a defense in depth architecture, with secure hardware, software, and applications.Employ isolation and trusted messaging: Separate safety critical and non-safety critical systems and ensure trusted communication between these systems and to the outside world.Conduct in-field health checks: Monitor car health by regularly scanning and reporting a defined set of parameters while the vehicle is in the field.Create a rapid incident response network: Share common vulnerabilities and exposures (CVE) and advisories via a trusted network of subscribing enterprises.Use a lifecycle management system: Like a smartphone, proactively re-flash a vehicle with secure OTA software updates as soon as an issue is detected. Make safety and security a part of the culture: Ensure every organization involved in supplying auto electronics is trained in functional safety and security best practices to inculcate this culture within the organization.BlackBerry also teased tools and services, saying it will demonstrate its vision for connected cars and autonomous vehicles at CES in early January.
“Protecting a car from cybersecurity threats requires a holistic approach,” Sandeep Chennakeshu, President of BlackBerry Technology Solutions, said in a statement. “Leveraging our experience as a leader in cybersecurity and embedded automotive software, BlackBerry has created a recommended framework to protect cars from cybersecurity threats. If followed, we believe vehicles will not only be secure but BlackBerry Secure.”
BlackBerry’s interest in securing automotive and IoT hasn’t been a secret. In June, it debuted QNX Hypervisor 2.0 that creates containers to ensure that any breach in one auto application can be contained.
Top accessories to make your car smarter
SEE FULL GALLERY
1 – 5 of 14
上海多策并举强化关键信息基础设施安全保障,维护智慧城市神经网…

NEXT
PREV
Related Topics:
Blackberry
Security TV
Data Management
发现安全事件时及时报告主管高层,并注意保留相关证据,以便采取进一步响应措施。

猜您喜欢

人民铁道报社:推陈出新讲好铁路故事
防泄密在线课程
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
DNF新深渊模式开启 100次时空裂缝测试爆率
VOUCHERCODES FENTONAUTOSALVAGE
保密意识淡薄带来的危害,防范军事间谍

Nearly 2/3 of Industrial Companies Lack Security Monitoring

Nearly 2/3 of Industrial Companies Lack Security MonitoringNew Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.A new survey by LNS Research on behalf of Honeywell shows that industrial sector networks are still playing catch-up in cybersecurity.
全体员工需知的超短的网络信息安全常识
While more than half of the 130 decision-makers from industrial organizations in the survey say they work in a facility that has suffered a breach, just 37% of the respondents say their organizations monitor networks for suspicious activity and traffic.                                               
Nearly half, 45%, say they don’t have an enterprise leader for cybersecurity, and one-fifth are not employing risk assessments on a regular basis.
“Decision-makers are more aware of threats and some progress has been made to address them, but this report reinforces that cybersecurity fundamentals haven’t been adopted by a significant portion of the industrial community,” Jeff Zindel, vice president and general manager of Honeywell Industrial Cyber Security said in a statement.

A copy of the report is downloadable here.
政府、公安、交通、金融和运营商等尤其需要非常重视信息安全保密工作,这些单位和机构需要重视系统安全漏洞,敏感信息的泄漏有可能对国家造成沉重的打击,甚至会违反相关的法律规定。
悬赏网站安全漏洞发现者是值得推荐的活动,花些小钱,可以从互联网上找到世界上技术最高超的人来服务,顶级聪明的人已经发现和帮助修复了安全漏洞,菜鸟黑客们只能望而却步了:

猜您喜欢

开鑫金服周治翰谈供应链金融:将以融促产拓展至以融促销
防泄密意识培训课
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
特朗普点燃大炸弹 沙特:是对穆斯林“直白挑衅”
PAPAPK POLITICLOTHES
一分钟了解信息安全基础知识

Senate Confirms New US Homeland Security Chief

The US Senate confirmed White House deputy chief of staff Kirstjen Nielsen as Secretary of Homeland Security on Tuesday, putting her in charge of implementing the Trump administration’s immigration crackdown.
Nielsen is close to White House Chief of Staff John Kelly, who was President Donald Trump’s first secretary at the Department of Homeland Security before he was brought in to discipline Trump’s chaotic office at the end of July.
Nielsen, 45, is a lawyer and veteran of the national security sector. She served in the transportation security unit of DHS during the George W. Bush administration, and was also Bush’s homeland security advisor in the White House.

Later she ran her own security advisory firm, Sunesis Consulting.
禁止在公司事务中使用私人设备,这是一个很好的政策,可是会加大终端设备的投入。
Known for expertise in cyber issues, she was named Kelly’s chief of staff when he took over DHS at the beginning of the Trump administration, and then followed him to the White House.
Described as tough and no-nonsense, she nevertheless lacks the experience of running a massive organization like the 240,000-strong DHS.
The agency oversees a wide range of security issues, from immigration, to cyber, terror threats and disaster relief. 
网络安全法宣传推广视频 004《网络安全法》的突出亮点
The Senate approved her nomination 62-37.
Her confirmation came on a day when DHS reclaimed substantial success in slowing illegal immigration across the southern border and arresting and deporting criminal aliens.
DHS said arrests of illegal immigrants were up 40 percent in the first nine months of the Trump administration, while border crossings plummeted based on tougher enforcement.
Trump has also ordered DHS to build a wall along the southern border.
But both Kelly and Nielsen have said that a wall on the entire 2,000 mile (3,200 kilometer) frontier with Mexico would be inappropriate, and that other measures, including electronic monitoring, would be required as well.
使用职场社交网络也要多加小心,商业领域的敌我战争现在要远胜于军事战争,社交媒体和用户要加强信息安全保密意识。

猜您喜欢

成功的信息安全意识教育计划是给用户亲身体验机会
高危区域的信息安全风险防范之道
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
735亿!宁乡签下撤县设市后招商第一单
PERFUMES GUNNISONTIMES
网络安全宣传——保护信息设备资产安全

Most Retailers Haven’t Fully Tested Their Breach Response Plans

Most Retailers Haven’t Fully Tested Their Breach Response PlansMore than 20% lack a breach response plan altogether, a new survey shows.Nearly 75% of IT security professionals from the retail industry say their companies do not have a fully tested plan to address a security breach, according to a Tripwire report today.
建立信息安全培训计划
Some 28% of survey respondents do have a fully tested breach plan, while 21% lack a plan altogether, the report notes.
Additionally, 21% of survey respondents say they don’t have the means to notify customers of a data breach within 72 hours of its occurrence. That runs counter to the requirements of the General Data Protection Regulation (GDPR), which in May begins the financial penalty phase for noncompliance. GDPR fines can reach as high as 4% of a company’s revenues.
Only 23% of survey respondents feel fully prepared to incur financial penalties, the survey says. “Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” says Tim Erlin, vice president of product management and strategy at Tripwire, in a statement.
Read more about the survey here.

免费的病毒查杀软件甚至终端安全软件越来越多,它们往往是轻量级的,安全功能不够全面,面向家庭或个人用户,厂商往往希望用户习惯了免费的之后,付费选择功能更强大的产品,所以,多数公司用户还是坚持使用企业级的产品。
众多缺乏安全意识的员工,正在成为信息安全防护体系中最严重也是最难修补的漏洞。

猜您喜欢

加强网络安全教育 筑牢保密安全防线 –包头市教育局组织召开网络安全…
保密法宣传课
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
韩国2018年国防预算同比增7% 增幅创9年来新高
MP3KUN REROOFNOW
借助云端EHS培训服务快速建立安全与健康检查培训体系