Anonymous Hackers Take Down Child Porn Websites, Leak Users' Names
Only computers that have installed TOR browser plug-ins can access the TOR-based darknet, including its guidebook the Hidden Wiki, the security site Infosec Island reported. In another Pastebin posting, the hackers explained that their campaign against ...
by Robert Westervelt
Mark Weatherford will focus on cybersecurity operations and communications resilience at the Department of Homeland Security.
Mark Weatherford, vice president and CSO at the North American Electric Reliability Corporation (NERC), has been appointed to the position of Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate at the Department of Homeland Security.
The appointment was announced by DHS Secretary Janet Napolitano today, and is effective mid-November. The newly created position will focus on cybersecurity operations and communications at DHS. Cybersecurity leadership at DHS has undergone some changes of late. Philip Reitinger resigned in May to take the position of CISO at Sony.
Weatherford took on the CSO role at NERC in 2010, shortly after the Stuxnet worm surfaced. He is said to have bolstered information sharing there. He started a “Malware Tiger Team” to share accurate and usable Stuxnet related information among facilities.
He also called for more rugged software in the wake of Stuxnet, after it was discovered that the malware targeted four Microsoft zero-day vulnerabilities.
An Information Security magazine Security 7 Award winner, Weatherford was previously director and CISO of the state of California. He also spent six years as the CISO of the state of Colorado. He developed a Data Governance Working Group that defined the data security lifecycle for state agencies. Weatherford also formalized the state’s vulnerability management program to address Web application security issues.
In an essay he wrote for Information Security, Weatherford said that strategic planning often falls short in the security industry.
“We haven’t devoted the deep thought necessary to create a vision worthy of being called a Strategic Plan. I’ve done the annual strategic plan dance more times than I care to admit because creating a Strategic Plan takes real time and real effort, which is difficult to justify when you find yourself in more of a firefighter role than a CISO.”
Data governance and classification
In this video, Weatherford, who was CISO of California’s Office of Information Security and Privacy Protection, gave advice on the importance of data governance and classification.
“The fact that data is ubiquitous and resides everywhere means that you have to know where it is and what systems it resides on,” Weatherford told SearchFInancialSecurity in 2009. “An asset inventory is critical to knowing where the different types of data reside within your organization.”
Identifying assets is doable, he said, adding that business and IT need to work together to identify the most critical data that needs to be protected. The business people own the process and should be engaged and working with security professionals in order for data classification projects to be successful.
Businesses Turn Old Smartphones Into Cash, Go Green with HelloTotem
This device erasure or wiping conforms to either HMG Infosec Standard 5 or US Department of Defense Directive 5220.22-M, labels which may mean little to many of us, but mean quite a lot to small or large business entities looking to protect private ...
Posted by InfoSec News on Oct 20http://www.informationweek.com/news/security/vulnerabilities/231901118
Posted by InfoSec News on Oct 20http://www.nextgov.com/nextgov/ng_20111018_4438.php
Posted by InfoSec News on Oct 20http://www.chinadaily.com.cn/cndy/2011-10/20/content_13937379.htm
Posted by InfoSec News on Oct 20http://www.wired.com/dangerroom/2011/10/military-not-quite-sure-how-drone-cockpits-got-infected/
Posted by InfoSec News on Oct 20http://www.networkworld.com/news/2011/101911-sql-injection-attack-252188.html