We finally know how much a data breach can cost

Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it’s a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $250 million to $350 million. To read this article in full or to leave a comment, please click here

Verizon knocks off $350M from Yahoo deal after breaches

Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here

Verizon knocks off $350M from Yahoo deal after breaches

Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here

Python – Kirk Byers Course Week 4 Part 1

This post will describe the exercises and solutions for week four of Kirk Byers Python for Network Engineers.

The first exercise is the following:

I. Prompt a user to input an IP address.  

Re-using some of the code from class3, exercise4--determine if the IP address is valid. 

Continue prompting the user to re-input an IP address until a valid IP address is input.

Compared to our last script we want to keep asking the user for an IP address until they supply a valid one. This means that we need a loop that can run until some condition changes. This is where While loops come in handy. We will create a Boolean variable called not_done and set this to True.

not_done = True

while not_done:

The meaning of while not_done: is that the While loop will run as long as not_done is True.

The next step is to ask the user for an IP address. We use the built-in function input() to do this.

ip_add = input("\n\nPlease enter an IP address: ")

We use another Boolean variable called valid_ip which is set to True until we prove that the IP address is not valid.

valid_ip = True

We will split Continue reading

9 new hacks coming to get you

Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here

9 new hacks coming to get you

Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here

Data visualization tools: The features users love and hate

Data visualization used to be a nice-to-have skill for specialists, but today data visualization is a key part of business decision-making for every manager, the Harvard Business Review notes. "New software tools mean this type of visualization is easier than ever before: They're making data analysts of us all," the journal says.To read this article in full or to leave a comment, please click here(Insider Story)

Understanding the attack surface to better allocate funds

In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.Misha Govshteyn, co-founder and CISO at Alert Logic, said, "For a long time, when people thought about defensive strategies it was about their enterprise or their perimeters, where the infrastructure ends and the outside world begins."According to Earl Perkins, research vice president, digital security, the IoT group at Gartner, "We now embrace multiple forms of wireless networks as an enterprise. We distribute smaller, fit-for-purpose devices that have some processor and memory function, but aren’t general-purpose platforms in the sense of traditional IT. All of these are now ingress points and vulnerable assets if they are inadequately protected."To read this article in full or to leave a comment, please click here(Insider Story)

Understanding the attack surface to better allocate funds

In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.To read this article in full or to leave a comment, please click here(Insider Story)

How to develop an internet of things strategy

The internet of things (IoT) may present the biggest opportunity to enterprises since the dawn of the internet age, and perhaps it will be bigger. Research firm Gartner predicts there will be nearly 20 billion devices on the IoT by 2020, and IoT product and service suppliers will generate $300 billion+ in revenue.Successfully leveraging that opportunity — bringing together sensors, connectivity, cloud storage, processing, analytics and machine learning to transform business models and processes — requires a plan."In the course of my career, I've estimated and planned hundreds of projects," John Rossman, who spent four years launching and then running Amazon's Marketplace business (which represents more than 50 percent of all Amazon units sold today), writes in his new book, The Amazon Way on IoT: 10 Principles for Every Leader from the World's Leading Internet of Things Strategies. "I've learned that, even before you start seeking answers, it's imperative to understand the questions. Guiding a team to a successful outcome on a complex project requires understanding of the steps and deliverables, necessary resources, and roles and every inherent risk and dependency."To read this article in full or to leave a comment, please click here

7 project management tools any business can afford

The time has never been better for startups to access well-tested, feature-rich, affordable project management product previously offered only to larger companies. Here are just some of web-based options that a startup can license to manage its activities right out of the gate.If your startup is considering making the leap to a project management tools, these affordable options can make light work of collaboration and manual tracking of project tasks, time and budgets.It’s important to note that many of these per-month-per-user pricing models are based on companies making one annual payment.7 affordbable project management tools (listed by price) 1.  Trello (acquired by Atlassian in 2017) has been around since 2011 and offers a web-based PM solution that works for companies of all sizes, from startups to Fortune 500 companies. Their affordable business class solution costs $9 a month per user and allows companies a free trial of the software.To read this article in full or to leave a comment, please click here

State of the CIO 2017: More challenging, still complicated

Any CIO worth his or her C-suite executive office space knows that the job is more complex than ever. Moving apps and workloads to the cloud, ensuring legacy software can talk to off-premises apps, and keeping networks and systems secure remain core functional tasks of the CIO role. At the same time, boards of directors, CEOs and business colleagues are turning to the CIO to lead digital transformations, win customers and drive revenue.To read this article in full or to leave a comment, please click here(Insider Story)

Top 10 recruiting software platforms

Finding a good recruiting software platform shouldn't be guesswork, and selecting a option can't just be based on features, bells and whistles. Ease of use, scalability and the capability to customize solutions to meet your individual company's needs also are critical factors best discerned by talking to your peers and industry experts.That's where G2 Crowd comes in. The business software review site uses feedback from its user community, social media and other online sources, as well as anonymous customer reviews to develop rankings of a wide range of business applications -- including recruiting software.ALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks The latest G2 Crowd report for 2017 is based on hundreds of reviews written by HR and recruiting professionals. For a visual ranking, check out The Grid, which is created by factoring in customer satisfaction reported by users and vendor market presence determined from social and public data to rank the products. Here, based on G2 Crowd's data and ranking, are the top 10 recruiting software platforms.To read this article in full or to leave a comment, please click here

5 open source security tools too good to ignore

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. To read this article in full or to leave a comment, please click here

5 open source security tools too good to ignore

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. To read this article in full or to leave a comment, please click here

5 open source security tools too good to ignore

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. To read this article in full or to leave a comment, please click here

5 built-in Windows 10 apps that do the job (with video)

The touch-friendly apps built into Windows 8 and Windows 10 (originally called Metro apps and now just called Windows apps) were, for a long time, roundly denounced by many reviewers as being underpowered -- and justifiably so. The first release of Mail in Windows 8, for example, didn't have threaded messaging, and the first release of Calendar made it confusing to do something as simple as changing the view to a day, week or month.To read this article in full or to leave a comment, please click here

Why you need a bug bounty program

Every business needs to have a process in place for handling security vulnerability reports, but some organizations take a much more proactive approach to dealing with security researchers.An increasing number of hardware and software vendors have formal bug bounty programs. Google, for example, runs its own vulnerability rewards program, and Microsoft has multiple bug bounties covering Office 365, Azure, .NET and Edge as general programs covering exploits and defenses.To read this article in full or to leave a comment, please click here(Insider Story)

Why you need a bug bounty program

Every business needs to have a process in place for handling security vulnerability reports, but some organizations take a much more proactive approach to dealing with security researchers.To read this article in full or to leave a comment, please click here(Insider Story)

Renewed effort begins to save Calif. university’s IT jobs

At least 10 U.S. lawmakers have written University of California officials about their plan to move IT jobs offshore. It has been called it "ill-advised" and "dangerous," and some have demanded its reversal. But the letters have had no apparent impact, and employees are slated to be laid off Feb. 28.The next step in the fight is legislation.[ Join our H-1B/Outsourcing group on Facebook to discuss this story. ] California Assembly member Kevin McCarty, (D-Sacramento), introduced a bill (AB 848) Thursday in the state legislature that's backed by university unions. It would require the University of California and California State University to certify that any contracted work "will be performed solely with workers within the United States."To read this article in full or to leave a comment, please click here