New York State cybersecurity rules and the skills shortage

While the cybersecurity industry was knee-deep in vision, rhetoric and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The Department of Financial Services (DFS) rules (23 NYCRR 500) go into effect next week on March 1, 2017.Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here

New York State Cybersecurity Rules and the Skills Shortage

While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry.  The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017.  Here’s a link to a pdf document describing the regulations. Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads.  In reviewing the document however, section 500.10 caught my eye.  Here is the text from this section:To read this article in full or to leave a comment, please click here

New York State Cybersecurity Rules and the Skills Shortage

While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry.  The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017.  Here’s a link to a pdf document describing the regulations. Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads.  In reviewing the document however, section 500.10 caught my eye.  Here is the text from this section:To read this article in full or to leave a comment, please click here

EFF: Congress considers making it illegal to protect consumer privacy online

“When you go online you reveal a tremendous amount of private information about yourself,” wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?To read this article in full or to leave a comment, please click here

EFF: Congress considers making it illegal to protect consumer privacy online

“When you go online you reveal a tremendous amount of private information about yourself,” wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?To read this article in full or to leave a comment, please click here

EFF: Congress is considering making it illegal to protect consumer privacy online

“When you go online you reveal a tremendous amount of private information about yourself,” wrote the EFF. “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?The FCC did something about that last year by putting privacy protections in place for when you use your broadband provider.To read this article in full or to leave a comment, please click here

EFF: Congress is considering making it illegal to protect consumer privacy online

“When you go online you reveal a tremendous amount of private information about yourself,” wrote the EFF. “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?The FCC did something about that last year by putting privacy protections in place for when you use your broadband provider.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Breaking through the cybersecurity bubble

For many in the cybersecurity space, the world revolves around the attack vector. Many security vendors narrowly focus on their version of the prevent, defend and respond paradigm—focusing on their purported supremacy and on making their case to get a piece of the enterprise security budget pie. At the recent RSA Conference in San Francisco, however, there were some hopeful signs that this narrow view and myopic perspective is evolving—at least for some. “Don't draw lines that separate different fields. Draw connections that bring them together,” implored RSA CTO Dr. Zulfikar Ramzan in the opening keynote as he called for business-driven security. “In my experience, today's security professionals must also draw connections between security details and business objectives.”To read this article in full or to leave a comment, please click here

Amazon Prime Members Get 20% off Halo Wars 2 Ultimate Edition For Xbox One – Deal Alert

For a limited time, if you're an Amazon Prime Member (or have a free trial -- get one here) you'll see the price drop an extra 20% on Halo Wars 2 Ultimate Edition for Xbox One. Price drop activates when you add it to your cart, and sinks the price from $79.88 to $63.99. Combining tactical combat with card-based strategy, your deck is your army in all new Blitz mode as you build collections of powerful Halo vehicles and troops and command those units in fast-action matches. See the discounted Halo Wars 2 Ultimate Edition on Amazon.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Breaking through the cybersecurity bubble

For many in the cybersecurity space, the world revolves around the attack vector. Many security vendors narrowly focus on their version of the prevent, defend and respond paradigm—focusing on their purported supremacy and on making their case to get a piece of the enterprise security budget pie.At the recent RSA Conference in San Francisco, however, there were some hopeful signs that this narrow view and myopic perspective is evolving—at least for some.“Don't draw lines that separate different fields. Draw connections that bring them together,” implored RSA CTO Dr. Zulfikar Ramzan in the opening keynote as he called for business-driven security. “In my experience, today's security professionals must also draw connections between security details and business objectives.”To read this article in full or to leave a comment, please click here

We finally know how much a data breach can cost

Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it’s a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million. To read this article in full or to leave a comment, please click here

We finally know how much a data breach can cost

Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it’s a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $250 million to $350 million. To read this article in full or to leave a comment, please click here

Verizon knocks off $350M from Yahoo deal after breaches

Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here

Verizon knocks off $350M from Yahoo deal after breaches

Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here

Python – Kirk Byers Course Week 4 Part 1

This post will describe the exercises and solutions for week four of Kirk Byers Python for Network Engineers.

The first exercise is the following:

I. Prompt a user to input an IP address.  

Re-using some of the code from class3, exercise4--determine if the IP address is valid. 

Continue prompting the user to re-input an IP address until a valid IP address is input.

Compared to our last script we want to keep asking the user for an IP address until they supply a valid one. This means that we need a loop that can run until some condition changes. This is where While loops come in handy. We will create a Boolean variable called not_done and set this to True.

not_done = True

while not_done:

The meaning of while not_done: is that the While loop will run as long as not_done is True.

The next step is to ask the user for an IP address. We use the built-in function input() to do this.

ip_add = input("\n\nPlease enter an IP address: ")

We use another Boolean variable called valid_ip which is set to True until we prove that the IP address is not valid.

valid_ip = True

We will split Continue reading

9 new hacks coming to get you

Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here

9 new hacks coming to get you

Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here

Data visualization tools: The features users love and hate

Data visualization used to be a nice-to-have skill for specialists, but today data visualization is a key part of business decision-making for every manager, the Harvard Business Review notes. "New software tools mean this type of visualization is easier than ever before: They're making data analysts of us all," the journal says.To read this article in full or to leave a comment, please click here(Insider Story)

Understanding the attack surface to better allocate funds

In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.Misha Govshteyn, co-founder and CISO at Alert Logic, said, "For a long time, when people thought about defensive strategies it was about their enterprise or their perimeters, where the infrastructure ends and the outside world begins."According to Earl Perkins, research vice president, digital security, the IoT group at Gartner, "We now embrace multiple forms of wireless networks as an enterprise. We distribute smaller, fit-for-purpose devices that have some processor and memory function, but aren’t general-purpose platforms in the sense of traditional IT. All of these are now ingress points and vulnerable assets if they are inadequately protected."To read this article in full or to leave a comment, please click here(Insider Story)

1 2,290 2,291 2,292 2,293 2,294 3,841