Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tech Update Summary from Blue Mountain Data Systems August 2018


Published on

August 2018: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >>

Published in: Software
  • She hasn't even mentioned my snoring!! When I read the story on your website I understood EXACTLY what you were talking about. I have been single for years because my snoring is so loud. As soon as I get to the stage where a girl stays over, I never hear from them again. Your program has taken my snoring down to a low hum. I now have a girlfriend and she hasn't even mentioned my snoring!! ♣♣♣
    Are you sure you want to  Yes  No
    Your message goes here
    Are you sure you want to  Yes  No
    Your message goes here

Tech Update Summary from Blue Mountain Data Systems August 2018

  1. 1. Blue Mountain Data Systems Tech Update Summary August 2018
  2. 2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems
  3. 3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for August 2018. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. 4. Network Security
  5. 5. Network Security IT WATCH: Finding and Fixing Security On Your Network Perimeter. Networks need multiple layers of security. However, with the complexity inherent in the internal layers, many folks pay short shrift to the perimeter. That’s a mistake and here’s why. Read more [PCMAG.COM] SOFTWARE: Linux Kernel 4.18: Better Security, Leaner Code. The latest version of the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the Berkeley Packet Filter, plus makes a nod to gamers and mobile devices. Read more [NETWORKWORLD.COM]
  6. 6. Network Security NETWORK DESIGN: Machine Learning Is Becoming a Must in Data Center Network Security. The volume of data traveling on networks and sophistication of attack tools are outpacing human experts’ capabilities. Read more [DATACENTERKNOWLEDGE.COM] SECURITY: Think Like an Attacker…Three Network Security Points to Identify and Protect. Pulling the plug on the Internet is often jokingly referred to as the best solution for network security. All kidding aside, anything you can do to make it harder for the bad guys to gain access to your network can have a positive impact on your overall security posture. That begs the question: with so many cyber security threats and attack methods to worry about – and so many hardware and software solutions to consider – where should you focus? Read more [SECURITYBOULEVARD.COM]
  7. 7. Encryption
  8. 8. Encyption OPINION: There is No Such Thing as a ‘Safe Backdoor’ in Encryption. federal officials are now pressuring tech companies to create so-called “backdoors” that allow law enforcement to work around encrypted devices. These backdoors would grant them access to Americans’ personal data through a supposedly secure channel. In theory, a backdoor would be available only to the government and law enforcement agencies. But technology experts warn that tech companies cannot build a backdoor that would guarantee only law-abiding officials have access. If you create a way in, somebody you don’t want to get in will find it. Read more [THEHILL.COM]
  9. 9. Encyption THE PAINS OF ENCRYPTION KEY MANAGEMENT: Why Manual Processes Are So Hard. In its 2018 Global Encryption Trends Study, Thales along with Venafi and Geobridge sponsored Ponemon Institute to survey 5,252 IT and security professionals in 12 different countries about their organizations’ encryption use. Their responses revealed that many enterprises continue to struggle when it comes to balancing encryption with their security posture. Read more [SECURITYBOULEVARD.COM] POPULAR ENCRYPTION SOFTWARE: Researchers Help Close Security Hole. Cybersecurity researchers at the Georgia Institute of Technology have helped close a security vulnerability that could have allowed hackers to steal encryption keys from a popular security package by briefly listening in on unintended “side channel” signals from smartphones. Read more [SCIENCEDAILY.COM]
  10. 10. Encyption FYI: Oracle’s Transparent Data Encryption. Security. Each day it seems another breach is reported, another hack revealed, more personal user information is stolen, apparently despite the best efforts to thwart such attacks. It’s becoming increasingly obvious that guarding against break-ins is simply not enough; one must be prepared for the maliciously inclined to succeed at hacking their way into ‘secure’ systems. For the Oracle DBA this may not be as daunting a task as it first appears. Read more [DATABASEJOURNAL.COM]
  11. 11. Databases
  12. 12. Databases LEGACY: When It Comes to Databases, Why ‘I Can’t Quit You, Baby’. Leaving legacy RDMSs is hard, but eventually enterprises will break free of Oracle’s and others’ last grip on their data infrastructure. Read more [INFOWORLD.COM] ORACLE: Oracle Launches Autonomous Database for Online Transaction Processing. Oracle executive chairman and CTO Larry Ellison first introduced the company’s autonomous database at Oracle Open World last year. The company later launched an autonomous data warehouse. Now it announced the next step with the launch of the Oracle Autonomous Transaction Processing (ATP) service. Read more [TECHCRUNCH.COM]
  13. 13. Databases MICROSOFT: SQL Server 2008 Support Extended for Cloud Migrations. Microsoft is adding an addition three years of support for SQL Server 2008 customers that migrate to the Azure Cloud. Read more [EWEEK.COM] GET STARTED: Quick Start Tips for Using the New MSSQL-CLI SQL Query Tool. The new MSSQL-CLI command-line tool provides many enhancements over SQLCMD CLI that enable you to quickly write and run T-SQL queries across Linux, macOS and Windows. Read more [SEARCHSQLSERVER.TECHTARGET.COM – REGISTRATION REQUIRED FOR ACCESS]
  14. 14. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  15. 15. Federal Tech
  16. 16. Federal Tech FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape, Modernize Government Technology. The size and scope of the federal government’s information technology landscape only continues to grow and in a way that makes it incredibly difficult to change. In the Federal Chief Information Officers Council’s latest study, the current state of government IT is described as monolithic. And, it is not meant as a compliment. Read more [FEDERALNEWSRADIO.COM]
  17. 17. Federal Tech OPINION: Government Efforts to Weaken Privacy are Bad for Business and National Security. The federal government’s efforts to require technology and social media companies to relax product security and consumer privacy standards – if successful – will ultimately make everyone less safe and secure. Read the rest [INFOSECURITY-MAGAZINE.COM] PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies had to send DNA samples to government labs and wait for it to get tested, which could take days or even weeks. Find out more [GOVTECH.COM]
  18. 18. Federal Tech MODERNIZATION: Making Modernization Happen. Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump’s words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead. Read more [FCW.COM]
  19. 19. State Tech
  20. 20. State Tech SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more [HSTODAY.US.COM]
  21. 21. State Tech ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest [GCN.COM] ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more [GOVTECH.COM]
  22. 22. State Tech ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more [ENTERPRISERSPROJECT.COM]
  23. 23. Electronic Document Management
  24. 24. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  25. 25. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  26. 26. Section 508 Compliance & WCAG 2.0
  27. 27. Section 508 Compliance & WCAG 2.0 HIRING: Blind Workers Test Limitations of Online Hiring Systems. Hard Rock Cafe. GameStop. Dart Container. Albertsons. What do the theme-restaurant chain, gaming retailer, foam cup maker, and grocery store chain have in common? All are accused of having online job application systems that blind workers can’t access fully. And all four companies face lawsuits in California federal court alleging discrimination against blind and visually impaired job seekers at the very outset of the job search process. And they’re not alone. Since April, seven other employers have similarly been sued under California law in state court. The cases draw attention to “huge” problems for many visually impaired Americans: accessing online job sites and unemployment, the American Foundation for the Blind’s Megan Dodd told Bloomberg Law. Read more [BNA.COM]
  28. 28. Section 508 Compliance & WCAG 2.0 APPLE: Sued Over Claims Website is Inaccessible to Visually Impaired Users. Apple has become the target of a new lawsuit, one that claims the iPhone producer’s website is violating the Americans with Disabilities Act (ADA) by not being fully accessible to blind or visually-impaired consumers, due to the way the website itself is coded. Read more [APPLEINSIDER.COM] AGILE: How USCIS Ensures Section 508 Compliance in Agile Development. Many people ask how U.S. Citizenship and Immigration Services (USCIS) ensures Section 508 compliance in Agile projects – especially when Section 508 testing is still largely manual. The short answer is that they do this the same way they ensure the code works or that it meets security requirements: they test. And they do this as early in the process as possible. Then, they do whatever else works. Read more [HSTODAY.US]
  29. 29. Section 508 Compliance & WCAG 2.0 POLICY & ISSUES: 19 State AGs Write Sessions Sharing CUNA’s ADA Concerns. Attorneys General from nineteen states have written Attorney General Jeff Sessions calling for clarity about how the Americans With Disabilities Act applies to websites. Several of the attorneys general signed onto the letter as a direct result of advocacy by state credit union leagues. CUNA continues its work to find a solution on the regulatory and legislative arenas, as uncertainty over how the ADA applies to websites has led to lawsuits against credit unions. Read more [NEWS.CUNA.ORG]
  30. 30. Security Patches
  31. 31. Security Patches FYI: Patch Tuesday, August 2018 Edition. Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “zero-day” flaws that attackers were already exploiting before Microsoft issued patches to fix them. Read more [KREBSONSECURITY.COM] ORACLE: Apply Out-of-Band Patch for Database Flaw ASAP. Flaw in the Java VM component of Oracle’s Database Server is easily exploitable, security experts warn. Read more [DARKREADING.COM]
  32. 32. Security Patches INTEL: Beyond Spectre – Foreshadow, a New Intel Security Problem. Researchers have broken Intel’s Software Guard Extensions, System Management Mode, and x86-based virtual machines. Read more [ZDNET.COM] CISCO: Patches Router OS Against New Crypto Attack on Business VPNs. New attack threatens enterprise VPN and could enable target networks to be impersonated or allow a man-in-the-middle attack. Read more [ZDNET.COM]
  33. 33. CIO, CTO & CISO
  34. 34. For the CIO, CTO & CISO SECURITY: CIOs Reveal Their Security Philosophies. Global IT leaders describe their approaches to cybersecurity application and communication. Read more [CIO.COM] NGA: On the Hunt for a New CTO. The National Geospatial-Intelligence Agency is looking for a new chief technology officer to be the agency’s “authoritative expert for technology.” Whoever ends up filling this role will be NGA’s second CTO — Dr. Anthony Vinci, the agency’s first CTO, was appointed to the role in February 2018 and stepped down this month. Read more [FEDSCOOP.COM]
  35. 35. CIO, CTO & CISO CISO: Election Security Insights From Former Federal CISO. Retired Brigadier General Gregory Touhill, who was appointed by President Obama as the first CISO of the federal government, spells out what he sees as the essential steps for fighting against Russian meddling in this year’s midterm elections. Read more [BANKINFOSECURITY.COM] WATCHDOG: Agency CIOs Still Don’t Have Mandated Authorities. The onus to improve the use and management of technology in the federal government has been put squarely on the shoulders of agency chief information officers. However, across government, CIOs still don’t have the requisite authorities to lead IT transformation, according to a recent report from the Government Accountability Office. Read more [NEXTGOV.COM]
  36. 36. Penetration Testing
  37. 37. Penetration Testing SKILLS: That a ‘Next-Level’ Pentester Should Have. Top tier penetration testers are a breed of their own. Here is how to make sure your pentester is topnotch. Read more [THREATPOST.COM] DHS: Census CIO Says DHS Penetration Tests Confirm Data Security. U.S. Census Bureau CIO Kevin Smith said that the Department of Homeland Security performed penetration tests this year that were unable to break through Census’ data safeguards, confirming the strength of Census’ cybersecurity programs for both its self-response website and in-field mobile devices. Read more [MERITALK.COM]
  38. 38. Penetration Testing NEW RESEARCH: To Identify a Hacker, Treat Them Like a Burglar. Imagine someone robs your house. The savvy culprit didn’t leave behind fingerprints, shoe prints, or any other discrete, identifying details. Still, police manage to link the crime to a series of burglaries that happened the next town over, because of the criminal’s behavior. Each robbery occurred in the same way, and in each case, the perpetrator stole many of the same items. Now, new research indicates that the techniques law enforcement use to tie crimes together through behavioral patterns might help in the digital world too. Read more [WIRED.COM] FEDERAL GOVERNMENT: What Solutions and Services Can Best Support Federal IT Modernization? Cutting-edge technologies move agencies toward their goals for efficiency, productivity and security. Read more [FEDTECHMAGAZINE.COM]
  39. 39. Open Source
  40. 40. Open Source UI DEV: Getting to Know Grommet, an Open Source UI Dev Tool. While Grommet has been around since 2016, it is not among the best-known open source development tools. The library of reusable UI components helps developers create web applications. This overview explains what Grommet can do, the problems it addresses, and what makes it appealing. Read more [LINUX.COM] DART 2: Open Source Dart 2 Revamp Focuses on Mobile, Web Development. After a nearly eight-month pre-release preview, the open source Dart 2 programming language has emerged as a stable release that includes many breaking changes in a revamp that focuses on mobile and Web client-side development. Along with that Web focus, creator Google has shipped a complete rewrite of the Dart Web platform. Read more [ADTMAG.COM]
  41. 41. Open Source SPOT THE BOT: Researchers Open-Source Tools to Hunt Twitter Bots. Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it. Read more [DARKREADING.COM] GSA: Offers Overview of How It’s Redesigning CAMEO. The General Services Administration is getting ready to overhaul the system it uses as the federal government’s buyer of IT solutions, and it provided industry stakeholders with a sneak peek. Officials from the agency’s Federal Acquisition Service, including Commissioner Alan Thomas, detailed their strategy to redesign the backend of the CIO Application Maintenance, Enhancements, and Operations (CAMEO) system. They plan to issue a follow-on contract that emphasizes commercial-off-the-shelf (COTS) applications, an open-source data layer that works across technologies and a whole lot of industry engagement. Read more [FEDSCOOP.COM]
  42. 42. Business Intelligence
  43. 43. Business Intelligence B2B: Self Service Business Intelligence Isn’t Here, Artificial Intelligence May Be The Missing Piece. BI tools are still the arena of the analyst. Line managers are able to look at visualizations in a dashboard, they even have a limited ability to investigate the data underneath it, but a “what if?” thought almost always requires a loop back to an analyst or a developer. While too many people in the industry continue to say the solution to the problem is to get the managers to “think like data scientists”, there will continue to be barriers to acceptance. It’s not the line manager’s job to be a programmer or analyst any more than it is the programmer’s or analyst’s job do deal with managing the business. What’s needed is to assist the manager. There are two main technical problems to doing that. Read more [FORBES.COM]
  44. 44. Business Intelligence HR: Turning the Tide on Business Intelligence Failure. When does business information become a business disadvantage? Using today’s Business Intelligence (BI) tools can be a bit like trying to drink from a fire hydrant – too much information, from all directions, with no control. Far too often the very business driver a company set out to find and monitor gets lost in the melee. Read more [BLEEPINGCOMPUTER.COM] MICROSOFT: Updates Power BI Report URL Filter, Report Server Update. Microsoft’s Power BI application has been given a number of feature updates aimed at improving enterprise business intelligence reporting and improving the performance of Power BI for users. Read more [EWEEK.COM]
  45. 45. Business Intelligence FEDERAL GOVERNMENT: Microsoft Says It Has Found a Russian Operation Targeting U.S. Political Institutions. A group affiliated with the Russian government created phony versions of six websites – including some related to public policy and to the U.S. Senate – with the apparent goal of hacking into the computers of people who were tricked into visiting, according to Microsoft, which said Monday night that it discovered and disabled the fake sites. Read more [WASHINGTONPOST.COM]
  46. 46. Operating Systems
  47. 47. Operating Systems GOOGLE: Chrome 69 Rolling Out ‘Material Design refresh’ Next Month ‘Across All Operating Systems’. Even before the Google Material Theme was showcased at I/O 2018, the Chrome team has been working on a big redesign for the browser that shares many similarities like rounded corners and stark white backgrounds. Available on both desktop and mobile, this “Material Design refresh” is now scheduled to begin rolling out in September with Chrome 69. Read more [9TO5GOOGLE.COM] CISCO: Patches Its Operating Systems Against New IKE Crypto Attack. Cisco released security updates today to patch a vulnerability in the IOS and IOS XE operating systems that run the vast majority of its devices. The vulnerability is tracked as CVE-2018-0131 and is one of four CVE identifiers for a new Bleichenbacher oracle cryptographic attack against the IKE (Internet Key Exchange) protocol. Read more [BLEEPINGCOMPUTER.COM]
  48. 48. Operating Systems SECURITY: Securing the Server, Inside and Out. Computing is hard enough, but the sophistication and proliferation of attacks on IT infrastructure, from the firewall moat surrounding the corporate network all the way down into the guts of the operating system kernel and deep into the speculative execution units on the physical processor, make the task of computing – with confidence – doubly difficult. It hasn’t helped that applications have become increasingly distributed and virtualized, spread across networked machines and propped up on various layers of software abstraction. Read more [THENEXTPLATFORM.COM]
  49. 49. Operating Systems FYI: SUSE Builds a Custom Linux Kernel to Boost Microsoft Azure Performance. SUSE added a performance boost for enterprises running its Linux Enterprise Server 15 platform on the Microsoft Azure cloud. That boost comes from a custom-tailored Linux kernel that provides up to 25 percent faster network throughput and a 23 percent drop in average latency for on-demand instances. Read more [SDXCENTRAL.COM]
  50. 50. BYOD
  51. 51. BYOD SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass study pointed out some interesting statistics: Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft. 61% of respondents also had reservations about Apple’s Face ID technology. Given that the general concept in security has always been to eliminate passwords and use MFA, the results are surprising, so why the disconnect? Read more [INFOSECURITY-MAGAZINE.COM]
  52. 52. BYOD DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The Marine Corps has been talking about implementing a bring-your-own-device strategy for more than three years as one way to cut costs and speed up its adoption of commercial smartphone technology. But the service’s chief information officer says the goal is still a long way off, and the Marines are still struggling to bring aboard the most modern mobile devices, even when they’re owned by the government. Read more. [FEDERALNEWSRADIO.COM] TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning Technology. Today, schools across the country look to educators to customize learning for their unique classrooms. Here is how educators are accomplishing this through unbundling and BYOD. Find out more [ESCHOOLNEWS.COM]
  53. 53. BYOD FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are currently more than 7.7 billion mobile connections around the world. Thanks to the Internet of Things, it is predicted that the number of connected devices will reach an astounding 20.8 billion by 2020. With the average number of mobile devices owned per person currently estimated at 3.64, those devices are becoming necessary equipment for today’s workers. Yet while the private sector has been quick to establish Bring-your-own-device policies, the public sector has lagged behind because of security and privacy concerns. Despite several initiatives — including a White House-issued BYOD toolkit and two National Institute of Standards and Technology documents (800-124 and 800-164) giving guidance on securing devices that connect with government networks — many federal agencies are still reluctant to establish BYOD policies. Read more [GCN.COM]
  54. 54. Incident Response
  55. 55. Incident Response PODCAST: Gain an Edge Over BEC and Account Compromise With Intelligent Incident Response. As Black Hat heats up in Las Vegas, host Lorielle Paulk, product marketing manager at IBM X-Force Incident Response and Intelligence Services (IRIS), sits down with Nick Rossmann, research and operations lead at X-Force IRIS, and Jordan Rogers, principal consultant at X-Force IRIS, to discuss the hottest threats in today’s security landscape and the critical advantage of intelligent incident response. Read more [SECURITYINTELLIGENCE.COM] ENDPOINT: 4 Reasons Why Companies Are Failing at Incident Response. When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure. Read more [DARKREADING.COM]
  56. 56. Incident Response GDPR: Incident Response Under GDPR – What to Do Before, During and After a Data Breach. The European Union (EU)’s General Data Protection Regulation (GDPR) is in full effect, but many organizations still don’t have the processes in place to be compliant. According to an IBM survey, only 36 percent of executives said they expect to be GDPR-compliant by the enforcement date. For many organizations, one of the top challenges is complying with the GDPR’s tight 72-hour data breach notification window. To help organizations accelerate their incident response times and meet this deadline, we’ve outlined steps privacy teams can take before, during and after a data breach to help them comply with the GDPR and improve their overall privacy and security processes. Read more [SECURITYINTELLIGENCE.COM]
  57. 57. Incident Response CIRP: Ten Considerations for a Cybersecurity Incident Response Plan. If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP. Read more [LEXOLOGY.COM]
  58. 58. Cybersecurity
  59. 59. Cybersecurity DNC: Says Hack Attack Was Actually Just a Cybersecurity Test. The Democratic National Committee now believes its database of voters was the target of a third- party test of its cybersecurity and not a cyber-attack, according to party officials. Read more [TIME.COM] FYI: The Most Effective Defense is Proactive Cybersecurity. Your network is under siege. If you’ve been working in IT or IT security for more than 15 minutes, you should be aware that there’s a seemingly endless array of attackers and exploits trying to infiltrate your network, compromise your servers and applications, and steal your data every day. The thing that separates effective cybersecurity from poor cybersecurity is just how proactive your network defenses are—do you respond to threats, or react? Read more [SECURITYBOULEVARD.COM]
  60. 60. Cybersecurity CHRONICLE: One of Google’s Newest Sister Companies is Almost Ready to Go After the $96 Billion Cybersecurity Industry on a ‘Planet Scale’. Chronicle is one of Alphabet’s newest “Other Bets,” the group of Google’s sister companies that are hoping to stumble on the next big thing in tech, such as self-driving cars (Waymo) or high-speed internet access in remote areas (Loon). And cybersecurity is a potentially massive opportunity for Alphabet. Research firm Gartner predicts cybersecurity spending will hit $96 billion in 2018, and only increase from there. Read more [CNBC.COM]
  61. 61. Cybersecurity FINANCIAL SERVICES: Cybersecurity Compliance Deadline Looming, Says NY Regulator. Financial companies regulated by New York State Department of Financial Services have less than a month to comply with another round of cybersecurity rules, the agency’s head warned Wednesday. Read more [AMERICANBANKER.COM] WORK FORCE: Cybersecurity’s Insidious New Threat – Workforce Stress. The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new “community” track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. With titles like “Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community” and “Holding on for Tonight: Addiction in Infosec,” several of the sessions will address pressures on security teams and the negative impact these can have on workers’ wellbeing. Read more [TECHNOLOGYREVIEW.COM]
  62. 62. Cybersecurity NNSA: Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency Official Says. The government should be focused on mitigating the danger any software can pose, rather than banning software from China and elsewhere, the NNSA CIO says. Read more [NEXTGOV.COM] IoT: Continental Offers Cyber Security Solutions from Argus and Elektrobit for All Connected Vehicle Electronics. Technology company Continental recently announced it is offering end-to-end cyber security and wireless software update solutions integrated into connected vehicle electronics including telematics units, infotainment systems, gateways and more from Argus Cyber Security (Argus) and Elektrobit (EB). Read more [DARKREADING.COM]
  63. 63. Cybersecurity THE CYBERSECURITY 202: Trump Team Isn’t Doing Enough to Deter Russian Cyberattacks. The Trump administration isn’t doing enough to deter Russian cyberattacks, according to an overwhelming 94 percent of cybersecurity experts surveyed by the Cybersecurity 202. Read more [WASHINGTONPOST.COM] GOOGLE: Doesn’t Want You to Have to Think About Cybersecurity. Your safety online shouldn’t be your problem — it should be the tech giants’. Parisa Tabriz, nicknamed “Google’s Security Princess” and the company’s director of engineering, delivered the keynote speech at the Black Hat cybersecurity conference Wednesday in Las Vegas, where she discussed issues with the state of cybersecurity. Read more [CNET.COM]
  64. 64. Project Management
  65. 65. Project Management BEST PRACTICES: 6 Project Management Skills All Managers Should Adopt. Here are six vital project management skills that you can adopt in your managerial career to ensure better business outcomes for your organization. Read more [SILICONREPUBLIC.COM] CXO: 5 Things to Know About Remote Project Management. As the workforce gets more spread out, managers need to acquire a few new skills, to keep everyone on task. Read more [TECHREPUBLIC.COM]
  66. 66. Project Management DEVOPS: 8 Things They Don’t Teach You in Project Management School. Project management is about more than shepherding software through the development process. Don’t forget the humans and the team dynamic. Read more [INFORMATIONWEEK.COM] FYI: Why Everyone is Now a Project Manager. A report from Planview detailed the five biggest challenges to effective project management and the top tools in the profession. Read more [TECHREPUBLICAN.COM]
  67. 67. Application Development
  68. 68. Application Development INFOGRAPHIC: The Time and Cost of Mobile Application Development. A great website is a necessity for just about any business, and ensuring that website works well on mobile is also vital. But is your mobile website up to giving your customers a stellar experience? If you’re unsure, check out these factors to determine whether a mobile site or a mobile app is right for your business. If you decide your business is ready for an app, then you’ll want to start thinking about cost. Read more [MARKETINGPROFS.COM] CIOs: 5 Things CIOs Misunderstand About Application Development. Do you have a blind spot or two regarding the daily realities of your application developers? Here’s what IT execs sometimes don’t “get” about modern application development. Read more [ENTERPRISERSPROJECT.COM]
  69. 69. Application Development DEFENSE: New Application Development Standards Will Reduce Risk to Commanders. The Navy is “moving out to enforce” this fall a new approach to developing applications meant to rapidly push software to the fleet and reduce the burden on operational commanders when software is problematic, according to a senior Navy officer. Read more [INSIDEDEFENSE.COM] CLOUD: Best Practices for Your SaaS Laravel Application on AWS. It is not easy to subsist in a modern cloud ecosystem. However, there are solid principles that will help you to build a perfect AWS architecture for your Laravel application, including the 12-factor methodology, design applications with a stateless approach and decoupling service components. Read more [DEVOPS.COM]
  70. 70. Big Data
  71. 71. Big Data SEARCH ACQUISITION: Twitter Kills Off Third-Party App Features. Twitter has restricted access to APIs, which effectively kills off certain key features in popular third-party apps. Most notably, third-party apps have lost the ability to deliver push notifications and refresh the timeline automatically. Read more [SEARCHENGINEJOURNAL.COM] BIG DATA AND AI: Eight Ways Big Data And AI Are Changing The Business World. By the end of 2018, it is predicted that 70% of enterprises (paywall) will implement artificial intelligence (AI). This is up from 40% in 2016 and 51% in 2017. There’s one thing that these statistics make crystal clear — big data and AI are here to stay. Read more [FORBES.COM]
  72. 72. Big Data HEALTHCARE: How AI, Blockchain Combine to Fuel Healthcare Big Data Analytics. Artificial intelligence and blockchain have quickly become the tools of choice for developers, providers, and payers looking to bulk up their health IT infrastructure with innovative, effective data management capabilities. Read more [HEALTHITANALYTICS.COM] FYI: Big Data Pros and Cons. These days every enterprise makes use of big data. Big data analytics offers a veritable gold mine of potential benefits, but it also poses significant challenges that could offset any potential gains. Read more [DATAMATION.COM]
  73. 73. Internet of Things (IoT)
  74. 74. Internet of Things (IoT) CITIES: 6 Ways The Internet Of Things Is Improving The Quality Of Urban Life. So how are cities currently leveraging IoT to improve urban life and boost the happiness of city dwellers? Here are six examples. Read more [FORBES.COM] READ: The Internet of Things Era: 6 Ways to Stay Safe. While the Internet of Things (IoT) is full of promise and can, in many ways, make our lives easier, it comes at a cost. The devices that we carry around in our pockets and place in our homes control access to our possessions, and our most intimate personal details. In the wrong hands, those gadgets have the power to put our physical safety at risk. You need to stay safe. Read more [REUTERS.COM]
  75. 75. Internet of Things (IoT) SLIDESHOW: 10 Ways the Internet of Things Will Make Our Lives Better. The Internet of Things (IoT) links a wide range of devices — including wearables, smart appliances, and driverless cars — to each other and the cloud. This market could grow from $171 billion in 2017 to $561 billion by 2022, according to market research firm Reportlinker. Intel (NASDAQ:INTC) estimates that 200 billion devices could be connected across the IoT market by 2020. Those bullish forecasts sparked an IoT land grab in recent years, as many companies rushed to produce connected devices. Here are 10 ways those products can improve our lives. Read more [FOOL.COM]
  76. 76. Internet of Things (IoT) COMMENT: Data Behaving Badly. The private sector, especially consumer-facing organizations, are betting big on data-intensive technologies like artificial intelligence and the internet of things. The trend is accelerating worldwide, with private sector investments in AI projected to reach $12.5 billion in 2017 alone, and IoT investments expected to top $800 billion. Although slower to embrace AI and IoT, government is now pursuing them aggressively. Read more [FCW.COM]
  77. 77. Personal Tech
  78. 78. Personal Tech GOOGLE: Make Several Gmail Addresses Out of One. Thanks to the way Google processes your mail, you can modify part of your address for different situations and still get all your messages. Read more [NYTIMES.COM] SURVEY: Faculty Members Voice Concerns About Student Reliance on Tech. Personal technology use on campus is not expected to slow down. That has presented several concerns among faculty and administrators regarding the impact of technology dependence on student learning and on the reliability and security of the related infrastructure. Read more [EDUCATIONDIVE.COM]
  79. 79. Personal Tech HOW TO: Give Your Old Computer New Life. If you’re not ready to buy a whole new system, you might be able to add new parts and upgrade your aging machine for less than a few hundred dollars. Read more [NYTIMES.COM] APPLE: Help a Fellow Mac User With Remote Tech Support. Just like Windows users, Mac owners have ways to share and control another computer over the internet to give a quick assist online. Read more [NYTIMES.COM]
  80. 80. Mobile Applications
  81. 81. Mobile NIST: Updating Recommendations for Mobile App Security. The National Institute of Standards and Technology is working on updating its recommendations for how organizations and developers can keep mobile applications secure. The updated recommendations are being made to the Special Publication (SP) 800-163, Vetting the Security of Mobile Applications document that was initially released in January 2015. The 50-page draft revision includes additional clarity and details on how to minimize mobile app risks. Read more [EWEEK.COM] OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with Mobile Apps. Though even he might have undersold it a little. Read more [ENGADGET.COM]
  82. 82. Mobile SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking. Smartphones, tablets, iPads—mobile devices have become invaluable to the everyday consumer. But few consider the security issues that occur when using these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based application programming interface (API) services and heavily rely on the internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails to thoroughly replicate input validation, it gives rise to inconsistencies that could lead to attacks that can compromise user security and privacy. Developing automatic methods of auditing web APIs for security remains challenging. Read more [PHYS.ORG]
  83. 83. Mobile CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s not already on your risk radar, it’s time to add mobile apps to the growing list of threat vectors. Mobile apps are risky across all sectors, but more specifically, those that come from media and entertainment businesses are putting users at risk. BitSight recently released the results of its research that looked at data from more than 1,000 companies offering apps on iOS and Google Play and found vulnerabilities across the board. Read more [SECURITYBOULEVARD.COM]
  84. 84. Programming & Scripting Development Client & Server-Side
  85. 85. Programming & Scripting Development Client & Server-Side JAVASCRIPT: Is JavaScript Destined to Be Usurped by TypeScript? Year after year JavaScript features among the top 10 most widely used programming languages worldwide, but is a challenger emerging to the venerable web favorite? An analysis by TIOBE, which counts the number of hits for each programming language returned by major search engines, suggests that Microsoft’s TypeScript is enjoying an explosive growth in popularity and encroaching on areas previously dominated by JavaScript. Read more [TECHREPUBLIC.COM] JAVA: Kotlin and Java Go Well Together, Report Shows. Kotlin is only seven years old but it is already playing in the big leagues. Its massive success can be traced back to the moment when Google announced Kotlin support in Android last year but that was just the tip of the iceberg. According to Pusher’s State of Kotlin 2018 research report, great things are coming Kotlin’s way. Read more [JAXENTER.COM]
  86. 86. Programming & Scripting Development Client & Server-Side GOOGLE: Google Debuts Jib, a Tool to Make Software Containers and Java Work Better Together. Google LLC has released Jib, a new open-source tool that aims to make software containers and the Java programming language work more seamlessly together. Read more [SILICONANGLE.COM] PYTHON: GitHub Now Warns You About Flaws Affecting Your Python Code. Python has joined Ruby and JavaScript on GitHub’s list of coding languages it scans for security vulnerabilities. Developers using Python can now get security alerts for any new bugs the code repository platform spots, as well as some recent vulnerabilities Python has had. Read more [ITPRO.CO.UK]
  87. 87. Cloud Computing
  88. 88. Cloud Computing OPINION: Serverless Computing Is a Paradigm Shift for Cloud Computing. The serverless revolution is akin to delivery companies moving away from owning large trucks to managing a fleet of leased vans, and from there, to outsourcing transportation to a third-party fleet of scooters. Read more [CALCALISTECH.COM] MICROSOFT: Catching Up to Amazon in Security Clearances for Cloud. That could give Microsoft an edge over other potential bidders in the Pentagon’s winner-take-all competition for a multibillion-dollar cloud computing contract. Read more [SEATTLETIMES.COM]
  89. 89. Cloud Computing BUSINESS TRANSFORMATION: Five Ways to Make the Most of the Move to On- Demand. Cloud computing can’t fix everything but it can be a key element of business transformation if handled well. Read more [ZDNET.COM] LINUX: How Red Hat Morphed From Linux Pioneer Into Cloud-Computing Player. Red Hat’s reinvention is tied to the rise of cloud computing. Like many traditional suppliers of information technology, it has been pressured to adapt. Read more [INVESTORS.COM]
  90. 90. Announcement
  91. 91. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  92. 92. IT Security | Cybersecurity
  93. 93. IT Security | Cybersecurity SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism researchers, AI developers, government scientists, threat-intelligence specialists, investors and startups gathered at the second annual WIRED conference to discuss the changing face of online security. These are the people who are keeping you safe online. Their discussions included Daesh’s media strategy, the rise of new forms of online attacks, how to protect infrastructure, the threat of pandemics and the dangers of hiring a nanny based on her Salvation Army uniform. Read more [WIRED.CO.UK] IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to get the most out of your workers and keep your business safe. Read more. [TECHREPUBLIC.COM]
  94. 94. IT Security | Cybersecurity FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity. The federal government is and will continue to be a target of cyber crimes. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017 show 791 incidents as of the end of June – a 29 percent increase over the same period in 2016. With that said, is the government doing enough to prepare for cyber threats? On this episode of CyberChat, host Sean Kelley, former Environmental Protection Agency chief information security officer and former Veterans Affairs Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas) about initiatives to modernize the federal cybersecurity space. Read more [FEDERALNEWSRADIO.COM]
  95. 95. IT Security | Cybersecurity STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask Federal Government for Help. A letter to the Office of Management and Budget says that today’s regulatory environment “hampers” states in their pursuit of cost savings and IT optimization. Find out more STATESCOOP.COM]
  96. 96. From the Blue Mountain Data Systems Blog Programming & Scripting 29-2017/ Cloud Computing 2017/ Business Intelligence 2017/ Mobile Applications 2017/
  97. 97. From the Blue Mountain Data Systems Blog Personal Tech Databases Penetration Testing 2017/ Incident Response 2017/
  98. 98. From the Blue Mountain Data Systems Blog Security Patches 2017/ Operating Systems 2017/ Encryption Cloud Computing 2017/
  99. 99. From the Blue Mountain Data Systems Blog Open Source 5-2017/ CTO, CIO and CISO Programming & Scripting 5-2017/
  100. 100. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers The Security World’s Maturation Data Breach Concerns Keep CISOs Up At Night Personalized Govt Equals Instant Gratification for Citizens citizens/
  101. 101. From the Blue Mountain Data Systems Blog People-Centric Security Pentagon Tries BYOD To Strike Work/Life Balance Open Source Model Considered for MS Windows Open Internet: To Be or Not to Be?
  102. 102. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites websites/ Machine-Generated Data: Potential Goldmine for the CIO cio/ Government Legacy Programs: Reuse vs. Replacement It Takes a Whole Village to Protect Networks and Systems systems/
  103. 103. From the Blue Mountain Data Systems Blog Governance For the CIO Help Desk Consolidation – Lessons Learned One Year Later, Companies Still Vulnerable to Heartbleed heartbleed/ Federal Projects Cultivate Worker Passion
  104. 104. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >>
  105. 105. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  106. 106. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  107. 107. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL WEB