More Related Content

Recently uploaded(20)


Tech Update Summary from Blue Mountain Data Systems December 2017

  1. Blue Mountain Data Systems Tech Update Summary December 2017
  2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems
  3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for December 2017. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. Network Security
  5. Network Security CISO: Convincing Employees to Care About Network Security. Employees remain the biggest source of corporate cyber risk. According to the “IBM X-Force 2016 Cyber Security Intelligence Index,” staff members are responsible for 60 percent of all digital attacks endured by enterprises. In most cases, there’s no malicious intent. Employees may subvert network security by opening infected email attachments, falling for well-crafted phishing attacks, accessing compromised third-party apps or accidentally posting confidential information on social media sites. Read more [SECURITYINTELLIGENCE.COM]
  6. Network Security FEDERAL GOVERNMENT: Consolidating Federal Networks Could Lead to New Security Holes. For years, one of the chief aims of the IT modernization movement has been replacing the federal government’s outdated architecture. Before truly tapping into the transformative power of new software and security tools, the thinking goes, government must first scrap its ancient patchwork networks for a new unified IT infrastructure. Read the rest [FCW.COM] OPINION: Why Chipmakers are Taking IoT Security Into Their Own Hands. As the IoT and chip industry both continue to grow more chipmakers will come to understand the importance of putting security and privacy first. Read more [NETWORKWORLD.COM]
  7. Network Security STATES: Federal Government Notifies 21 States of Election Hacking. The federal government has told election officials in 21 states that hackers targeted their systems before last year’s presidential election. The notification came roughly a year after U.S. Department of Homeland Security officials first said states were targeted by hacking efforts possibly connected to Russia. The states that told The Associated Press they had been targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin. Find out more [USNEWS.COM]
  8. Encryption
  9. Encyption SECURITY: How Blockchain Encryption Works: It’s All About Math. Riot Blockchain’s CEO John O’Rourke explains how the blockchain encryption mining network works. Read more [TECHREPUBLIC.COM] CISO: Data Storage and Encryption Should Top the CISO’s To-Do List. In today’s digitized world, data storage and encryption are surely top of mind for most chief information officers (CIOs). But given the increasing regulations and privacy implications surrounding data security, these measures should also be on the chief information security officer (CISO)’s agenda. Get the plugin. [SECURITYINTELLIGENCE.COM]
  10. Encyption DMARC: States Should Follow Federal Directive to Enhance Email and Web Security. The Department of Homeland Security (DHS) has mandated that all federal executive branch agencies implement Domain-based Message Authentication, Reporting and Conformance (DMARC) to improve email security. In the same directive, DHS also mandated better Web security protections be put into place. State and local governments should follow the lead of their federal counterparts and make implementing DMARC a priority. Here’s why. Find out more [GOVTECH.COM]
  11. Encyption INDUSTRY INSIGHT: Don’t Leave Your Front Door Open to Attack. The web has grown to over 1 billion websites. While websites have grown incredibly complex and become a part of our virtual lives, most users and website operator are still focused on functionality. Arguably, there are internet users and website owners concerned about security because of headlines about rampant cyberattacks, data leaks and breaches. But, not all are proactively securing their websites. Here’s why websites can be a treasure trove for attackers. Read more [GCN.COM]
  12. Databases
  13. Databases LAW ENFORCEMENT: To Deter Criminals, Expand DNA Databases Instead of Prisons. Elected officials often push for lengthening prison sentences for particular crimes in the hopes of deterring people from committing them. But new research highlights a more effective and less costly approach: expanding databases that record the DNA of criminal offenders. Read more [WASHINGTONPOST.COM] AWS: Rolls Out New Graph Database, More Database Functionality. At re:Invent, Amazon Web Services unveils new services for Aurora and for DynamoDB, along with Neptune — a fully managed graph database. Read more [ZDNET.COM]
  14. Databases GRAPH DATABASES: A Look at the Graph Database Landscape. Graph databases are the fastest growing category in all of data management, according to DB-, a database consultancy. Since seeing early adoption by companies including Twitter, Facebook and Google, graphs have evolved into a mainstream technology used today by enterprises in every industry and sector. So, what makes graph databases so popular? By storing data in a graph format, including nodes, edges and properties, graphs overcome the big and complex data challenges that other databases cannot. Graphs offer clear advantages over both traditional RDBMs and newer big data products. Here’s a look at a few of them particular. Read more. [DATANAMI.COM]
  15. Databases ENTERPRISE: Data Storage and Analytics: 10 Tips to Make it the Perfect Marriage. In the past, data storage was kind of dumb. It sat there inert – waiting for an application to come along and do something with it. Those days are gone, as big data and analytics tools seek to unearth trends, isolate opportunities and detect threats in real time. Here are some tips from the experts on how to get the most out of the evolving relationship between storage and analytics. Find out more [ENTERPRISESTORAGEFORUM.COM]
  16. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  17. Federal Tech
  18. Federal Tech FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape, Modernize Government Technology. The size and scope of the federal government’s information technology landscape only continues to grow and in a way that makes it incredibly difficult to change. In the Federal Chief Information Officers Council’s latest study, the current state of government IT is described as monolithic. And, it is not meant as a compliment. Read more [FEDERALNEWSRADIO.COM]
  19. Federal Tech OPINION: Government Efforts to Weaken Privacy are Bad for Business and National Security. The federal government’s efforts to require technology and social media companies to relax product security and consumer privacy standards – if successful – will ultimately make everyone less safe and secure. Read the rest [INFOSECURITY-MAGAZINE.COM] PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies had to send DNA samples to government labs and wait for it to get tested, which could take days or even weeks. Find out more [GOVTECH.COM]
  20. Federal Tech MODERNIZATION: Making Modernization Happen. Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump’s words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead. Read more [FCW.COM]
  21. State Tech
  22. State Tech SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more [HSTODAY.US.COM]
  23. State Tech ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest [GCN.COM] ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more [GOVTECH.COM]
  24. State Tech ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more [ENTERPRISERSPROJECT.COM]
  25. Electronic Document Management
  26. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  27. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  28. 508 Compliance
  29. Section 508 Compliance INDUSTRY INSIGHT: Accessibility Awareness Remains Low as Deadline Approaches. Beginning Jan. 18, 2018, government agencies across the U.S. will be required by law to make their websites accessible to the more than 60 million Americans with visual, hearing or other disabilities. Yet more than 87 percent of 430+ local government respondents to Vision’s 2017 What’s Next Survey said they have moderate, weak or no knowledge of federal web accessibility requirements. Read more [GCN.COM] MathML: Tutorials for Accessible Math Markup. In order to create semantically accurate math equations that are accessible to all, check out MathML, the markup language that provides semantic understanding and proper syntax to assistive technologies like screen readers. Read more [ACCESSIBLEWEBSITESERVICES.COM]
  30. Section 508 Compliance MEDICAL: Do You Know If Your Practice’s Website is ADA Compliant? Do you have a medical practice that allows patients access to online registration for appointments? If so, your website could be viewed as a place of public accommodation and should be accessible to those who have dexterity, cognition or sensory issues. Read more. [MDMAG.COM] LEARN: 8 Ways to Make Excel Worksheets Compliant. Making content accessible to people with disabilities online begins with making all types of files compliant from the start. Do you have links to Excel worksheets or spreadsheets on your website? If so, be sure your these documents are compliant. To get you started, here are eight items to test. Read more. [ACCESSIBLEWEBSITESERVICES.COM]
  31. Section 508 Compliance POWERPOINT: 32 Ways to Test PowerPoint Presentations for Compliance. Making content accessible to people with disabilities online begins with making all types of files compliant from the start. Do you have links to PowerPoint presentations on your website? If so, be sure these documents are compliant. Here are 32 items to test. Read more [ACCESSIBLEWEBSITESERVICES.COM] BANKS: Advice to Banks on ADA Website Compliance…Don’t Procrastinate. A recent decision by the Trump administration to indefinitely delay the release of rules concerning disabled consumers’ access to websites might appear to give companies a pass on making their sites compliant with the Americans with Disabilities Act. Banking attorneys don’t see it that way. Instead, they’re advising banks that have not updated their websites to do so. Read more [AMERICANBANKER.COM – FREE REGISTRATION REQUIRED]
  32. Section 508 Compliance LEARN: A Beginner’s Guide to ADA Compliance for Websites. The WCAG is a set of accessibility standards created by the World Wide Web Consortium in partnership with various other groups to help guide web content producers in making their work more accessible to all, including users with disabilities. WCAG 2.0 is the technical standard featuring 12 guidelines under four categories: 1) Perceivable, 2) Operable, 3) Understandable, and 4) Robust. Each of the 12 guidelines contains testable “success criteria” which can be used to measure the usability of your website. The official WCAG documentation contains an exhaustive list of the guidelines that can be found here, but here are the main points as a quick reference to highlight each section and its main topics. Read more. [SEARCHENGINEJOURNAL.COM]
  33. Section 508 Compliance FEDERAL AGENCIES: Get Ready for New 508 Accessibility Requirements in 2018. Federal agencies are preparing for a major update to the government’s digital accessibility requirements, designed to modernize and widen access for disabled users. The specifications, which take effect in January, establish new guidelines to help seeing- and hearing-impaired residents access information on government websites, apps and from other digital media. Find out more [FEDSCOOP.COM]
  34. Security Patches
  35. Security Patches WINDOWS: Windows 7 Update Guide: How ‘Security-Only’ and ‘Monthly Rollups’ Differ. Microsoft in 2016 changed the way it rolls out updates for Windows 7 and Windows 8.1, leaving many IT admins and users confused. Here’s how to sort out what the company is doing. Read more [COMPUTERWORLD.COM] ANDROID: Google Releases December Security Bulletin for Android, KRACK Fix Included. You have to thank the Android gods that Google is as regular as the sunrise when it comes to releasing their monthly Android Security Bulletin. Ever since the Stagefright vulnerability was made public, the mothership has made it its own responsibility to put out a monthly patch for evolving Android security risks. The patch for December 2017 is now out, both for general Android devices, and one specific to Nexus and Pixel devices. Find out more [ANDROIDCOMMUNITY.COM]
  36. Security Patches GOOGLE: Patches 37 Security Issues in Chrome. Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84. The critical vulnerability (CVE- 2017-15407) was an out of bounds write in QUIC (Quick UDP Internet Connections), which was reported by Ned Williamson on October 26 earning him $10,500. The six patched vulnerabilities that are rated high (CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15412 and CVE- 2017-15413) cover three specific problems, heap buffer overflow in PDFium, out of bounds write in Skia and use after free in libXML. These were all reported in September and October and earned the bug bounty hunters between $5,000 and $6,337 for their effort. Read more. [SCMAGAZINE.COM]
  37. Security Patches APPLE: Patches a Very Bad iOS HomeKit Bug. There’s usually little to no security news about Apple software bugs, but lately the company has suffered a string of problematic vulnerabilities. The latest was flaw in iOS HomeKit that could allow an attacker with access to a device’s corresponding iCloud account to remote control smart home products, like smart locks and garage door openers. Apple announced a temporary server-side fix when news of the bug became public, and the company said it will push a complete patch early next week. The attack would have only affected iOS 11, and wouldn’t have been easy to carry out, but given the security problems that have come up with macOS High Sierra, it’s significant that bad bugs are showing up in Apple’s latest mobile operating system as well. Read more [WIRED.COM]
  38. CIO, CTO & CISO
  39. For the CIO, CTO & CISO CIO: IBM’s CIO Helps Enable The Cognitive Enterprise. Fletcher Previn is the youngest chief information officer in the history of IBM. He rose to the role in May after having spent 11 years at the company. He sees his role as helping to make his colleagues productive, to attract top talent, to be the digital front-end of the cultural transformation that IBM is ushering in, and to do all of this in a secure manner. It is a fifth area that may be the source of highest value, however. Previn notes that his department has a role to play in ushering in the cognitive enterprise. This dovetails with the company’s focus on artificial intelligence through its Watson unit, but Previn notes that his team is working on artificial intelligence and machine learning initiatives independently, as well. Read more [FORBES.COM]
  40. CIO, CTO & CISO CTO: A Modest Proposal to Improve Government IT. How does a cabinet-level Department of Technology and Innovation sound? Read more. [FCW.COM] CISO: OPM CISO Cord Chase – ‘Cyber is Just a Support Role’ to IT Modernization. Ever since the agency has emerged from its 2015 breach, OPM’s role — and that of its chief information security officer — has been front and center in the federal government’s efforts to secure its information technology systems. For OPM CISO Cord Chase, that includes fostering collaboration from across the executive branch to help safeguard information and operations that impact every facet of the federal government. Find out more [FEDSCOOP.COM]
  41. CIO, CTO & CISO CIO: Federal CIO, Where Art Thou? Oh, federal chief information officer, where art thou? Not at the Office of Management and Budget. Not leading the CIO Council. And not there to lead the effort to implement the Modernizing Government Technology (MGT) Act. So nearly 11 months after Tony Scott said his goodbyes, there still isn’t a permanent federal CIO. Read more [FEDERALNEWSRADIO.COM]
  42. Penetration Testing
  43. Penetration Testing CYBERSECURITY: How DHS Hacks Agency Networks to Make Them Stronger, More Resilient. The Homeland Security Department’s National Cybersecurity Assessments and Technical Services team (NCATS), in the National Cybersecurity and Communications Integration Center (NCCIC), has been building up its technical capabilities over the last seven-plus years to provide a service to civilian agencies like none before. Rob Karas, the director of the NCATS team, said his organization has 615 federal, local and state government, and private- sector customers who receive reports on critical, high, medium and low vulnerabilities and how to close them from the 38 million scans of internet addresses the office does daily. Read more [FEDERALNEWSRADIO.COM]
  44. Penetration Testing FEDS: State Department Faces Mounting Cyber Threats. A new directorate in the State Department’s law enforcement branch is working to combat cyber threats to the nation’s diplomats, in what officials describe as an increasingly perilous and dynamic threat landscape of criminal and state-sponsored hackers. The Cyber and Technology Security (CTS) directorate was quietly launched in late May, just as Secretary of State Rex Tillerson came under scrutiny for a nascent plan to shutter a separate office charged with engaging other nations on cybersecurity policy. The directorate carries out traditional cybersecurity functions, such as cyber incident response and penetration testing of networks to guard department systems, personnel, and information from ransomware, cyber crime and other hacking threats. Read more [THEHILL.COM]
  45. Penetration Testing HOW: The New Science of Vulnerability Management Can Help Struggling Federal Networks. Computers and networking aren’t getting any simpler. Every time a new application, technology, client, server, cloud, device or almost anything else is added to a network, the number of potential vulnerabilities that an adversary could use to successfully attack it grows. And most of the time, each additional item added brings with it multiple vulnerabilities, so the attack footprint grows much faster than the network. Even older devices and programs can hide previously unknown vulnerabilities, which means no part of a network is truly safe ground in terms of cybersecurity. When networks were smaller, IT teams simply tried to find and fix vulnerabilities as soon as possible, generally performing that task chronologically as problems were discovered. This gave rise to vulnerability and penetration testing to unmask as many vulnerabilities as possible with the goal of enabling the fixing of problems before an attacker could exploit them. The problem today—especially in federal IT where manpower shortages are a big issue—is not finding the vulnerabilities, it’s figuring out when to fix them all. Read more. [NEXTGOV.COM]
  46. Penetration Testing INSURANCE: NAIC Adopts Model Law on Cybersecurity…Will States Adopt It? On Oct. 24, the National Association of Insurance Commissioners (NAIC) formally approved the Insurance Data Security Model Law (model law). The NAIC is a standard setting and regulatory support organization consisting of the top insurance regulators from the 50 states, District of Columbia, and five U.S. territories. The model law applies to “licensees” which are defined as persons and nongovernmental business entities subject to the insurance laws of the state adopting the model law. In Pennsylvania, for example, this would encompass insurance companies and insurance producers (i.e., agents, agencies and brokers). Notably, this applies to nonresident licensees except for purchasing groups, risk retention groups or when acting as assuming insurer. For example, a broker resident in a state that has not adopted the model law, is potentially subject to the model law if they are also licensed in another state that has adopted the model law. Thus, it will be important to track what states enact the model law and also how uniformly the model law is enacted state to state. Find out more [LAW.COM]
  47. Open Source
  48. Open Source RANSOMWARE: Vortex and Bugware Ransomware Use Open Source Tools to Target .NET Users. A pair of ransomware variants called Vortex and Bugware are encrypting victims’ files by using open source repositories and targeting .NET users, researchers warned. Based on an investigation published by Zscaler, those affected by the two families are being hit with demands that, in the case of Vortex, start at $100 and double within less than a week. The researchers discovered live instances of the attacks using spam emails and links laden with malware. While Vortex was designed with open source encryption tool AESxWin, Bugware makes use of Hidden Tear code, a ransomware-like crypter sample. Read more [SECURITYINTELLIGENCE.COM]
  49. Open Source MOZILLA: Releases Open Source Speech Recognition Engine and Voice Dataset. After launching Firefox Quantum, Mozilla continues its upward trend and releases its Open Source Speech Recognition Model and Voice Dataset. Read more. [DESIGNMODO.COM] PROJECTS: OpenStack Foundation Announces New Open Source Container Project. The OpenStack Foundation has announced a new open source project called Kata Containers. Kata Containers aims to unite the security benefits of virtual machines and the speed and manageability of container technologies. Find out more [SDTIMES.COM]
  50. Open Source DEVELOPMENT: Five Open Source Tools for Developing IoT Applications. The Internet of Things is growing at a staggeringly fast pace, and is quickly coming to revolutionise virtually every aspect of modern life. Aspiring developers hoping to hop on board and profit off the growing phenomenon are constantly looking for the right tools to use. So what are the open source tools best suited for working with the IoT, and where can developers find them? According to, a plethora of open source tools lay at the disposal of any would-be developer eager and wise enough to use them. By utilising these five, you will find yourself tackling challenges and developing successful applications in no time. Read more [PUNCHNG.COM]
  51. Business Intelligence
  52. Business Intelligence BIG DATA: Three Ways to Turn Business Intelligence into a Business Advantage. Julian Burnett, CIO at retailer House of Fraser, explains how he has placed business intelligence (BI) front and centre at House of Fraser and offers best practice tips to CIOs around developing a strategy, honing that capability and exploiting innovation, including artificial intelligence (AI). Read more [ZDNET.COM] LEARN: 9 Ways You’re Failing at Business Intelligence. Solid business intelligence is essential to making strategic business decisions, but for many organizations, BI efforts are derailed by poor data practices, tactical mistakes and more. Read more. [ITWORLD.COM]
  53. Business Intelligence WHY: Business Intelligence Requires Natural Language Generation. Stuart Frankel, CEO of Narrative Science, discusses how Business Intelligence requires natural language generation (NLG) technology, a subset of artificial intelligence, that transforms data and analysis into concise, intelligent and human-sounding language that anyone can understand. This transformation occurs in mere seconds, at a scale only possible with AI-powered software, freeing up workers from tedious, manual data analysis processes. Find out more [INSIDEBIGDATA.COM] READ: 12 Ways to Empower Government Users With the Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT resources under constant pressure, with no end in sight? Your agency is not alone. With limited access to dedicated information technology resources, non-technical end users often play the waiting game, relying on IT staff to do simple tasks like generating custom queries and embedding them within applications. Here are ways to empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find out more [BLUEMT.COM]
  54. Business Intelligence READ: 12 Ways to Empower Government Users With the Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT resources under constant pressure, with no end in sight? Your agency is not alone. With limited access to dedicated information technology resources, non-technical end users often play the waiting game, relying on IT staff to do simple tasks like generating custom queries and embedding them within applications. Here are ways to empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find out more [BLUEMT.COM]
  55. Business Intelligence READ: Business Intelligence vs. Business Analytics: Where BI Fits Into Your Data Strategy. While BI leverages past and present data to describe the state of your business today, business analytics mines data to predict where your business is heading and prescribe actions to maximize beneficial outcomes. Find out more [CIO.COM] U.S. GOVT FINANCE: 11 Ways to Speed Up Government Procurement. Buying with public money is difficult by design, but are there fair ways to fix it? Read more [GOVTECH.COM]
  56. Operating Systems
  57. Operating Systems WINDOWS: Remember WannaCry? It’s Not Too Late to Update Your Windows Systems. The WannaCry ransomware relied on a flaw in Windows code to infect and then paralyze computers, which the hackers promised to unlock for payment in bitcoin. If you run a PC, especially an older one that uses an operating system that Microsoft no longer regularly updates, it’s key to make sure you have a patch for this flaw. Here’s what to do to protect yourself. Read more [USATODAY.COM] LINUX: AT&T Wants White Box Routers with an Open Operating System. AT&T says it’s not enough to deploy white box hardware and to orchestrate its networks with the Open Network Automation Platform (ONAP) software. “Each individual machine also needs its own operating system,” writes Chris Rice, senior vice president of AT&T Labs, Domain 2.0 Architecture, in a blog post. To that end, AT&T announced its newest effort — the Open Architecture for a Disaggregated Network Operating System (dNOS). Find out more [LINUX.COM]
  58. Operating Systems APPLE: Releases Fix to Security Flaw in Mac Operating System. Apple released an update to its latest operating system for Mac computers and said it’s changing development practices after a significant security flaw was disclosed Tuesday that allowed people to log in without a password, potentially making private user data vulnerable. The issue, discovered in the macOS High Sierra operating system for laptops and desktops that was released in September, would let anyone enter the word “root” when prompted for a username, and provide no password when logging on to the device. That would permit unfettered access to the file system for a Mac, exposing private documents on that particular computer. One user reported the ability to also access the computer using the root login remotely. Read more [CHICAGOTRIBUNE.COM]
  59. Operating Systems QUESTION: What is a Hypervisor? A hypervisor is a process that separates a computer’s operating system and applications from the underlying physical hardware. Usually done as software although embedded hypervisors can be created for things like mobile devices. The hypervisor drives the concept of virtualization by allowing the physical host machine to operate multiple virtual machines as guests to help maximize the effective use of computing resources such as memory, network bandwidth and CPU cycles. Read more. [NETWORKWORLD.COM]
  60. BYOD
  61. BYOD SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass study pointed out some interesting statistics: Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft. 61% of respondents also had reservations about Apple’s Face ID technology. Given that the general concept in security has always been to eliminate passwords and use MFA, the results are surprising, so why the disconnect? Read more [INFOSECURITY-MAGAZINE.COM]
  62. BYOD DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The Marine Corps has been talking about implementing a bring-your-own-device strategy for more than three years as one way to cut costs and speed up its adoption of commercial smartphone technology. But the service’s chief information officer says the goal is still a long way off, and the Marines are still struggling to bring aboard the most modern mobile devices, even when they’re owned by the government. Read more. [FEDERALNEWSRADIO.COM] TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning Technology. Today, schools across the country look to educators to customize learning for their unique classrooms. Here is how educators are accomplishing this through unbundling and BYOD. Find out more [ESCHOOLNEWS.COM]
  63. BYOD FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are currently more than 7.7 billion mobile connections around the world. Thanks to the Internet of Things, it is predicted that the number of connected devices will reach an astounding 20.8 billion by 2020. With the average number of mobile devices owned per person currently estimated at 3.64, those devices are becoming necessary equipment for today’s workers. Yet while the private sector has been quick to establish Bring-your-own-device policies, the public sector has lagged behind because of security and privacy concerns. Despite several initiatives — including a White House-issued BYOD toolkit and two National Institute of Standards and Technology documents (800-124 and 800-164) giving guidance on securing devices that connect with government networks — many federal agencies are still reluctant to establish BYOD policies. Read more [GCN.COM]
  64. Incident Response
  65. Incident Response LEARN: Four Major Obstacles Preventing Effective Incident Response. When it comes to modern cyber security, an effective first response is critical but not always easy. Ryan Benson, Senior Threat Researcher at Exabeam, examines four of the most common challenges facing incident responders today and discusses how they can be mitigated. Read more [ITPROPORTAL.COM] ENTERPRISE: 4 Reasons to Rethink Incident Response Playbooks. For enterprise security teams, playbooks have long been a staple of the incident response strategy. The common opinion is, the better your playbooks, the more protected you’ll be in the event of a security incident. Teams lean on these documents to guide them through the response tactics of multiple threat scenarios, from ransomware to malware infection to the penetration of privileged user accounts. But there is a downside to playbooks that can also make them a major liability. Because playbooks are only useful against known threats, using known tactics against known adversaries, they can give a false sense of security. Read more [SECURITYINFOWATCH.COM]
  66. Incident Response OPINION: A Sustained, Practical Approach is Needed for Incident Response. In 2017, numerous security breaches have come to light with some of the largest companies falling prey to cyberattacks – TNT Express, BUPA, Equifax, Deloitte, Three, Sports Direct, NHS and the list goes on. The impact of the security incidents has been materially significant. The recent NotPetya attack has cost big companies millions of dollars in lost revenue. These companies have at their disposal a fair amount of resources, capital, people and capabilities. So, why can’t organizations get it right when mitigating the effects of security breaches? Read more. [INFOSECURITY-MAGAZINE.COM]
  67. Incident Response DHS: Plans to Step Up Cyber Agreements with Private Companies. The Department of Homeland Security is looking to step up its engagement with private sector entities in the wake of the May 2017 WannaCry attack. During a Dec. 19 briefing attributing the attacks to North Korea, Jeanette Manfra, assistant secretary for the office of cybersecurity and communications at DHS, signaled that the department was ready to enter a new phase of cybersecurity cooperation with companies that provide essential services to the U.S. economy. Find out more [FCW.COM]
  68. Incident Response THREATS: Throw Out the Playbooks to Win at Incident Response. Four reasons why enterprises that rely on playbooks give hackers an advantage. Read more [DARKREADING.COM] SECURITY THINK TANK: Ensure Incident Response in the Face of Inevitable Messaging Leaks. What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees? Read more. [COMPUTERWEEKLY.COM]
  69. Incident Response WHY: You Need a Cybersecurity Incident Response Plan (And How to Create One). “By failing to prepare, you are preparing to fail.” This simple wisdom from Ben Franklin is as valuable today as it was in the 18th century. Applied to today’s cybersecurity industry, the above quote can mean the difference between successful breach response and devastating loss of customer data and reputation. Find out more [SCMAGAZINE.COM] ENTERPRISE: Security Incident Response Trends to Watch in 2018. Resolve Systems shared the top trends to watch in 2018 relating to incident response and automation. The list of predictions are founded on the company’s insight into the challenges enterprises express in today’s new normal of high impact outages/breaches and why companies are investing in incident response and automation technology. Find out more [HELPNETSECURITY.COM]
  70. Cybersecurity
  71. Cybersecurity SECURITY & PRIVACY: Better Cybersecurity Starts with Fixing Your Employees’ Bad Habits. Cybercrime is here to stay, and it’s costing American firms a lot of money. The average annualized cost of cybercrime for global companies has increased nearly 62% since 2013, from $7.2 million to $11.7 million. And these are just the average direct costs. Target, which experienced a massive data breach in 2013, reported that the total cost of the breach exceeded $200 million. Verizon, which recently purchased Yahoo, may have snagged a $350 million discount because of three large-scale Yahoo data breaches that occurred in recent years. Given these costs, what can companies do? Read more [HBR.ORG]
  72. Cybersecurity FEDERAL: Donald Trump Signs Federal Ban on Kaspersky Lab Software. President Donald Trump signed into law legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. Read more. [FORTUNE.COM]
  73. Cybersecurity IoT: Drone Cybersecurity Policy Still Up in the Air. Citing a drone industry source with “first and secondhand access,” a memo sent by Immigration and Customs Enforcement intelligence office in Los Angeles to law enforcement organizations across the nation warned that small drones sold in the U.S. by Chinese drone maker Da Jiang Innovations (DJI) were most likely downloading sensitive data gathered in the U.S., including data on gas and water critical infrastructure sites, to the Chinese government’s cloud. Find out more [FCW.COM] STATE GOVERNMENT: Four Ways State and Local CIOs Can Boost Cybersecurity. Tanium Security Director Andre McGregor draws on his experience with the FBI to lend state and local government tech teams advice for keeping their networks and data secure. Find out more [STATESCOOP.COM]
  74. IT Management
  75. IT Management READ: All Management Is Change Management. Change management is having its moment. There’s no shortage of articles, books, and talks on the subject. But many of these indicate that change management is some occult subspecialty of management, something that’s distinct from “managing” itself. This is curious given that, when you think about it, all management is the management of change. Read more [HBR.ORG] NARA: Improvements Seen in Federal Records Management, but ‘There is Work to be Done’. Compliance, collaboration and accountability are the themes of the National Archives’ recommendations to agencies for improving how they handle paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency Records Management Annual Report. Read more. [FEDERALNEWSRADIO.COM]
  76. IT Management FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of Washington’s first efforts to bring technology business management to its IT spending practices began in 2010 when the legislature mandated annual reports and specific evaluation requirements for investments. As interest grew in monitoring the cost of IT along with the business services IT provides, officials in the Washington’s Office of the CIO worked to refine the strategy through the creation of a state TBM program. Find out more [GCN.COM]
  77. IT Management HR: A Blueprint for Improving Government’s HR Function. Government, at its core, is its employees and their commitment to serve the country. That fact is too often overlooked. While technology enables employees to make better, faster decisions, until artificial intelligence replaces the acquired knowledge of employees, agency performance will continue to depend on the skill and dedication of government workers. As such, civil service reform is increasingly important because workforce rules and regulations are out of sync with current management thinking. To use a basketball analogy, government is still shooting two handed set shots. Read more [GOVEXEC.COM]
  78. Application Development
  79. Application Development INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile development taking place within the federal government. Driven by a need for accelerated application development and meeting internal customers’ needs on the very first attempt, agencies like the General Services Administration and Department of Homeland Security have begun to move away from traditional waterfall project management frameworks and toward iterative, agile frameworks like scrum. Read more [GCN.COM]
  80. Application Development IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the federal government truly ready to embrace agile software development? Successful agile environments do not start with technology; they start with creating the right team. This can be harder than it may first appear, because agile challenges preconceived norms of how federal IT teams should be structured and the way they approach projects. Agile teams are typically a combination of individual contributors (particularly those from development and quality assurance backgrounds) who rarely work together but must now collaborate to achieve common goals. Read the rest [NEXTGOV.COM] ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is determined to get more agile to produce applications that can be useful in times of conflict. Find out more [INFORMATIONWEEK.COM]
  81. Application Development PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs doing to lure millennials into government IT? Government CIOs across the board are being forced to confront the retirement wave that’s about to decimate their ranks. But does the next generation of IT pros want the jobs their parents and grandparents are leaving behind? Read more [GOVTECH.COM]
  82. Big Data
  83. Big Data EDUCATION: Big Data Could Solve the College-Dropout Problem. America’s most famous college dropout thinks too many students are following his lead. Bill Gates, who left Harvard to found Microsoft, says it’s “tragic” that only half of the 2 million students who started college this fall will graduate. In a recent blog post, Gates hints at a solution: big data. Read more [WASHINGTONPOST.COM] TRENDS: New Big Data Trend Tracks ‘Digital Footprints’. Process mining shows how a company’s decisions work – or fail. Read more. [FT.COM]
  84. Big Data HADOOP: A Decade into Big Data. As we’ve moved through the various stages of big data – from the early Hadoop era to the data lake and and data fabric eras – we find ourselves wondering what will come next. Here are a few predictions. Find out more [DATANAMI.COM] HHS: Turns to Citizen Coders to Curtail Opioid Epidemic. The Health and Human Services Department thinks a solution to the opioid epidemic may lie in big data, and last week the agency called on programmers to help find it. More than 300 coders, entrepreneurs and public health advocates from around the country descended on Washington to compete in the first-ever HHS Code-a-Thon aimed at finding solutions to the opioid crisis. From Dec. 6 to 7, teams worked around-the- clock on projects that used government data to target the epidemic. Find out more [NEXTGOV.COM]
  85. Personal Tech
  86. Personal Tech DOWNLOADS: Resolutions for the Big (and Small) Screens. When it comes to streaming and downloading movies, find out the difference between standard definition and the high-definition versions. Read more [NYTIMES.COM] TECH TRAVEL: Checking Voice Mail While Abroad. Find out how to check voice mail on a smartphone when traveling in Europe. Read more. [NYTIMES.COM]
  87. Personal Tech STAY ALERT: Technology Can Be A Threat To Your Physical Safety. Discover the personal safety habits you can practice to stay safe at home and on the go. Find out more [FORBES.COM] HOW TO: Schedule Your Smartphone for a Little Peace and Quiet. Have you signed up for alerts from a bunch of news sites on your iPhone to keep up with the headlines, but now they’re waking you up at night with their sounds and turning on the phone screen? Find out how to mute the noises and phone screen light before bed without turning off the phone’s alarm clock. Read more [NYTIMES.COM]
  88. Mobile Applications
  89. Mobile ENTERPRISE: How Killing Net Neutrality Will Affect Enterprise Mobility. As the FCC prepares to eliminate net neutrality rules, allowing ISPs to charge more for some internet traffic based on speed of delivery, companies will have to rethink how mobile apps are created and how they host content. Read more [COMPUTERWORLD.COM] FINANCIAL: Most Cryptocurrency Mobile Apps Are Vulnerable. Mobile cryptocurrency app report finds that many apps are vulnerable to cybersecurity threats after testing the Google Play Store’s Top 30 Financial apps. Read more. [APPDEVELOPERMAGAZINE.COM]
  90. Mobile DIGITAL WORKSPACE: DOD Creates New Security Requirements for Mobile Apps. The Defense Department has outlined baseline standards that mission-critical and business mobile applications need to meet. Find out more [FEDTECHMAGAZINE.COM] LOCAL: App Brings SA Government Contract Leads to Local Bidders. A pair of U.S. military veterans-turned-entrepreneurs in San Antonio are banking on big returns from a app geared toward connecting small businesses with the government procurement process — both for municipalities seeking bids from local companies and for businesses looking to break into the market. Find out more [BIZJOURNALS.COM]
  91. Programming & Scripting Development Client & Server-Side
  92. Programming & Scripting Development Client & Server-Side JAVASCRIPT: AWS Streamlines Cloud Services for JavaScript Developers. Amazon Web Services has developed a declarative JavaScript library, AWS Amplify, to aid building cloud-enabled applications via categories of cloud services instead of via individual service contracts. Read more [INFOWORLD.COM] JAVA: Java Microservices, Resiliency, and Istio. KubeCon + CloudNativeCon gathers all Cloud Native Computing Foundation (CNCF) projects under one roof to further the advancement of cloud native computing. At the upcoming event in Austin, Animesh Singh and Tommy Li of IBM will discuss how to build, deploy, and connect Java microservices with Istio service mesh. Here’s a preview of their presentation. Read more. [LINUX.COM]
  93. Programming & Scripting Development Client & Server-Side PYTHON: Uber Releases Pyro, An Open Source Probabilistic Programming Language. Pyro is Uber’s homegrown probabilistic programming language. The company says that it’s “a tool for deep probabilistic modeling, unifying the best of modern deep learning and Bayesian modeling.” By open sourcing Pyro programming language, Uber aims to accelerate research and applications of different deep learning-related techniques and decentralize them. Currently, in alpha stage, it’s developed by Uber AI Labs. Stanford University is also using Pyro. Read more [FOSSBYTES.COM]
  94. Programming & Scripting Development Client & Server-Side DEVELOPER TOOLS: Google’s Angular, Apple’s Swift: Meet the Decade’s Fastest- Growing Developer Tech. Stack Overflow’s latest look at fast rising and falling technologies has found that Google’s Angular framework for building web and native apps, and Swift, Apple’s language for building iOS apps, have been by far the two fastest-growing developer technologies of the past decade. Find out more [ZDNET.COM]
  95. Programming & Scripting Development Client & Server-Side ENTERPRISE-SCALE DEVELOPMENT: What is TypeScript? Industrial-strength JavaScript. JavaScript is the language of the web, but it’s tough to manage for enterprise-scale development. TypeScript offers an attractive alternative. Read more. [ARNNET.COM.AU] INTERVIEW: Q&A with Java Chair Heather VanCura. As the current Chair, Heather VanCura leads the activities of the JCP Program Office, manages its organization’s membership, guides spec leads and experts through the process, leads the Executive Committee (EC) meetings, and manages the Web site. Read her insights on the future of Java development. Find out more [ADTMAG.COM]
  96. Cloud Computing
  97. Cloud Computing FOG COMPUTING: One Big Fat Cloud Computing Prediction For 2018. For 2018, expect to see cloud computing morph into a new, more distributed form, which many observers and some vendors (mainly Cisco) are referring to as “fog computing.” The US office of National Institute of Standards and Technology (NIST) has weighed in on fog computing with a document of its own, so it can be said that it officially is now a thing. NIST defines fog as “a horizontal, physical or virtual resource paradigm that resides between smart end-devices and traditional cloud or data centers. This paradigm supports vertically-isolated, latency-sensitive applications by providing ubiquitous, scalable, layered, federated, and distributed computing, storage, and network connectivity.” Read more [FORBES.COM]
  98. Cloud Computing LEARN: What AWS and Cloud Computing Can Teach Us About Tomorrow’s SD-WAN Cloud Carrier. The cloudification of network and security infrastructure could usher in a new era of agile and fast IT services. Read more. [ITPROPORTAL.COM] CLOUD CUSTOMERS: Cloud Computing: What It’s Like to Make the Move. Cloud computing customers on why they made the migration and what companies following in their footsteps should, and should not, do. Find out more [ZDNET.COM]
  99. Cloud Computing FEDERAL GOVERNMENT: Roadmapping the Future of Cloud Computing. Just three years after the Federal Cloud Computing Strategy was created, cloud computing has changed the federal IT landscape, with an increasing number of agencies leaping to the cloud to realize efficiencies, increase capabilities and spur innovation. However, the government is still in the early stages of cloud computing adoption, and despite successful standardization efforts like FedRAMP that have bolstered cloud’s credibility in the federal space, the government has work to do to ensure security, interoperability and portability within and among its federal cloud environments. Read more [NEXTGOV.COM]
  100. Cloud Computing FORECAST: 10 Ways Cloud Computing Will Evolve In 2018. Businesses are using and deploying private, public and hybrid clouds in a number of ways, shaping the direction of the space over the next 12 months. Read more [CMSWIRE.COM] CLOUD FACTS: Getting Bigger But More Complicated Too. The idea of one big cloud is being replaced with smaller clouds, shaped by local laws and needs, while consultants warn of ‘digital fragmentation’. Read more [ZDNET.COM]
  101. Cloud Computing FEDERAL GOVERNMENT: This Agency Tech Shop is All-in for Cloud Computing. Small Business Administration Deputy CIO Guy Cavallo describes how SBA equipped thousands of temporary employees to deal with all of the hurricanes and fires. SBA, it turns out, also deals with loans to homeowners, not just small businesses, after disasters. So far, it’s issued $2 billion in disaster loans this year. In the past, he said, the field workers would need two machines, one at headquarters to run the application and a portable one so they could log on remotely. Cavallo said, “We’d just go out and buy new computers for everyone.” Afterwards, all that gear would be gathered in a corner to collect dust until the next time. Now, everyone has a cloud-hosted virtual desktop, so equipping field temps only requires one computer, not two. Read more. [FEDERALNEWSRADIO.COM]
  102. Cloud Computing AWS: Amazon Announces AWS Secret Region for Intelligence Agencies. Three years after launching Top Secret Region, Amazon has announced Secret Region for US intelligence agencies, as well as other government agencies dealing with secret-level data. Find out more [ZDNET.COM]
  103. Announcement
  104. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  105. IT Security | Cybersecurity
  106. IT Security | Cybersecurity SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism researchers, AI developers, government scientists, threat-intelligence specialists, investors and startups gathered at the second annual WIRED conference to discuss the changing face of online security. These are the people who are keeping you safe online. Their discussions included Daesh’s media strategy, the rise of new forms of online attacks, how to protect infrastructure, the threat of pandemics and the dangers of hiring a nanny based on her Salvation Army uniform. Read more [WIRED.CO.UK] IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to get the most out of your workers and keep your business safe. Read more. [TECHREPUBLIC.COM]
  107. IT Security | Cybersecurity FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity. The federal government is and will continue to be a target of cyber crimes. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017 show 791 incidents as of the end of June – a 29 percent increase over the same period in 2016. With that said, is the government doing enough to prepare for cyber threats? On this episode of CyberChat, host Sean Kelley, former Environmental Protection Agency chief information security officer and former Veterans Affairs Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas) about initiatives to modernize the federal cybersecurity space. Read more [FEDERALNEWSRADIO.COM]
  108. IT Security | Cybersecurity STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask Federal Government for Help. A letter to the Office of Management and Budget says that today’s regulatory environment “hampers” states in their pursuit of cost savings and IT optimization. Find out more STATESCOOP.COM]
  109. From the Blue Mountain Data Systems Blog Programming & Scripting 29-2017/ Cloud Computing 2017/ Business Intelligence 2017/ Mobile Applications 2017/
  110. From the Blue Mountain Data Systems Blog Personal Tech Databases Penetration Testing 2017/ Incident Response 2017/
  111. From the Blue Mountain Data Systems Blog Security Patches 2017/ Operating Systems 2017/ Encryption Cloud Computing 2017/
  112. From the Blue Mountain Data Systems Blog Open Source 5-2017/ CTO, CIO and CISO Programming & Scripting 5-2017/
  113. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers The Security World’s Maturation Data Breach Concerns Keep CISOs Up At Night Personalized Govt Equals Instant Gratification for Citizens citizens/
  114. From the Blue Mountain Data Systems Blog People-Centric Security Pentagon Tries BYOD To Strike Work/Life Balance Open Source Model Considered for MS Windows Open Internet: To Be or Not to Be?
  115. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites websites/ Machine-Generated Data: Potential Goldmine for the CIO cio/ Government Legacy Programs: Reuse vs. Replacement It Takes a Whole Village to Protect Networks and Systems systems/
  116. From the Blue Mountain Data Systems Blog Governance For the CIO Help Desk Consolidation – Lessons Learned One Year Later, Companies Still Vulnerable to Heartbleed heartbleed/ Federal Projects Cultivate Worker Passion
  117. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >>
  118. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  119. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  120. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL WEB