Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tech Update Summary from Blue Mountain Data Systems July 2018

1,577 views

Published on

July 2018: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

Published in: Software
  • Be the first to comment

  • Be the first to like this

Tech Update Summary from Blue Mountain Data Systems July 2018

  1. 1. Blue Mountain Data Systems Tech Update Summary July 2018
  2. 2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems https://www.bluemt.com
  3. 3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for July 2018. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. 4. Network Security
  5. 5. Network Security VIDEO: What A 3D Printed Pelvis Can Teach Us About Network Security. Christiaan Beek discovered that he could make a living off a passion that starts as an interest: hacking. Now he leads one of the most sophisticated threat research teams in the global cyber-security industry. Read more [FORBES.COM] OPINIONS: Overcoming the Siloed Network Security Challenge. As organizations’ potential attack surface expands and attack volumes increase, it is imperative to track the most popular and successful strategies of cyber-criminals to stay ahead of their malicious intentions. As a result, facing up to current security challenges requires enterprises to think outside of the box. Read more [INFOSECURITY-MAGAZINE.COM]
  6. 6. Network Security IT BEST PRACTICES: OPAQ Enables Total Network Security from the Cloud. OPAQ built a global network infrastructure and embedded enterprise-grade security services that even extend to an organization’s endpoints. Read more [NETWORKWORLD.COM] CONNECTIVITY AS CODE: Making Network Security DevOps-Friendly. DevOps is all about agility, with fast, short delivery cycles and automation for software development and applications. Enabled by recently introduced technologies such as virtualization, cloud and software-defined networking (SDN), spinning up new servers, provisioning storage in a public or private cloud or even launching whole environments can take just minutes or even seconds. But if that new application, service or environment needs a change in network connectivity or firewall rules to enable it to work, then the pace of delivery can often slow to a crawl. Read more [DEVOPS.COM]
  7. 7. Encryption
  8. 8. Encyption INDUSTRY INSIGHT: Using Encryption to Help Fight Data Breaches. With increasingly porous networks and expanding use of cloud resources, traditional endpoint and network security are no longer sufficient. When implemented as a part of the initial development, data security — most especially, encryption — offers increased protection to known and unknown sensitive data in advanced technology environments. Read more [GCN.COM] ID MANAGEMENT: What If Your Data Could Secure Itself? While the government manages and secures large, complex and often outdated legacy IT systems, as federal agencies modernize their IT, it is possible to harden systems from the inside out by encrypting and anonymizing data to minimize the potential for loss when an adversary invades. Read more [NEXTGOV.COM]
  9. 9. Encyption HOW: The US Government Secretly Sold ‘Spy Phones’ to Suspects. In 2010, a suspected cocaine smuggler named John Krokos bought encrypted BlackBerry devices from an undercover Drug Enforcement Administration agent. That sort of federal subterfuge is par for the course. But in this case, the DEA held onto the encryption keys—meaning that when the government moved on Krokos and his alleged collaborators a few years later, they could read the emails and messages that passed to and from the phone. Read more [WIRED.COM] SECURITY: PGP Encryption Won’t Protect Your Data. But PURBs Can. You may think that encrypting your sensitive files with, say, PGP may protect your data – but you’d be wrong. Most encryption formats leak a lot of plaintext metadata, and that’s a problem. Here’s what you need to know. Read more [ZDNET.COM]
  10. 10. Databases
  11. 11. Databases DATA MANAGEMENT: GraphQL for Databases: A Layer for Universal Database Access? GraphQL is a query language mostly used to streamline access to REST APIs. Now, a new breed of GraphQL implementations wants to build an abstraction layer for any database on top of GraphQL, and it seems to be catching up. Read more [ZDNET.COM] MICROSOFT: Microsoft Graph Explorer – A Good Tool That’s Not Yet Ready. The GraphQL tools for programming the Microsoft 365 platform are promising but lack the needed integration into developer tools. Read more [INFOWORLD.COM]
  12. 12. Databases AMAZON CTO: Our Cloud Offers Any Database You Need. Oracle Corp. may still be the biggest provider of databases, one of the foundations of today’s data-driven businesses, but Amazon.com Inc. wants the world to know there’s more to databases than the venerable giant’s brand. Read more [SILICONANGLE.COM] CYBERSECURITY: Oracle Plans to End Java Serialization, but That’s Not the End of the Story. Recently, on the “Ask The Architect” session from the Devoxx UK 2018 conference, Oracle’s chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a “horrible mistake” and a virtually endless source of security vulnerabilities. Read more [SECURITYINFOWATCH.COM]
  13. 13. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  14. 14. Federal Tech
  15. 15. Federal Tech FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape, Modernize Government Technology. The size and scope of the federal government’s information technology landscape only continues to grow and in a way that makes it incredibly difficult to change. In the Federal Chief Information Officers Council’s latest study, the current state of government IT is described as monolithic. And, it is not meant as a compliment. Read more [FEDERALNEWSRADIO.COM]
  16. 16. Federal Tech OPINION: Government Efforts to Weaken Privacy are Bad for Business and National Security. The federal government’s efforts to require technology and social media companies to relax product security and consumer privacy standards – if successful – will ultimately make everyone less safe and secure. Read the rest [INFOSECURITY-MAGAZINE.COM] PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies had to send DNA samples to government labs and wait for it to get tested, which could take days or even weeks. Find out more [GOVTECH.COM]
  17. 17. Federal Tech MODERNIZATION: Making Modernization Happen. Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump’s words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead. Read more [FCW.COM]
  18. 18. State Tech
  19. 19. State Tech SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more [HSTODAY.US.COM]
  20. 20. State Tech ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest [GCN.COM] ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more [GOVTECH.COM]
  21. 21. State Tech ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more [ENTERPRISERSPROJECT.COM]
  22. 22. Electronic Document Management
  23. 23. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  24. 24. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  25. 25. Section 508 Compliance & WCAG 2.0
  26. 26. Section 508 Compliance & WCAG 2.0 BRIEF: Web Accessibility Isn’t a ‘One-and-Done’ Task. Website accessibility is not a “one and done” task, a law firm is warning businesses after an 11th U.S. Circuit Court of Appeals ruling against Hooters. Read more [HRDIVE.COM] TESTING: Why Using Scanning Tools for ADA Compliance Isn’t a Great Idea. There are paid and free scanning tools that claim to assess website ADA compliance, but often these types of tools miss important factors in determining if your site will meet compliance standards. Read more [CUINSIGHT.COM]
  27. 27. Section 508 Compliance & WCAG 2.0 FEDERAL GOVERNMENT: How Feds Can Ensure Everyone Can Access Tech Tools. The U.S. Access Board released a new set of Section 508 requirements in 2017 designed to meet modern accessibility standards. Compliance with those standards became mandatory for federal agencies on Jan. 18. (Legacy technology that complies with the original standard is exempt.) To meet the new requirements, agencies have to understand them. Here are key considerations that IT teams must deal with as they strive to meet the new Section 508 standards. Read more [FEDTECHMAGAZINE.COM]
  28. 28. Section 508 Compliance & WCAG 2.0 QUESTION: Is Your Website ADA-compliant? Avoid Becoming a Litigation Target. Public-facing businesses remain targets of litigation claiming that their websites are not accessible under Title III of the Americans with Disabilities Act (ADA) and similar state and local laws. The number of such lawsuits continues to trend upward, particularly in Florida, New York and California. Read more [MIAMIHERALD.COM]
  29. 29. Security Patches
  30. 30. Security Patches ADOBE: Fixes Over 100 Vulnerabilities in Latest Security Patch Update. Adobe has released a huge patch update which resolves over 100 vulnerabilities in a range of popular software. Adobe Flash, Acrobat, Connect, Experience Manager, and Reader are all affected. The bugs impact Linux, macOS, Chrome OS, and Windows machines. In total, 112 vulnerabilities have been patched, the majority affecting Adobe Acrobat and Adobe Reader. However, there are no zero-day vulnerabilities reported in this update. Read more [ZDNET.COM] MICROSOFT: Yanks Buggy Office 2016 Patch KB 4018385, Republishes All of This Month’s Patch Downloads. Bugs galore in the July patches led to an unprecedented (and unexplained) re-release of everything, and a complete takedown of KB 4018385. Note to self: Who’s testing this stuff? Read more [COMPUTERWORLD.COM]
  31. 31. Security Patches GOOGLE: Rolls Out New Security Patch to Fix 11 Issues in Pixel, Nexus Phones. There are 11 issues resolved in the July security patch dated 2018-07-01 and 32 for 2018-07-05. Vulnerabilities range from high to critical, with the most severe relating to the media framework and a remote attacker possibly executing arbitrary code through a crafted file. Read more [ECONOMICTIMES.COM] CISCO: Patches High-Severity Bug in VoIP Phones. Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS. Read more [THREATPOST.COM]
  32. 32. CIO, CTO & CISO
  33. 33. For the CIO, CTO & CISO CIO: Continuous Learning is Key to Digital Transformation. Lexmark CIO Brad Clay, who is upgrading everything from how Lexmark replenishes printer toner to how employees consume corporate information, says the company must learn fast and learn continuously. Read more [CIO.COM] CTO: Open Source Software Can Be Profitable. Bikash Koley came to Juniper with a clear understanding of the power of open source software, from his years at Google as a senior network architect who helped drive things such as OpenConfig, getting the industry to rally around key standards for next-gen networks. As the CTO of Juniper Networks Inc., however, he is seeing the other side of open source and how it is transforming vendor business models. Read more [LIGHTREADING.COM]
  34. 34. CIO, CTO & CISO CISO: Former Air Force CISO Peter Kim Lands at Raytheon. Peter Kim, who left the Air Force in early June after serving as its chief information security officer, has been hired as director of IT security and governance at Raytheon subsidiary Raytheon Missile Systems. Read more [FEDSCOOP.COM] FEDERAL GOVERNMENT: Former Federal CIO Tony Scott’s Federal Foresight. Tony Scott was the Federal government’s third chief information officer, serving the nation in that role from 2015 through early 2017. During his time at the helm of government-wide IT, Scott led the development of 2016’s State of Federal IT Report, which left a lasting roadmap for modernization progress in the Federal government. Scott sat down with MeriTalk founder Steve O’Keeffe at MeriTalk’s 2018 Cloud Computing Brainstorm to discuss that progress and all the pieces in play in today’s Federal IT environment. Read more [MERITALK.COM]
  35. 35. Penetration Testing
  36. 36. Penetration Testing FAQs: How to Choose Between Penetration Tests and Vulnerability Scans. Even seasoned cybersecurity professionals confuse penetration tests with vulnerability scans. Both play an important role in the security practitioner’s toolkit, but they vary significantly in scope and expense. Here are answers to some common questions about the topic. Read more [EDTECHMAGAZINE.COM] SPACE ROGUE: A Security Rebel Turned Pen Tester. Cris Thomas, who also goes by the pseudonym Space Rogue, is the global strategy lead at IBM X-Force Red. In a recent interview, he spoke about his work as a penetration testing specialist, his role as a cybersecurity activist in the late 1990s — and the recent reunion of his influential hacking group on Capitol Hill. Read more [SECURITYINTELLIGENCE.COM]
  37. 37. Penetration Testing ELECTIONS: Cybersecurity Firm Offers Free Penetration Testing to States Ahead of Midterm Elections. Synack is the latest tech company to offer its services to states worried about election security this year. Read more [STATESCOOP.COM] RESEARCH: Industry Report Cites Mounting Threats to Election Infrastructure. According to recent research from one cybersecurity firm, state and local election infrastructure is becoming a more popular target for state-sponsored cyberattacks. Read more [GOVTECH.COM]
  38. 38. Open Source
  39. 39. Open Source DEVELOPERS: Why It’s Time to Be More Open About How Projects are Run. Security isn’t the only consideration as you assess which open source projects to rely on; governance, community and professionalism matter too. Read more [ZDNET.COM] LINUX: The Number One In-Demand Skill: Open Source Career Trends. The Linux Foundation and Dice.com have released their annual Open Source Jobs Report. Over 750 hiring managers and 6,500 open source professionals were interviewed about the challenges they face, what they look for, and what technology affects hiring decisions. Read more [JAXENTER.COM]
  40. 40. Open Source GitHub: Changes to EU Copyright Law Could Derail Open Source Distribution. A proposed European law would mandate that content providers utilize some kind of content filter to make sure rights holders get their royalties. But for a public open source code repository, such a contraption could be a nuisance, or it could be catastrophic. Read more [ZDNET.COM] WHY: Open Source Needs Marketing (Even Though Developers Hate It). The concept of creative commons is far older than the advent of Linux some 25 years ago. Like creative commons, word of mouth has long been the foundation of open- source marketing. Indeed, it is how open source has grown its community of contributors. Talk to just about any developer, however, and they’ll tell you they don’t want to be marketed to — not in the traditional sense, anyway. So, what role does marketing have and what value does marketing bring to the open-source community? Read more [FORBES.COM]
  41. 41. Business Intelligence
  42. 42. Business Intelligence INDUSTRY INSIGHT: Delivering Citizen-Centric State Government. When faced with challenges of meeting the ever-increasing expectations of a demanding citizenry, CIOs can now turn to modern tools to help state agencies interact with their citizens. Cloud-based solutions provide ubiquitous infrastructure and modern web- and mobile-based access, business intelligence delivers comprehensive information to solve a citizen’s unique problem and automation provides a cost-effective and secure way of bridging legacy systems without the need for massive fork-lift system upgrades. Read more [GCN.COM]
  43. 43. Business Intelligence GOVERNMENT & STARTUPS: Potential of Government-tech Start-ups and Their Framework. According to Gartner, Government-Tech is $ 400 billion market globally and is slowly getting attention of the governments, new age startups and venture capitalist for bringing efficiency and transparency into the age-old problems. Legacy systems, paper-based processes, and outdated technology are a matter of concern and are disarming for governments and citizens alike. In a connected world the manner in which the citizens want to deal with government and the public sector is changing. Read more [ENTREPRENEUR.COM] TECHNOLOGY SPENDING: From Public Cloud to Security Measures. As far as business intelligence and analytics software is concerned, 48% of recently-surveyed CIOs expressed that they foresee Microsoft growing the most in strategic importance. Read more [THESTREET.COM]
  44. 44. Business Intelligence FEDERAL GOVERNMENT: 12 Ways to Empower Government Users With the Microsoft Business Intelligence (MBI) Stack. Your agency’s use of Microsoft Business Intelligence (MBI) tools and reporting services help advance your organization’s ROI and autonomy for your users. Read more [BLUEMT.COM]
  45. 45. Operating Systems
  46. 46. Operating Systems MOBILE: Project ‘Fuchsia’ – Google Is Quietly Working on a Successor to Android. For more than two years, a small and stealthy group of engineers within Google has been working on software that they hope will eventually replace Android, the world’s dominant mobile operating system. As the team grows, it will have to overcome some fierce internal debate about how the software will work. The project, known as Fuchsia, was created from scratch to overcome the limitations of Android as more personal devices and other gadgets come online. It’s being designed to better accommodate voice interactions and frequent security updates and to look the same across a range of devices, from laptops to tiny internet- connected sensors. Google Chief Executive Officer Sundar Pichai has set his company in this direction — toward artificial intelligence services that reach consumers everywhere. Yet its prime operating systems, which depend on scores of hardware partners, haven’t kept up. Read more [BLOOMBERG.COM]
  47. 47. Operating Systems COMPARISON: Chrome OS Vs Windows Laptops – Which Operating System Is Better For You? While there may once have been a time when you decided between either a Windows or Mac computer, these days there’s another option to consider — the Chromebook. Chromebooks have grown in popularity over the past five years or so as an excellent way to get many of the features you would expect in a laptop, in a lightweight and affordable box. Of course, because of the fact that Chrome OS — the operating system that runs on Chromebooks — are so lightweight, there are a few features that Chromebooks don’t offer, and that you will instead find on Windows laptops. That won’t matter for everyone — if you don’t need those features, then it doesn’t really matter if you don’t have them. Here’s a rundown of the major differences between Chromebooks and Windows laptops. Read more [FORBES.COM]
  48. 48. Operating Systems MICROSOFT: Already Working on Next-Gen Operating System? A recent press release by Synaptics, named, Synaptics, AMD Collaborate on Enterprise-Grade Biometric PC Security for Next-Generation Microsoft Operating System, suggests that Microsoft is working on a next-generation operating system already. Read more [GHACKS.NET] FEDERAL GOVERNMENT: Agencies Get Access to New Mobile Phishing Protections. Technology from Lookout, which received funding from the Department of Homeland Security, can now help agencies guard against phishing attacks on mobile devices. Read more [FEDTECHMAGAZINE.COM]
  49. 49. BYOD
  50. 50. BYOD SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass study pointed out some interesting statistics: Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft. 61% of respondents also had reservations about Apple’s Face ID technology. Given that the general concept in security has always been to eliminate passwords and use MFA, the results are surprising, so why the disconnect? Read more [INFOSECURITY-MAGAZINE.COM]
  51. 51. BYOD DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The Marine Corps has been talking about implementing a bring-your-own-device strategy for more than three years as one way to cut costs and speed up its adoption of commercial smartphone technology. But the service’s chief information officer says the goal is still a long way off, and the Marines are still struggling to bring aboard the most modern mobile devices, even when they’re owned by the government. Read more. [FEDERALNEWSRADIO.COM] TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning Technology. Today, schools across the country look to educators to customize learning for their unique classrooms. Here is how educators are accomplishing this through unbundling and BYOD. Find out more [ESCHOOLNEWS.COM]
  52. 52. BYOD FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are currently more than 7.7 billion mobile connections around the world. Thanks to the Internet of Things, it is predicted that the number of connected devices will reach an astounding 20.8 billion by 2020. With the average number of mobile devices owned per person currently estimated at 3.64, those devices are becoming necessary equipment for today’s workers. Yet while the private sector has been quick to establish Bring-your-own-device policies, the public sector has lagged behind because of security and privacy concerns. Despite several initiatives — including a White House-issued BYOD toolkit and two National Institute of Standards and Technology documents (800-124 and 800-164) giving guidance on securing devices that connect with government networks — many federal agencies are still reluctant to establish BYOD policies. Read more [GCN.COM]
  53. 53. Incident Response
  54. 54. Incident Response INSURANCE: Chubb Enhances Global Cyber Incident Response Management Capabilities. Chubb announced that it has enhanced its cyber incident response management capabilities and launched two new ways of accessing the service: a mobile application and a dedicated website. As the threat of cyber risks facing commercial enterprises increases, Chubb has expanded its network of incident response management firms to include services in more than 50 countries across Europe, North and South America, Asia Pacific and Africa. Read more [INSURANCEJOURNAL.COM]
  55. 55. Incident Response RESOURCES: 5 Fundamental Incident Response Checklists. Once you have a good understanding of the phases of incident response, it’s time to start developing and implementing incident response checklists that are customized for your organizations. IR checklists can help your security team efficiently respond to incidents by following a systematic process. Here are some ideas to help you build your own incident response checklists. Read more [SECURITYBOULEVARD.COM] ACQUISITION: Agencies Can Pilot Mobile Phish-Blocking Tech Through DHS. Technology funded by the Department of Homeland Security to block phishing attacks on mobile devices is now available to agencies to test through a select number of licenses provided by the department. Read more [FEDSCOOP.COM]
  56. 56. Incident Response BEST PRACTICES: What to Consider When Developing or Refining your Cyber Incident Response Plan. Companies should consider instituting and strengthening plans for when — not if — they suffer a cybersecurity incident. Read more [PROPERTYCASUALTY360.COM]
  57. 57. Cybersecurity
  58. 58. Cybersecurity TRANSPORTATION: Metro Cybersecurity Audit Highlights Growing Concerns at Agencies Across the Country. Washington DC-area Metro officials say they plan to focus on improving security throughout the transit system after a classified inspector general’s report concluded that the agency remains vulnerable to hacks and attacks that could imperil safety and day-to-day operations. Read more [WASHINGTONPOST.COM] STATES: With Russian Hacking Fresh in Mind, Washington State Beefs Up Elections Cybersecurity. Exercises that simulate a hacking attempt. Assistance from the U.S. Department of Homeland Security, with higher-level security clearances for top state officials. A Washington National Guard contingent ramping up to go on alert. In years past, you might have mistaken these preparations as defense against a foreign invasion. But in Washington, in 2018, this is what officials are doing to safeguard the state’s elections systems. Read more [SEATTLETIMES.COM]
  59. 59. Cybersecurity QUESTION: Why Are So Many Execs Sleeping On Cybersecurity? Cybersecurity is like fire prevention: Sure, your house is probably not going to catch on fire this year, but you install smoke detectors and pay your insurance premiums anyway. In fact, these days, it’s much more likely you’ll wake up to find your business has been shut down by hackers than arriving home to a pile of smoldering embers where your house used to be. And yet there are many business leaders who are resistant to investing in systems and training to protect against cyberattacks. Read more [FORBES.COM] OPERATIONS: 6 Ways Greed Has a Negative Effect on Cybersecurity. The security industry can both make money and stay true to its core values. Here are six prominent examples of how greed is taking us further away from solving the problems we face. Read more [DARKREADING.COM]
  60. 60. Cybersecurity FEDERAL GOVERNMENT: 10 Cybersecurity Issues New Federal CISO Should Focus On. If you haven’t heard, there’s a new federal chief information security officer in town — or, in the White House. The Office of Management and Budget announced Grant Schneider as the second federal CISO, filling the shoes of Greg Touhill after he stepped down in January 2017. Read more [GOVERNMENTCIOMEDIA.COM] STATE GOVERNMENT: States and Counties Are Not ‘Sitting Back’ on Election Cybersecurity, Officials Tell Congress. Federal, state and local officials said they are forging closer partnerships that will protect elections against cyberattacks, as lawmakers found distractions in Trump tweets, Google rankings, and other miscellany. Read more [STATESCOOP.COM]
  61. 61. Cybersecurity NNSA: Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency Official Says. The government should be focused on mitigating the danger any software can pose, rather than banning software from China and elsewhere, the NNSA CIO says. Read more https://fedtechmagazine.com/article/2018/ [NEXTGOV.COM] IoT: Continental Offers Cyber Security Solutions from Argus and Elektrobit for All Connected Vehicle Electronics. Technology company Continental recently announced it is offering end-to-end cyber security and wireless software update solutions integrated into connected vehicle electronics including telematics units, infotainment systems, gateways and more from Argus Cyber Security (Argus) and Elektrobit (EB). Read more [DARKREADING.COM]
  62. 62. Project Management
  63. 63. Project Management IoT: 6 Effects of the Internet of Things on Project Management. The internet of things has also become one of those tech buzzwords that loses a little more of its real meaning every time a Silicon Valley wannabe carelessly tosses it around. So what is the internet of things, really, and how does it intersect with project management? Read more [BUSINESS2COMMUNITY.COM] CITIES: Smart City Project Management – Avoiding Common Pitfalls. Smart city projects can be challenging for project managers, and in many respects they are different from other IT projects. Alex Grizhnevich, ScienceSoft, looks at ways to avoid common pain points. Read more [SMARTCITIESWORLD.NET]
  64. 64. Project Management OMB: Sharpens Guidance for Improving Programs and Curbing Improper Payments. In a pair of memos to agency heads, White House Budget Director Mick Mulvaney laid out how his office will monitor progress toward formalizing the improvement of program management and getting a better handle on long- standing efforts to avoid government payments to undeserving parties. Read more [GOVEXEC.COM] FEDERAL GOVERNMENT: Trump’s Executive Branch Restructuring – What If The Federal Government Is Beyond Streamlining? Can the federal government shrink? Or is the situation like the waistlines that paradoxically parallel the growth of the diet and fitness industry? Read more [FORBES.COM]
  65. 65. Application Development
  66. 66. Application Development WEB APPLICATION SECURITY: Creating a Strong Digital Battlefront. According to IDC, more than 70 percent of the U.S. workforce will be mobile by 2020. To improve the citizen experience — and productivity internally — many agencies are adopting enterprise-oriented apps that increase efficiency by cutting down on paperwork and other manual processes. Web and mobile apps for parks, libraries and the DMV, for instance, provide citizens with information and services faster than ever — letting people use online chat features to have questions answered or digitally update their car registrations. But the software enabling these conveniences may lack the security features required to process sensitive data. Read more [GCN.COM] DevOps: Making the Development Cycle More Secure. The promise of secure DevOps can be realized through security technologies such as dynamic authorization. Read more [DEVOPS.COM]
  67. 67. Application Development RED HAT: Red Hat Launches Fuse 7 and Buildah 1.0 to Advance App Development. Red Hat is boosting its application development efforts with a pair of new releases, including Fuse 7 and Buildah 1.0, that will help developers to build and integrate cloud native container applications. Read more [EWEEK.COM] PRODUCTIVITY: Don’t Let Your Application Backlog Sink Your Digital Transformation. As companies proceed with their digital transformations, software becomes increasingly strategic and pervasive – which means they need more of it. Lots more. The demand for new and updated applications and software infrastructure as well as individual features and capabilities is exploding. And yet, every such company is resource constrained, as professionals who are able to build and run such software are in short supply. Read more [FORBES.COM]
  68. 68. Big Data
  69. 69. Big Data DATA: The Big Problem with Big Data? Without Theory, It’s Just Garbage. The idea that big data will enable more control of behaviour may be a lot of hype. Uta Frith, a developmental psychologist who works at University College London, is interviewed bout mind over matter, big data and her fear that AI will lead to loss of meaningful jobs. Read more [WIRED.CO.UK] ANALYTICS: 3 Big Data Platforms Look Beyond Hadoop. Learn how the Cloudera, Hortonworks, and MapR data platforms are evolving to meet the demands for real- time analytics and machine learning. Read more [INFOWORLD.COM]
  70. 70. Big Data FINTECH: Regulators Need To Use Big Data, Artificial Intelligence To Meet Fintech Challenge, Says U.S. Rep. Regulators need to start using Artificial Intelligence (AI) to adapt rules quickly to a rapidly changing financial system, a Republican Congressman who is often mentioned as the next possible head of the House Financial Services Committee said today. To meet the fintech challenge, Rep. Patrick McHenry (R-NC) also called for regulators to begin employing Big Data to develop strategies. Read more [FORBES.COM]
  71. 71. Big Data HIRING: How Big Data Can Help You Find and Hire the Most Elusive Talent. Earlier, companies had little to guide them on a potential applicant’s future flight risk other than gut feeling. Now, tools integrated with artificial intelligence (AI) and deep analytic capabilities can parse the data on your company’s current employees — including their prior experiences, skills and latest achievements — to learn what good candidates look like based on past hiring decisions. In addition to your own enterprise data, AI can look at data from across the industry to build a profile that can then be applied to cull resumes, screen candidates based on warning signs, and grade and rank a shortlist of qualified candidates for each job opening. Read more [ENTREPRENEUR.COM]
  72. 72. Internet of Things (IoT)
  73. 73. Internet of Things (IoT) CITIES: 6 Ways The Internet Of Things Is Improving The Quality Of Urban Life. So how are cities currently leveraging IoT to improve urban life and boost the happiness of city dwellers? Here are six examples. Read more [FORBES.COM] READ: The Internet of Things Era: 6 Ways to Stay Safe. While the Internet of Things (IoT) is full of promise and can, in many ways, make our lives easier, it comes at a cost. The devices that we carry around in our pockets and place in our homes control access to our possessions, and our most intimate personal details. In the wrong hands, those gadgets have the power to put our physical safety at risk. You need to stay safe. Read more [REUTERS.COM]
  74. 74. Internet of Things (IoT) SLIDESHOW: 10 Ways the Internet of Things Will Make Our Lives Better. The Internet of Things (IoT) links a wide range of devices — including wearables, smart appliances, and driverless cars — to each other and the cloud. This market could grow from $171 billion in 2017 to $561 billion by 2022, according to market research firm Reportlinker. Intel (NASDAQ:INTC) estimates that 200 billion devices could be connected across the IoT market by 2020. Those bullish forecasts sparked an IoT land grab in recent years, as many companies rushed to produce connected devices. Here are 10 ways those products can improve our lives. Read more [FOOL.COM]
  75. 75. Internet of Things (IoT) COMMENT: Data Behaving Badly. The private sector, especially consumer-facing organizations, are betting big on data-intensive technologies like artificial intelligence and the internet of things. The trend is accelerating worldwide, with private sector investments in AI projected to reach $12.5 billion in 2017 alone, and IoT investments expected to top $800 billion. Although slower to embrace AI and IoT, government is now pursuing them aggressively. Read more [FCW.COM]
  76. 76. Personal Tech
  77. 77. Personal Tech TECH TIP: Picking an iPad as a Portable Photo Studio. Apple has a range of models in its tablet line, but you may not need the most expensive one to suit your image- editing needs. Read more [NYTIMES.COM] TRAVEL TECH: How the 52 Places Traveler Stays Charged While Chronicling the World. How do New York Times journalists use technology in their jobs and in their personal lives? Jada Yuan, who is crisscrossing the globe as The Times’s 52 Places Traveler, discussed the tech she’s using. Read more [NYTIMES.COM]
  78. 78. Personal Tech MORE TRAVEL TECH: Emergency Charging Options on the Road. The time-honored travelers’ trick of charging your phone from the USB port on the hotel-room television is one option for powering up away from home. Read more https://fedtechmagazine.com/article/2018/ [NYTIMES.COM] COIN: Pay Off Those I.O.U.s on the Go. Along with Apple Pay Cash, several apps and services make it easy to send and receive funds right on your phone, smartwatch or tablet. Read more [NYTIMES.COM]
  79. 79. Mobile Applications
  80. 80. Mobile NIST: Updating Recommendations for Mobile App Security. The National Institute of Standards and Technology is working on updating its recommendations for how organizations and developers can keep mobile applications secure. The updated recommendations are being made to the Special Publication (SP) 800-163, Vetting the Security of Mobile Applications document that was initially released in January 2015. The 50-page draft revision includes additional clarity and details on how to minimize mobile app risks. Read more [EWEEK.COM] OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with Mobile Apps. Though even he might have undersold it a little. Read more [ENGADGET.COM]
  81. 81. Mobile SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking. Smartphones, tablets, iPads—mobile devices have become invaluable to the everyday consumer. But few consider the security issues that occur when using these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based application programming interface (API) services and heavily rely on the internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails to thoroughly replicate input validation, it gives rise to inconsistencies that could lead to attacks that can compromise user security and privacy. Developing automatic methods of auditing web APIs for security remains challenging. Read more [PHYS.ORG]
  82. 82. Mobile CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s not already on your risk radar, it’s time to add mobile apps to the growing list of threat vectors. Mobile apps are risky across all sectors, but more specifically, those that come from media and entertainment businesses are putting users at risk. BitSight recently released the results of its research that looked at data from more than 1,000 companies offering apps on iOS and Google Play and found vulnerabilities across the board. Read more [SECURITYBOULEVARD.COM]
  83. 83. Programming & Scripting Development Client & Server-Side
  84. 84. Programming & Scripting Development Client & Server-Side JAVASCRIPT: Is JavaScript Destined to Be Usurped by TypeScript? Year after year JavaScript features among the top 10 most widely used programming languages worldwide, but is a challenger emerging to the venerable web favorite? An analysis by TIOBE, which counts the number of hits for each programming language returned by major search engines, suggests that Microsoft’s TypeScript is enjoying an explosive growth in popularity and encroaching on areas previously dominated by JavaScript. Read more [TECHREPUBLIC.COM] JAVA: Kotlin and Java Go Well Together, Report Shows. Kotlin is only seven years old but it is already playing in the big leagues. Its massive success can be traced back to the moment when Google announced Kotlin support in Android last year but that was just the tip of the iceberg. According to Pusher’s State of Kotlin 2018 research report, great things are coming Kotlin’s way. Read more [JAXENTER.COM]
  85. 85. Programming & Scripting Development Client & Server-Side GOOGLE: Google Debuts Jib, a Tool to Make Software Containers and Java Work Better Together. Google LLC has released Jib, a new open-source tool that aims to make software containers and the Java programming language work more seamlessly together. Read more [SILICONANGLE.COM] PYTHON: GitHub Now Warns You About Flaws Affecting Your Python Code. Python has joined Ruby and JavaScript on GitHub’s list of coding languages it scans for security vulnerabilities. Developers using Python can now get security alerts for any new bugs the code repository platform spots, as well as some recent vulnerabilities Python has had. Read more [ITPRO.CO.UK]
  86. 86. Cloud Computing
  87. 87. Cloud Computing OPINION: Serverless Computing Is a Paradigm Shift for Cloud Computing. The serverless revolution is akin to delivery companies moving away from owning large trucks to managing a fleet of leased vans, and from there, to outsourcing transportation to a third-party fleet of scooters. Read more [CALCALISTECH.COM] MICROSOFT: Catching Up to Amazon in Security Clearances for Cloud. That could give Microsoft an edge over other potential bidders in the Pentagon’s winner-take-all competition for a multibillion-dollar cloud computing contract. Read more [SEATTLETIMES.COM]
  88. 88. Cloud Computing BUSINESS TRANSFORMATION: Five Ways to Make the Most of the Move to On- Demand. Cloud computing can’t fix everything but it can be a key element of business transformation if handled well. Read more [ZDNET.COM] LINUX: How Red Hat Morphed From Linux Pioneer Into Cloud-Computing Player. Red Hat’s reinvention is tied to the rise of cloud computing. Like many traditional suppliers of information technology, it has been pressured to adapt. Read more [INVESTORS.COM]
  89. 89. Announcement
  90. 90. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  91. 91. IT Security | Cybersecurity
  92. 92. IT Security | Cybersecurity SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism researchers, AI developers, government scientists, threat-intelligence specialists, investors and startups gathered at the second annual WIRED conference to discuss the changing face of online security. These are the people who are keeping you safe online. Their discussions included Daesh’s media strategy, the rise of new forms of online attacks, how to protect infrastructure, the threat of pandemics and the dangers of hiring a nanny based on her Salvation Army uniform. Read more [WIRED.CO.UK] IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to get the most out of your workers and keep your business safe. Read more. [TECHREPUBLIC.COM]
  93. 93. IT Security | Cybersecurity FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity. The federal government is and will continue to be a target of cyber crimes. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017 show 791 incidents as of the end of June – a 29 percent increase over the same period in 2016. With that said, is the government doing enough to prepare for cyber threats? On this episode of CyberChat, host Sean Kelley, former Environmental Protection Agency chief information security officer and former Veterans Affairs Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas) about initiatives to modernize the federal cybersecurity space. Read more [FEDERALNEWSRADIO.COM]
  94. 94. IT Security | Cybersecurity STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask Federal Government for Help. A letter to the Office of Management and Budget says that today’s regulatory environment “hampers” states in their pursuit of cost savings and IT optimization. Find out more STATESCOOP.COM]
  95. 95. From the Blue Mountain Data Systems Blog Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-september- 29-2017/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-september-18- 2017/ Business Intelligence https://www.bluemt.com/business-intelligence-daily-tech-update-september-15- 2017/ Mobile Applications https://www.bluemt.com/mobile-applications-daily-tech-update-september-11- 2017/
  96. 96. From the Blue Mountain Data Systems Blog Personal Tech https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/ Databases https://www.bluemt.com/databases-daily-tech-update-september-21-2017/ Penetration Testing https://www.bluemt.com/penetration-testing-daily-tech-update-september-26- 2017/ Incident Response https://www.bluemt.com/incident-response-daily-tech-update-september-14- 2017/
  97. 97. From the Blue Mountain Data Systems Blog Security Patches https://www.bluemt.com/security-patches-daily-tech-update-september-22- 2017/ Operating Systems https://www.bluemt.com/operating-systems-daily-tech-update-september-20- 2017/ Encryption https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-september-18- 2017/
  98. 98. From the Blue Mountain Data Systems Blog Open Source https://www.bluemt.com/programming-scripting-daily-tech-update-september- 5-2017/ CTO, CIO and CISO https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-september- 5-2017/
  99. 99. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/ The Security World’s Maturation https://www.bluemt.com/the-security-worlds-maturation/ Data Breach Concerns Keep CISOs Up At Night https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/ Personalized Govt Equals Instant Gratification for Citizens https://www.bluemt.com/personalized-govt-equals-instant-gratification-for- citizens/
  100. 100. From the Blue Mountain Data Systems Blog People-Centric Security https://www.bluemt.com/people-centric-security/ Pentagon Tries BYOD To Strike Work/Life Balance https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/ Open Source Model Considered for MS Windows https://www.bluemt.com/open-source-model-considered-for-ms-windows/ Open Internet: To Be or Not to Be? https://www.bluemt.com/open-internet-to-be-or-not-to-be/
  101. 101. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of- websites/ Machine-Generated Data: Potential Goldmine for the CIO https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the- cio/ Government Legacy Programs: Reuse vs. Replacement https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/ It Takes a Whole Village to Protect Networks and Systems https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and- systems/
  102. 102. From the Blue Mountain Data Systems Blog Governance For the CIO https://www.bluemt.com/governance-for-the-cio/ Help Desk Consolidation – Lessons Learned https://www.bluemt.com/help-desk-consolidation-lessons-learned/ One Year Later, Companies Still Vulnerable to Heartbleed https://www.bluemt.com/one-year-later-companies-still-vulnerable-to- heartbleed/ Federal Projects Cultivate Worker Passion https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/
  103. 103. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >> http://bluemt.com/experience
  104. 104. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  105. 105. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  106. 106. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL paul@bluemt.com WEB https://www.bluemt.com

×