Successfully reported this slideshow.
Your SlideShare is downloading. ×

Tech Update Summary from Blue Mountain Data Systems November 2017

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 113 Ad

Tech Update Summary from Blue Mountain Data Systems November 2017

Download to read offline

November 2017: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

November 2017: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

Advertisement
Advertisement

More Related Content

Recently uploaded (20)

Advertisement

Tech Update Summary from Blue Mountain Data Systems November 2017

  1. 1. Blue Mountain Data Systems Tech Update Summary November 2017
  2. 2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems https://www.bluemt.com
  3. 3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for November 2017. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. 4. Network Security
  5. 5. Network Security CISO: Convincing Employees to Care About Network Security. Employees remain the biggest source of corporate cyber risk. According to the “IBM X-Force 2016 Cyber Security Intelligence Index,” staff members are responsible for 60 percent of all digital attacks endured by enterprises. In most cases, there’s no malicious intent. Employees may subvert network security by opening infected email attachments, falling for well-crafted phishing attacks, accessing compromised third-party apps or accidentally posting confidential information on social media sites. Read more [SECURITYINTELLIGENCE.COM]
  6. 6. Network Security FEDERAL GOVERNMENT: Consolidating Federal Networks Could Lead to New Security Holes. For years, one of the chief aims of the IT modernization movement has been replacing the federal government’s outdated architecture. Before truly tapping into the transformative power of new software and security tools, the thinking goes, government must first scrap its ancient patchwork networks for a new unified IT infrastructure. Read the rest [FCW.COM] OPINION: Why Chipmakers are Taking IoT Security Into Their Own Hands. As the IoT and chip industry both continue to grow more chipmakers will come to understand the importance of putting security and privacy first. Read more [NETWORKWORLD.COM]
  7. 7. Network Security STATES: Federal Government Notifies 21 States of Election Hacking. The federal government has told election officials in 21 states that hackers targeted their systems before last year’s presidential election. The notification came roughly a year after U.S. Department of Homeland Security officials first said states were targeted by hacking efforts possibly connected to Russia. The states that told The Associated Press they had been targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin. Find out more [USNEWS.COM]
  8. 8. Encryption
  9. 9. Encyption SECURITY: How Blockchain Encryption Works: It’s All About Math. Riot Blockchain’s CEO John O’Rourke explains how the blockchain encryption mining network works. Read more [TECHREPUBLIC.COM] CISO: Data Storage and Encryption Should Top the CISO’s To-Do List. In today’s digitized world, data storage and encryption are surely top of mind for most chief information officers (CIOs). But given the increasing regulations and privacy implications surrounding data security, these measures should also be on the chief information security officer (CISO)’s agenda. Get the plugin. [SECURITYINTELLIGENCE.COM]
  10. 10. Encyption DMARC: States Should Follow Federal Directive to Enhance Email and Web Security. The Department of Homeland Security (DHS) has mandated that all federal executive branch agencies implement Domain-based Message Authentication, Reporting and Conformance (DMARC) to improve email security. In the same directive, DHS also mandated better Web security protections be put into place. State and local governments should follow the lead of their federal counterparts and make implementing DMARC a priority. Here’s why. Find out more [GOVTECH.COM]
  11. 11. Encyption INDUSTRY INSIGHT: Don’t Leave Your Front Door Open to Attack. The web has grown to over 1 billion websites. While websites have grown incredibly complex and become a part of our virtual lives, most users and website operator are still focused on functionality. Arguably, there are internet users and website owners concerned about security because of headlines about rampant cyberattacks, data leaks and breaches. But, not all are proactively securing their websites. Here’s why websites can be a treasure trove for attackers. Read more [GCN.COM]
  12. 12. Databases
  13. 13. Databases MICROSOFT: Enabling Automatic Database Tuning in Azure SQL DB in 2018. Microsoft’s automated and AI-enabled database tuning technology will become the new default configuration on the Azure SQL cloud database in January 2018. Read more [EWEEK.COM] BIG DATA: Neo4j Looks Beyond the Graph Database. Graph database company Neo4j wants to move beyond providing only its graph database, and is working on what it calls a ‘graph platform’ to help companies make the most of their data. Read more. [ZDNET.COM]
  14. 14. Databases MySQL: Configuring a MySQL Database on Amazon RDS. Cloud-based database solutions have really taken off in recent years. Although concerns about ownership and security have put a damper on some companies’ aspirations to offload some or all of their database management to a third party, the vast majority of companies have embraced the new paradigm and are reaping substantial financial rewards as a result. Learn about the different cloud database categories, as well as how to configure a MySQL database on the Cloud, using Amazon RDS. Read more [DATABASEJOURNAL.COM]
  15. 15. Databases CLOUD: Distributed PostgreSQL Settling Into Cloud. Organizations that want the scalability of a distributed PostgreSQL database but don’t want the hassle of managing it themselves may be interested in the latest news from Citus Data, which has unveiled new options for its hosted, scale-out relational database. Find out more [DATANAMI.COM]
  16. 16. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  17. 17. Federal Tech
  18. 18. Federal Tech FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape, Modernize Government Technology. The size and scope of the federal government’s information technology landscape only continues to grow and in a way that makes it incredibly difficult to change. In the Federal Chief Information Officers Council’s latest study, the current state of government IT is described as monolithic. And, it is not meant as a compliment. Read more [FEDERALNEWSRADIO.COM]
  19. 19. Federal Tech OPINION: Government Efforts to Weaken Privacy are Bad for Business and National Security. The federal government’s efforts to require technology and social media companies to relax product security and consumer privacy standards – if successful – will ultimately make everyone less safe and secure. Read the rest [INFOSECURITY-MAGAZINE.COM] PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies had to send DNA samples to government labs and wait for it to get tested, which could take days or even weeks. Find out more [GOVTECH.COM]
  20. 20. Federal Tech MODERNIZATION: Making Modernization Happen. Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump’s words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead. Read more [FCW.COM]
  21. 21. State Tech
  22. 22. State Tech SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more [HSTODAY.US.COM]
  23. 23. State Tech ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest [GCN.COM] ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more [GOVTECH.COM]
  24. 24. State Tech ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more [ENTERPRISERSPROJECT.COM]
  25. 25. Electronic Document Management
  26. 26. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  27. 27. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  28. 28. 508 Compliance
  29. 29. Section 508 Compliance LEGAL: Credit Unions Experiencing an Increase in ADA Lawsuits. The number of credit unions hit with lawsuits in recent weeks over the accessibility of their websites continued to climb into double digits, and experts warned that even more credit unions could become targets if they don’t get up to speed on the issue. Read more [CUTIMES.COM] TESTING TOOL: Funkify Accessibility Simulator. Funkify is a plugin for Chrome that helps you experience the web and interfaces through the eyes of extreme users with different abilities and disabilities. The free demo version helps web developers, designers and content creators experience the web through the eyes of people with different abilities. Get the plugin. [ACCESSIBLEWEBSITESERVICES.COM]
  30. 30. Section 508 Compliance WCAG 2.0: Checklists. It’s extremely useful to have a WCAG 2.0 checklist on hand when you’re working through the guidelines. A WCAG 2.0 checklist helps you to check your web accessibility progress, record how far you’ve come and set your targets out for the future. Find out more [WUHCAG.COM] WEBSITE AUDITOR: The Hot Job Title You Want. “The web accessibility compliance auditor is a field that every computer science and information systems student should think of pursing,” says Dr. James Logan, who is the quality assurance manager for Georgia Institute of Technology’s Enterprise Information Systems. “It really is just an extension of information systems. The field has so many opportunities for web developers.” Read more [BLACKENGINEER.COM]
  31. 31. Section 508 Compliance CITIES: 3 Easy Steps to City Website Accessibility for WCAG 2.0 AA. Beginning January 18, 2018, all federal, state and local websites must meet Web Content Accessibility Guidelines (WCAG 2.0 AA) adopted as part of updates to existing federal laws governing equal access to government services – Section 508 of the Rehabilitation Act of 1973. Jurisdictions that do not comply with these guidelines risk lawsuits from private citizens, as well as legal action by the Department of Justice, which has taken the position that websites offering goods or services to consumers are places of public accommodation and must be accessible to the disabled. Here are three key website content areas where agencies can make adjustments to help their customers find and understand the information they need from their local government’s website – regardless of age or disability. Read more [EFFICIENTGOV.COM]
  32. 32. Section 508 Compliance ECOMMERCE: Online Retailers Beware: Court Holds Website Violates ADA Despite Lack of Physical Store . Courts across the country continue to weigh in on the issue of website accessibility. Last week, the U.S. District Court for the District of New Hampshire denied a motion to dismiss filed by online food delivery servicer Blue Apron. In denying the motion, the court found that Blue Apron’s website is a place of public accommodation – despite the fact that Blue Apron operates only online and has no traditional brick and mortar locations. Read more. [LEXOLOGY.COM]
  33. 33. Section 508 Compliance CAREERS & WORKPLACE: Websites Are the Next Frontier of ADA Compliance. While the DOJ continues to delay the rule-making process and the roll out of any final rules, companies should beware. Federal court lawsuits based on alleged website inaccessibility have spiked since the beginning of 2015 with several hundred filed against a wide spectrum of businesses – from retailers to restaurants – that provide public accommodation. Find out more [BIZJOURNALS.COM]
  34. 34. Section 508 Compliance LEGAL: Location, Location, Location: New Website Accessibility Decision May Encourage Forum Shopping. On November 8, 2017, the U.S. District Court for the District of New Hampshire joined the ranks of the federal courts that have held that a website itself is a place of public accommodation—even if the business that maintains the website does not own or operate any physical place of public accommodation. The defendant in this case operates an online-only business and does not own or operate any traditional brick and mortar locations. The websites of such online-only businesses have been subject to increasing attack. Read more [NATLAWREVIEW.COM]
  35. 35. Section 508 Compliance ONLINE COURSE: Digital Accessibility: Enabling Participation in the Information Society. This course will help you to understand how those with sensory, physical and cognitive impairments may be disabled by barriers encountered when using digital technologies. The course will highlight how the use of accessible and inclusive design can help overcome many of these difficulties. Get the plugin. [FUTURELEARN.COM] PR: How PR Firms Need to Navigate Website Compliance Under the Americans with Disabilities Act. Here’s what the ADA means for websites, and what PR pros need to know. Find out more [PRWEEK.COM]
  36. 36. Security Patches
  37. 37. Security Patches MICROSOFT: Thanksgiving Turkeys: One Patch Disappears, Another Yanked. If you’re just coming back from the long US Thanksgiving weekend, all sorts of Windows patch inanities await. The Epson dot matrix bug in this month’s security patches was fixed for older versions of Windows, but .NET patch KB 4049016 and others got pulled. Read more [COMPUTERWORLD.COM] REPORT: Java Developers Aren’t Applying Security Patches. Application security vendor Veracode has released the “2017 State of Software Security Report,” and the results paint an unflattering picture of Java developers. An alarming 88 percent of Java applications contain at least one vulnerable component, the report’s authors found. Why? Developers don’t patch components in production once vulnerabilities are found and new versions of those components are released. Get the plugin. [ADTMAG.COM]
  38. 38. Security Patches WORDPRESS: Patches SQL Injection Bug in Security Release. A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability CVE-2017-14723 was discovered in the WordPress content management system (CMS) versions 4.8.2 and below. Webmasters should update immediately to prevent website takeovers. Find out more [ZDNET.COM] INTEL: Patches Management Engine for Critical Vulnerabilities. Intel issued a critical firmware update on Nov. 20 for a set of eight vulnerabilities that impact the Intel Management Engine firmware. “In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience,” Intel stated in an advisory. Read more [EWEEK.COM]
  39. 39. CIO, CTO & CISO
  40. 40. For the CIO, CTO & CISO CIO: Interview with Alin D’Silva, Vice President of IT and CTO of Digital Workplace at Verizon. While it may seem more straightforward for technology-oriented companies to continue accelerating their digital transformations, they face the same challenges as any other. Alin D’Silva, Vice President of IT and CTO of Digital Workplace at Verizon, shares his thoughts on some of those challenges and what motivates him to drive forward. Read more [CIO.COM]
  41. 41. CIO, CTO & CISO CTO: Tom Eck, CTO Industry Platforms IBM Sweet Talks Fintech. Despite the burgeoning fintech startup market, the broader financial services market struggles to engage. Financial institutions want to move with the agility of a fintech, but without ‘breaking the bank’, says Tom Eck, global chief technology officer of industry platforms at IBM.According to Eck, IBM financial services clients are keen to experiment and get products to market fast, but they don’t have the freedom to make certain types of mistakes. Read the rest [DIGINOMICA.COM]
  42. 42. CIO, CTO & CISO CISO: An 18F for Cyber? DHS CISO Wants One. Department of Homeland Security CISO Jeff Eisensmith wants the federal government to establish a team of cybersecurity experts akin to the General Services Administration’s 18F digital service team. Find out more [FEDSCOOP.COM] INTERVIEW: Nordic CIO interview: Filippa Jennersjö, Sweden’s Public Employment Agency. The CIO at Sweden’s Public Employment Agency has been bringing the organisation in line with other departments’ digital developments. Read more [COMPUTERWEEKLY.COM]
  43. 43. Penetration Testing
  44. 44. Penetration Testing FEDERAL GOVERNMENT: Whitehouse Renews Call for Cyber IG. Sen. Sheldon Whitehouse (D-R.I.) is looking to establish a cybersecurity inspector general with the authority to probe federal networks for weaknesses. A cyber IG, Whitehouse argues, would be a way to recruit cybersecurity experts who would prefer to focus on penetration testing and other white hat activities, rather than toil in one of the more than 70 IG offices around government. Read more [FCW.COM]
  45. 45. Penetration Testing IoT: Security For Embedded Electronics. One of the biggest challenges for embedded devices and systems, especially those employed in the Internet of Things, is adequately protecting them from increasingly sophisticated hacking. This is a new tool for criminal enterprises, and a very lucrative one because it can be done remotely with little fear of being caught. Even when hackers are caught, they rarely are prosecuted, which has not gone unnoticed by criminal enterprises. A lack of reprisal has allowed them to recruit some of the best and brightest programmers. Read more. [SEMIENGINEERING.COM]
  46. 46. Penetration Testing ELECTIONS: Senator Calls on Voting Machine Makers to Detail How They’ll Prevent Hacks. One of the Senate’s main cybersecurity proponents wants assurances that voting systems in the U.S. are ready for their next major threat and he’s going straight to the hardware makers to get it. In a letter, Oregon Senator Ron Wyden — an outspoken member of the Senate Intelligence Committee — called on six of the main voting machine manufacturers in the U.S. to provide details about their cybersecurity efforts to date. The request comes on the heels of emerging details around Russia’s successful attempts to hack election systems in many states. Find out more [TECHCRUNCH.COM]
  47. 47. Penetration Testing COMMUNICATIONS: Secure Communications Across Radio and Cell Networks. To help eliminate the communications problems that plague first responders, Lockheed Martin has teamed with Blue Cedar to enable secure communications across multiple devices. Also intended for military or remote users, Lockheed’s Universal Communications Platform (UCP) hub bridges communications across land mobile radios, voice-over-IP, smartphones and other networks, allowing interoperability between multiple types of secure radio and cellular communications. The UCP Communicator app can be downloaded to commercial smartphones, expanding secure communications to users without access to radio equipment. Read more [GCN.COM]
  48. 48. Open Source
  49. 49. Open Source BUSINESS: Giving Open-Source Projects Life After a Developer’s Death. You’ve probably never heard of the late Jim Weirich or his software. But you’ve almost certainly used apps built on his work. Weirich helped create several key tools for Ruby, the popular programming language used to write the code for sites like Hulu, Kickstarter, Twitter, and countless others. His code was open source, meaning that anyone could use it and modify it. “He was a seminal member of the western world’s Ruby community,” says Justin Searls, a Ruby developer and co-founder of the software company Test Double. When Weirich died in 2014, Searls noticed that no one was maintaining one of Weirich’s software-testing tools. That meant there would be no one to approve changes if other developers submitted bug fixes, security patches, or other improvements. Any tests that relied on the tool would eventually fail, as the code became outdated and incompatible with newer tech. Read more [WIRED.COM]
  50. 50. Open Source OPEN STACK: Next Mission – Bridging the Gaps Between Open Source Projects. OpenStack, the massive open source project that provides large businesses with the software tools to run their data center infrastructure, is now almost eight years old. While it had its ups and downs, hundreds of enterprises now use it to run their private clouds and there are even over two dozen public clouds that use the project’s tools. Users now include the likes of AT&T, Walmart, eBay, China Railway, GE Healthcare, SAP, Tencent and the Insurance Australia Group, to name just a few. Read the rest [TECHCRUNCH.COM] REPORT: Open Source Software Projects are Maturing. Electronic design automation company Synopsys released the findings of its 2017 Coverity Scan Report, which shows an increased of “project maturity” in the over 4,600 open source software projects analyzed based on certain secure development strategies. Find out more [SDTIMES.COM]
  51. 51. Open Source FEDERAL NEWS: How One Contractor Belittled the White House’s IT Modernization Strategy. The White House is busily reviewing more than 90 comments on its draft IT modernization strategy. The comments came from industry associations, specific companies and individuals, including federal employees, and most were pretty vanilla, offering basic support for the initiatives in the draft strategy and insights, both generally and specific to the organizations’ or vendors’ area of expertise. But none was more fascinating then the flames Oracle decided to throw about the entire IT modernization effort over the last nine years. Read more [FEDERALNEWSRADIO.COM]
  52. 52. Business Intelligence
  53. 53. Business Intelligence READ: 12 Ways to Empower Government Users with the Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT resources under constant pressure, with no end in sight? Your agency is not alone. With limited access to dedicated information technology resources, non-technical end users often play the waiting game, relying on IT staff to do simple tasks like generating custom queries and embedding them within applications. Your department’s need to generate on demand, ad hoc reports gets pushed to the back burner while IT resources respond to more pressing matters. Implementing a self-service approach alleviates your IT staff from such tasks, affording them more time to focus on solving high impact problems. Read more [BLUEMT.COM]
  54. 54. Business Intelligence REPORT: 2017 State Of Business Intelligence And Predictive Analytics. Insights gained from interviews with Dresner Advisory Service’s research community of over 3,000 organizations, in addition to vendor customer community interviews. 57% of respondents are from North America, 31% from Europe, the Middle East & Africa, with the remaining 12% from Asia-Pacific (8%) and Latin America (4%). For additional details regarding the methodology, please see page 11 of the study. Industry interest in advanced and predictive analytics grew sharply in 2017, with business intelligence experts, business analysts, and statisticians/data scientists being the most prevalent early adopters. Click here for key takeaways. [FORBES.COM]
  55. 55. Business Intelligence READ: Business Intelligence vs. Business Analytics: Where BI Fits Into Your Data Strategy. While BI leverages past and present data to describe the state of your business today, business analytics mines data to predict where your business is heading and prescribe actions to maximize beneficial outcomes. Find out more [CIO.COM] U.S. GOVT FINANCE: 11 Ways to Speed Up Government Procurement. Buying with public money is difficult by design, but are there fair ways to fix it? Read more [GOVTECH.COM]
  56. 56. Operating Systems
  57. 57. Operating Systems NEWS: All Operating Systems Are Susceptible to This WiFi Attack. With so many consumers relying on mobile devices these days, it is no surprise criminals continue to look for new ways to take advantage. A new exploit recently uncovered by researchers shows how assailants can read WiFi-based traffic between devices. Around 41% of all current Android devices are susceptible to such an exploit. This issue goes well beyond mobile devices, although Linux-based devices are most prone to attack. Read more [THEMERKLE.COM]
  58. 58. Operating Systems APPLE: Operating Systems Vulnerable to Password Theft. Apple released a new macOS operating system Monday, but already security experts are saying it is vulnerable to a zero-day exploit that puts users’ passwords at risk. Read the rest [CONSUMERAFFAIRS.COM] MICROSOFT: Has Already Fixed the Wi-Fi Attack Vulnerability. Microsoft says it has already fixed the problem for customers running supported versions of Windows. “We have released a security update to address this issue,” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.” Find out more [THEVERGE.COM]
  59. 59. Operating Systems DHS: Mandates New Security Standards for Federal Networks. The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain- based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to prevent email spoofing and provide data on where a forgery may have originated. STARTTLS helps protect against passive man-in-the-middle attacks by allowing for email encryption while data is in transit. The directive also requires agencies to switch all publicly accessible federal websites to HTTPS and HSTS-secure connections within 120 days. Doing so could potentially eliminate a large swath of security flaws that affect most federal government websites. Find out more [FCW.COM]
  60. 60. BYOD
  61. 61. BYOD SURVEY: The Evolution of BYOD Security in a Mobile-First World. Bitglass’ research team surveyed 200 IT and security professionals at a national Gartner conference to learn more about the evolution of BYOD security in a mobile-first world. According to the research, one in four organizations lack some form of multi-factor authentication when securing BYOD, which is consistent with well-known enterprise security gaps. Using compromised passwords to control access and single-factor authentication has resulted in several high-profile data breaches in recent months. Enterprises have since turned to technology as a means of solving the secure identity management challenge. Read more [HELPNETSECURITY.COM]
  62. 62. BYOD SECURITY: Quarter of Firms Allow Password-Only BYOD Security. Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft. Read more. [INFOSECURITY-MAGAZINE.COM] MESSAGING: The Risks of Messaging Apps in BYOD. Are using messaging apps adding another layer of risk to your business information? Quite possibly, according to research from Infinite Convergence Solutions and 451 Research. That’s because employees are using unsecure messaging applications to communicate with each other, with nearly three in four employees using consumer messaging apps for business purposes. Yet, nearly two-thirds of organizations have done nothing to create security policies around their use. Find out more [ITBUSINESSEDGE.COM]
  63. 63. BYOD READ: Hackers Reveal Leading Enterprise Security Blind Spots. When it comes to cybersecurity, hackers said mobile devices are a critical blind spot. This is unsurprising considering bring-your-own-device (BYOD) policies which connect unknown mobile devices, OS versions, and patch processes to corporate networks. Read more [ZDNET.COM]
  64. 64. Incident Response
  65. 65. Incident Response NIST: How to Recover from Cyber Incidents in Government. What actions do organizations need to take to prepare for cybersecurity incidents? The National Institute of Standards and Technology (NIST) has answers in Special Publication 800- 184, titled: ‘Guide for Cybersecurity Event Recovery.’ Here’s an exclusive interview with one of the authors. Read more [GOVTECH.COM] AUSTRALIA: Government Reveals Draft Digital Identity Framework. A series of documents outlining the security and usability standards by which Australians’ digital identity information is to be collected, stored, and used has been released by the government. Read more. [ZDNET.COM]
  66. 66. Incident Response CYBERSECURITY: How to Fix Information Sharing, According to Industry. Secret cyber threat data and a clunky clearance process are barriers to bidirectional information sharing, industry representatives told the House Homeland Security Committee’s Cybersecurity and Infrastructure subcommittee on Nov. 16. Find out more FCW.COM] FEDERAL GOVERNMENT: Top 17 State & Local Cybersecurity Leaders to Watch. Here’s a cross-section of government’s best state and local cybersecurity talent, assembled through StateScoop’s own stories and reporting; from the recommendations of leaders across the state and local government technology industry; and by the suggestions of nonprofits and associations across the space. Read more [STATESCOOP.COM]
  67. 67. Cybersecurity
  68. 68. Cybersecurity MICROSOFT: A Pictorial Walk-Through Of Microsoft’s New Cybersecurity Tools. Cybersecurity should be on every person’s mind in 2017, and certainly every lawyer’s. Here’s why…Read more [ABOVETHELAW.COM] FEDERAL GOVT: U.S. Government Cybersecurity Lags Behind That of a Fast Food Joint, Say Analysts. The American federal government and countless state and local governments throughout the U.S. are more vulnerable to cyberattacks than your local McDonald’s. A new study ranking the cybersecurity of 18 industries “paints a grim picture” with the U.S. government 16th when it comes to protecting its computer systems and data from hackers. Read the rest [NEWSWEEK.COM]
  69. 69. Cybersecurity DATA: The Piece of Cybersecurity Feds Can No Longer Ignore. The Trump administration needs to work with Congress to fully fund the Department of Homeland Security’s Continuous Diagnostics and Mitigation program. Find out more [FEDTECHMAGAZINE.COM] STATE & LOCAL GOVERNMENT: Annual Cybersecurity Review for State and Local Government Approaches. Non-federal agencies still ride low on the maturity benchmark, but the increased political attention around cybersecurity could improve results in the coming survey period. Find out more about the study results [STATESCOOP.COM]
  70. 70. IT Management
  71. 71. IT Management READ: All Management Is Change Management. Change management is having its moment. There’s no shortage of articles, books, and talks on the subject. But many of these indicate that change management is some occult subspecialty of management, something that’s distinct from “managing” itself. This is curious given that, when you think about it, all management is the management of change. Read more [HBR.ORG] NARA: Improvements Seen in Federal Records Management, but ‘There is Work to be Done’. Compliance, collaboration and accountability are the themes of the National Archives’ recommendations to agencies for improving how they handle paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency Records Management Annual Report. Read more. [FEDERALNEWSRADIO.COM]
  72. 72. IT Management FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of Washington’s first efforts to bring technology business management to its IT spending practices began in 2010 when the legislature mandated annual reports and specific evaluation requirements for investments. As interest grew in monitoring the cost of IT along with the business services IT provides, officials in the Washington’s Office of the CIO worked to refine the strategy through the creation of a state TBM program. Find out more [GCN.COM]
  73. 73. IT Management HR: A Blueprint for Improving Government’s HR Function. Government, at its core, is its employees and their commitment to serve the country. That fact is too often overlooked. While technology enables employees to make better, faster decisions, until artificial intelligence replaces the acquired knowledge of employees, agency performance will continue to depend on the skill and dedication of government workers. As such, civil service reform is increasingly important because workforce rules and regulations are out of sync with current management thinking. To use a basketball analogy, government is still shooting two handed set shots. Read more [GOVEXEC.COM]
  74. 74. Application Development
  75. 75. Application Development INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile development taking place within the federal government. Driven by a need for accelerated application development and meeting internal customers’ needs on the very first attempt, agencies like the General Services Administration and Department of Homeland Security have begun to move away from traditional waterfall project management frameworks and toward iterative, agile frameworks like scrum. Read more [GCN.COM]
  76. 76. Application Development IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the federal government truly ready to embrace agile software development? Successful agile environments do not start with technology; they start with creating the right team. This can be harder than it may first appear, because agile challenges preconceived norms of how federal IT teams should be structured and the way they approach projects. Agile teams are typically a combination of individual contributors (particularly those from development and quality assurance backgrounds) who rarely work together but must now collaborate to achieve common goals. Read the rest [NEXTGOV.COM] ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is determined to get more agile to produce applications that can be useful in times of conflict. Find out more [INFORMATIONWEEK.COM]
  77. 77. Application Development PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs doing to lure millennials into government IT? Government CIOs across the board are being forced to confront the retirement wave that’s about to decimate their ranks. But does the next generation of IT pros want the jobs their parents and grandparents are leaving behind? Read more [GOVTECH.COM]
  78. 78. Big Data
  79. 79. Big Data PREDICTIONS: 10 Predictions For AI, Big Data, And Analytics in 2018. A new Forrester Research report, Predictions 2018: The Honeymoon For AI Is Over, predicts that in 2018 enterprises will finally move beyond the hype to recognize that AI requires hard work—planning, deploying, and governing it correctly. Read more [FORBES.COM] READ: How “Big Data” Went Bust. Barack Obama’s White House launched a $200 million national big data initiative, and the frenzy commenced: Academia, nonprofits, governments, and companies raced to figure out just what “big data” was and how they could capitalize on it. The frenzy, as it turned out, was short- lived. Read more. [SLATE.COM]
  80. 80. Big Data FEDERAL GOVERNMENT: One Big Risk With Big Data: Format Lock-In. Insider threat programs and other long-term Big Data projects demand users take a longer view than is necessary with most technologies. If the rapid development of new technologies over the past three decades has taught us anything, it’s that each successive new technology will undoubtedly be replaced by another. Find out more [GOVTECHWORKS.COM] STATE GOVERNMENT: Fearing Hackers, States Start Buying Cyber-Insurance. As the threat from hackers and cybercriminals intensifies, a growing number of states are buying cyber insurance to protect themselves – and taxpayers. Read more [GOVERNING.COM]
  81. 81. Personal Tech
  82. 82. Personal Tech DOWNLOADS: Resolutions for the Big (and Small) Screens. When it comes to streaming and downloading movies, find out the difference between standard definition and the high-definition versions. Read more [NYTIMES.COM] TECH TRAVEL: Checking Voice Mail While Abroad. Find out how to check voice mail on a smartphone when traveling in Europe. Read more. [NYTIMES.COM]
  83. 83. Personal Tech STAY ALERT: Technology Can Be A Threat To Your Physical Safety. Discover the personal safety habits you can practice to stay safe at home and on the go. Find out more [FORBES.COM] HOW TO: Schedule Your Smartphone for a Little Peace and Quiet. Have you signed up for alerts from a bunch of news sites on your iPhone to keep up with the headlines, but now they’re waking you up at night with their sounds and turning on the phone screen? Find out how to mute the noises and phone screen light before bed without turning off the phone’s alarm clock. Read more [NYTIMES.COM]
  84. 84. Mobile Applications
  85. 85. Mobile ANDROIDS: Millions of Android Apps at Risk from Eavesdropper Vulnerability. Poor mobile app development practices have created the Eavesdropper vulnerability, which has resulted in a large-scale data exposure from nearly 700 apps in enterprise mobile environments, over 170 of which are live in the official app stores today. Read more [INFOSECURITY-MAGAZINE.COM] iPHONE X: 10 Popular Mobile Apps Optimized for Apple’s iPhone X. The new iPhone X presents a problem and an opportunity for mobile application developers. Read more. [EWEEK.COM]
  86. 86. Mobile MOBILE APP DEVELOPMENT: IT and ‘Citizen Developers’ Partner on Mobile Apps and More. With low-code and no-code tools, ordinary business users can quickly and easily spin up new apps or add features and functions, but IT oversight is crucial. Find out more [COMPUTERWORLD.COM] HEALTH CARE: Mobile Apps – The Future of Cancer Care? From anxiety and pain self-management to side effect monitoring in clinical trials, mobile applications are revolutionizing oncology. Researchers say the technology is even transforming clinical trials themselves. Read more [CANCERTHERAPYADVISOR.COM]
  87. 87. Programming & Scripting Development Client & Server-Side
  88. 88. Programming & Scripting Development Client & Server-Side PERL: The Most Hated Programming Language. What do computer programmers not want to code in? Perl, the Old Spice of programming languages, is the most disliked by a significant margin, reports Stack Overflow. Delphi, used by children to write viruses for adults, and Visual Basic, used by adults to write games for children, are running neck-and-neck for second place. Read more [BOINGBOING.NET] JAVASCRIPT: At GitHub, JavaScript Rules in Usage, TensorFlow Leads in Forks. Python and TypeScript makes big gains in pull requests, while Java slips to third place. Read the rest [INFOWORLD.COM]
  89. 89. Programming & Scripting Development Client & Server-Side ANDROID: Kotlin Expected to Surpass Java as Android Default Programming Language for Apps. A new report released earlier this week estimates that Kotlin will surpass Java as the primary programming language used for Android apps by December 2018. Until earlier this year, Kotlin was a little-known programming language [1, 2] that was built to run on the Java Virtual Machine, but one that could also be compiled to JavaScript and could interoperate with Java. The programming language got a serious boost in the developer community when Google officially announced earlier this year, at the Google I/O 2017 conference, that Kotlin will become the first third-party supported programming language for Android apps, besides Java. Find out more [BLEEPINGCOMPUTER.COM]
  90. 90. Programming & Scripting Development Client & Server-Side MICROSOFT: Azure Functions Adds Support for Java. Azure Functions, Microsoft’s platform for building serverless applications, has long supported a variety of programming languages but it’s adding an important one today: Java. Fittingly, the company made this announcement at the JavaOne conference in San Francisco. Read more [TECHCRUNCH.COM] JAVASCRIPT: What’s New in TypeScript 2.6. TypeScript 2.6 introduces a new strict checking flag, error suppression comments, and “minor” breaking changes. Read more [INFOWORLD.COM] SURVEY: Most Loathed Programming Language? Here’s How Developers Cast Their Votes. Developers on Stack Overflow really don’t want to work in Perl and don’t like Microsoft much either. Read more [ZDNET.COM]
  91. 91. Programming & Scripting Development Client & Server-Side ENTERPRISE-SCALE DEVELOPMENT: What is TypeScript? Industrial-strength JavaScript. JavaScript is the language of the web, but it’s tough to manage for enterprise-scale development. TypeScript offers an attractive alternative. Read more. [ARNNET.COM.AU] INTERVIEW: Q&A with Java Chair Heather VanCura. As the current Chair, Heather VanCura leads the activities of the JCP Program Office, manages its organization’s membership, guides spec leads and experts through the process, leads the Executive Committee (EC) meetings, and manages the JCP.org Web site. Read her insights on the future of Java development. Find out more [ADTMAG.COM]
  92. 92. Cloud Computing
  93. 93. Cloud Computing TOP 5 CLOUD-COMPUTING VENDORS: #1 Microsoft, #2 Amazon, #3 IBM, #4 Salesforce, #5 SAP. As businesses move beyond cloud experiments to deeply strategic deployments, the balance of power in the Cloud Wars Top 10 is shifting toward those tech providers that can move those business customers past the infrastructure phase and into the high-value realm of AI-driven competitive advantage. Read more [FORBES.COM] HOW TO: Build a Business Case for Cloud Computing. When planning a migration to the cloud, what do you need to take into account? Click here for key takeaways. [ZDNET.COM]
  94. 94. Cloud Computing ALLIANCE: Salesforce and Google Forge Alliance in Cloud Computing Race. Emergence of handful of dominant platforms forces others to seek allies. Find out more [FT.COM] TRENDS: 5 Cloud Computing Trends to Prepare for in 2018. As we enter the last quarter of 2017, business and IT executives are turning more of their attention to how they can use technology to accomplish their 2018 business objectives. Here’s a list of five trends in cloud computing that strategic businesses will prepare for in the coming year. Read more [NETWORKWORLD.COM]
  95. 95. Announcement
  96. 96. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  97. 97. IT Security | Cybersecurity
  98. 98. IT Security | Cybersecurity SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism researchers, AI developers, government scientists, threat-intelligence specialists, investors and startups gathered at the second annual WIRED conference to discuss the changing face of online security. These are the people who are keeping you safe online. Their discussions included Daesh’s media strategy, the rise of new forms of online attacks, how to protect infrastructure, the threat of pandemics and the dangers of hiring a nanny based on her Salvation Army uniform. Read more [WIRED.CO.UK] IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to get the most out of your workers and keep your business safe. Read more. [TECHREPUBLIC.COM]
  99. 99. IT Security | Cybersecurity FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity. The federal government is and will continue to be a target of cyber crimes. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017 show 791 incidents as of the end of June – a 29 percent increase over the same period in 2016. With that said, is the government doing enough to prepare for cyber threats? On this episode of CyberChat, host Sean Kelley, former Environmental Protection Agency chief information security officer and former Veterans Affairs Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas) about initiatives to modernize the federal cybersecurity space. Read more [FEDERALNEWSRADIO.COM]
  100. 100. IT Security | Cybersecurity STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask Federal Government for Help. A letter to the Office of Management and Budget says that today’s regulatory environment “hampers” states in their pursuit of cost savings and IT optimization. Find out more STATESCOOP.COM]
  101. 101. From the Blue Mountain Data Systems Blog Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-september- 29-2017/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-september-18- 2017/ Business Intelligence https://www.bluemt.com/business-intelligence-daily-tech-update-september-15- 2017/ Mobile Applications https://www.bluemt.com/mobile-applications-daily-tech-update-september-11- 2017/
  102. 102. From the Blue Mountain Data Systems Blog Personal Tech https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/ Databases https://www.bluemt.com/databases-daily-tech-update-september-21-2017/ Penetration Testing https://www.bluemt.com/penetration-testing-daily-tech-update-september-26- 2017/ Incident Response https://www.bluemt.com/incident-response-daily-tech-update-september-14- 2017/
  103. 103. From the Blue Mountain Data Systems Blog Security Patches https://www.bluemt.com/security-patches-daily-tech-update-september-22- 2017/ Operating Systems https://www.bluemt.com/operating-systems-daily-tech-update-september-20- 2017/ Encryption https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-september-18- 2017/
  104. 104. From the Blue Mountain Data Systems Blog Open Source https://www.bluemt.com/programming-scripting-daily-tech-update-september- 5-2017/ CTO, CIO and CISO https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-september- 5-2017/
  105. 105. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/ The Security World’s Maturation https://www.bluemt.com/the-security-worlds-maturation/ Data Breach Concerns Keep CISOs Up At Night https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/ Personalized Govt Equals Instant Gratification for Citizens https://www.bluemt.com/personalized-govt-equals-instant-gratification-for- citizens/
  106. 106. From the Blue Mountain Data Systems Blog People-Centric Security https://www.bluemt.com/people-centric-security/ Pentagon Tries BYOD To Strike Work/Life Balance https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/ Open Source Model Considered for MS Windows https://www.bluemt.com/open-source-model-considered-for-ms-windows/ Open Internet: To Be or Not to Be? https://www.bluemt.com/open-internet-to-be-or-not-to-be/
  107. 107. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of- websites/ Machine-Generated Data: Potential Goldmine for the CIO https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the- cio/ Government Legacy Programs: Reuse vs. Replacement https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/ It Takes a Whole Village to Protect Networks and Systems https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and- systems/
  108. 108. From the Blue Mountain Data Systems Blog Governance For the CIO https://www.bluemt.com/governance-for-the-cio/ Help Desk Consolidation – Lessons Learned https://www.bluemt.com/help-desk-consolidation-lessons-learned/ One Year Later, Companies Still Vulnerable to Heartbleed https://www.bluemt.com/one-year-later-companies-still-vulnerable-to- heartbleed/ Federal Projects Cultivate Worker Passion https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/
  109. 109. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >> http://bluemt.com/experience
  110. 110. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  111. 111. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  112. 112. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL paul@bluemt.com WEB https://www.bluemt.com

×