April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
In 2016 almost 1.1 billion identities were stolen globally. This number is up dramatically from a reported 563.8 million identities stolen in 2015. In addition, the same Symantec Internet Security Threat Report placed the United States at the top of the list for both the number of breaches by country (1,023) and the number of identities stolen by country.
New York State’s Division of Financial Security and other government entities around the globe have been monitoring this increased cybercriminal threat and determining means to help protect the private information of individuals as well as the information technology systems of regulated organizations.
New York State’s Division of Financial Security released new cybersecurity requirements (23 NYCRR 500), directly affecting the way that financial data is managed going forward. Applicable to financial services companies operating in New York State, these regulations declare that, on an annual basis, financial firms are required to prepare and submit a Certification of Compliance with the NY DFS Cybersecurity Regulations to the superintendent, commencing on February 15, 2018.
The scope of this legislation describes measures related to: cybersecurity programs and policy, personnel, resources and training, penetration testing and assessments, audit trails, access privileges, application security, third parties, NPI (Non Public Information) encryption, data retention, incident response and notification.
Among other requirements, this regulation dictates that companies declare any cyberattack to the superintendent within 72 hours. In the past, many companies chose to not disclose information related to these hacking exposures because much of their cost stems from damage to brand reputation and the necessary steps required to rebuild the trust of their clients post-attack.
Similar to the NY DFS proposal, the Federal Reserve Board (FSD), the Office of the Comptroller of the Currency (OCC), and the FDIC issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations. Additionally, the states of Vermont and Colorado have released laws pertaining to cybersecurity and the improved protection and monitoring of data.
Two technologies specifically called out in the new NYS DFS Cybersecurity requirements, Multi-factor Authentication (MFA) and Risk Based Authentication (RBA), are key methods of complying with regulation and defending against attacks.
Multi-factor authentication is defined as using at least two factors to authenticate a person, generally a combination of:
- “Something I Have” — this could be a hardware token, a mobile soft token, etc.
- “Something I Know” — like a PIN code, a password, and
- “Something I Am” — such as a fingerprint or face recognition.
With MFA, the two factors are fully independent from each other (i.e. the failure of one factor would not compromise the other one).
Risk based authentication is the capacity to detect anomalies or changes in the normal use patterns of a person as part of the authentication process, require additional verification if an anomaly is detected to avoid any breach.
It is more efficient to avoid hacking and cyber-attacks in the first place by focusing attention on the security of the applications being accessed, both externally and internally. To learn more about these regulations and how similar standards will impact you, visit www.hidglobal.com/iam.
You need new ID badges, and you know that you’d like to be able to have these “smart cards” enable access to your building and/or your network – or perhaps even other systems like transit or cashless vending – but where do you start? What are your options for printing (and encoding) badges such as these? Are there other things to consider before making a purchase?
HID Global can help. The white paper, Top Ten Considerations for Choosing the Right Secure Issuance Solution, outlines the top ten things to look for when selecting a secure issuance provider to help you find a solution that meets your specific needs.
Please click here for your free copy of this white paper.
WikiLeaks is only one example (albeit a major one) in a chain of data leakage incidents in recent months. Looking back over the last year or so, you might also recall the posting of TSA screening manuals online, the unintentional release of numerous product specs, as well as many other incidents.
Why are we seeing so many leaks lately? Here are three reasons:
Reason 1: The need to share
Leakage is in no small part due to the fact that data sharing and collaboration have become a “must” in today’s increasingly mobile and global world. This more complex world makes it easier to share and collaborate, but also makes it exceedingly easy for information to leak.
Reason 2: Ease of use
This is the usual security-versus-connectivity paradox. You need to find the optimal solution that balances security and connectivity. You cannot lock down all documents in a vault and not share them with anyone. Nor can you indiscriminately send them via unprotected e-mail. A major reason why documents leak is that most existing solutions are extremely cumbersome to use. They involve installing servers, agents, defining policies and more. And, if something is hard to use, chances are people will not use it.
Reason 3: The right solution for the problem
There is a lot of confusion in the market today, with many different product categories available, such as data loss prevention (DLP), enterprise digital rights management (DRM), e-mail encryption, virtual data rooms and many others. For example, just because you’re using encrypted e-mail doesn’t mean your information will not leak, as this type of protection typically applies only when the document is in transit. As soon as it gets to its destination, it can be freely forwarded to an unauthorized party. It is important to make sure that your solution is solving the right problem.
So what can you do?
In our world, without walls, we need to assume that documents must be shared across organizational boundaries and across different platforms, such as PCs and mobile devices. So, it is pointless to try to protect some nonexistent perimeter. Ultimately, the only solution is to embed security and controls into the documents themselves. New technologies allow document owners to maintain control and track files throughout the documents’ lifecycles. Such solutions allow users to control who views documents and who prints them, and even lets them wipe files completely at any time; even after they have been downloaded.
Adi Ruppin is vice president of marketing and business development for WatchDox, a provider of document protection, control and tracking solutions. Ruppin can be reached at:
Henry Bros. Electronics, Inc. (HBE), a turnkey provider of technology-based integrated electronic security solutions, announced on Dec. 16 that on December 15, after receiving the required stockholder approval, it completed the previously announced merger transaction with Kratos Defense & Security Solutions, Inc.
The affirmative vote of the holders of a majority of the outstanding shares of Henry Bros. common stock was required to approve the merger transaction with Kratos. According to the final vote tally of shares of Henry Bros. common stock, approximately 79 percent of the outstanding shares of Henry Bros. common stock, as of November 2, 2010, the record date for the annual meeting, was voted to approve the merger.
Under the terms of the merger agreement, Henry Bros.'s stockholders will receive $8.20 in cash, without interest and less any applicable withholding taxes, for each share of Henry Bros. common stock they hold.
As of December 16, 2010, the stock of Henry Bros. will no longer be quoted on The NASDAQ Capital Market.
Applied DNA Sciences announced on Dec. 22 that it has begun a “comprehensive redesign” of its Web site, which will begin with a reworked front page.
“Our company blog has similarly been reimagined to give flesh and blood detail to our story,” wrote James Hayward, the company’s chairman, president and CEO, in an e-newsletter.
Hayward invited visitors to the revamped Web site to read a wide variety of blog entries, and then contribute to the company’s redesign effort by indicating the types of information they would like to see. “More in-depth information on our fast-growing product line?” asked Hayward. “More success stories? More investor-oriented features and data?”
Hayward said a formal online reader survey will soon follow.
|ZBV Military Trailer|
American Science and Engineering, Inc., a supplier of X-ray detection solutions, announced on Dec. 22 the receipt of a $3.8 million order from an unidentified government customer for multiple ZBV Military Trailers.
The ZBV Mil Trailer is a ruggedized version of the company’s Z Backscatter Van (ZBV) built onto a standard military trailer. Security officials use the ZBV Mil Trailer for screening vehicles, containers and other cargo for terrorist threats and contraband, AS&E said in a recent press release.
“This first ZBV Mil Trailer order for this service branch of the Armed Forces comes as a direct result of its success with active fielded systems,” said Anthony Fabiano, AS&E’s president and CEO. “The ZBV Mil Trailer has demonstrated its effectiveness for inspecting vehicles and cargo for explosive threats and contraband in harsh terrain.”
HID Global, a provider of secure identity solutions, announced Dec. 6 that the company’s e-government RFID reader technology is being deployed in France, Germany, Italy, Netherlands and Spain to help create a more robust identity-checking infrastructure in Europe.
The company will be deploying its technology through leading system integrators in two additional countries during the first half of calendar 2011, according to a recent press release.
HID’s reader modules offer one of the world’s fastest solutions for biometric passport reading, and its reader technology is unique in supporting both Basic Access Control (BAC) and Extended Access Control (EAC) to deliver a combination of flexibility and future-proofing as Europe and the rest of the world move to more secure digital credential technologies, says HID Global.
Altogether, HID’s e-Government inlays, readers and printers are now used by ministries of interior and foreign affairs in over 27 e-passport programs and 31 ID/e-ID programs worldwide, making life easier for more than 120 million e-document holders.
“We understand how important it is to minimize delays while maximizing security at border crossings, and so we have focused on delivering best-in-class reader speed, accuracy and flexibility in our e-passports and other e-government solutions,” said Mark Scaparro, senior vice president of Identification Solutions with HID Global. “We offer one of the industry’s fastest and most reliable reader solutions plus seamless interoperability with all relevant standards and technologies. Being able to support both BAC and EAC standards in our readers has been one of the top requirements for our OEM partners in Europe, as demand continues to grow for secure and reliable e-passport and other e-government solutions, and as more countries migrate from a BAC- to EAC-enabled infrastructure.”
HID’s combination of BAC and EAC support makes it easier for countries to support existing requirements while migrating to the latest, more rigorous security standards. BAC is typically used for government identity verification and for such commercial applications as accelerated hotel check-in/checkout, self-serve airline check-in, and purchasing disposable mobile telephony credits.
For greater security, EAC is used to enable biometric matching during e-passport and eID document issuance and at automated border-crossing locations, including airports in Finland, France, Germany, Portugal and the U.K. While more than 30 European countries have completed their e-passport migration to EAC, experts confirm that only a fraction of these countries has a reader infrastructure in place today and deployments will accelerate rapidly.
According to Acuity Market Intelligence, e-passport market revenues will grow at a compounded annual growth rate of 31.5 percent to nearly $7 billion annually by the end of 2014. The firm reported in its April study entitled, The Global e-Passport and e-Visa Industry Report, that e-Passports accounted for 57 percent of all passports issued and 28 percent of all passports in circulation during 2009, and that 88 percent of all passports issued in 2014 will be electronic passports.
“Ten years ago, the e-passport was a concept circulating among forward thinking individuals and small groups of associated industry, government and non-government agencies,” said Acuity Principal, C. Maxine Most. “In the wake of the terrorist attacks on the World Trade Center in 2001 and the subsequent transit attacks in Madrid in 2004 and London in 2005, the e-passport idea rapidly transformed into a foundation for global security. Today, e-passports have not only become mainstream but have also created a multi-billion dollar industry poised to fundamentally change the global travel and border control infrastructure.”
The latest EAC standards mandate that passports contain individual private keys to resist counterfeiting, and require inspecting parties to prove that they are entitled to extract sensitive data such as the fingerprint using digital signatures and a Public Key Infrastructure (PKI). For additional security, HID Global uses advanced encryption techniques to protect against unauthorized access to the chip data. The option of field-upgradeable firmware or a read-only memory (ROM) mask is also available, upon request, depending on platform.
HID Global offers a variety of RFID reader board modules that OEM partners can use to develop customized solutions. The read/write readers support all ISO 14443-4 A/B elements, making them suitable for all existing and yet-to-be-developed ISO chips and chip operating systems. The option of on-board or external design with single or dual antennas optimizes configuration flexibility and performance.
HID Global’s RFID readers are part of the world’s broadest portfolio of e-documents, e-passport and e-national ID solutions, says the Dec. 6 release. The company has a history of industry innovation, including developing and helping to drive deployment of the widely used wire-transfer and wire-embedding technologies for extended contactless e-document durability, and creating patented, thin and flexibleceFLEX inlays that increases e-document resiliency.
|Core Insight Enterprise|
Core Security Technologies, a provider of IT security test and measurement software solutions, announced on Dec. 13 the official release of its Core Insight Enterprise. Following a successful beta program, which included more than a dozen Fortune 500 firms and top-level U.S. Government agencies, the launch realizes Core Security’s vision of enabling customers to continuously identify and prove real-world exposures to critical assets across the entire organization through automated testing of network systems, Web applications, and users in one completely integrated solution, says the company in a press release it issued on Dec. 10.
With Core Insight, customers gain real visibility into their security standing, real validation of their security controls and real metrics to more effectively secure their organizations. The solution employs groundbreaking technology that proactively replicates the steps attackers would take to breach valuable information assets.
Unlike other solutions, Core Insight Enterprise starts with customers identifying which systems and data they want most to protect. Insight then automatically calculates paths of attack and then begins to exploit multiple layers of defense until the security of critical assets is either confirmed or breached. Assessment results are delivered via a dashboard and reports that present metrics regarding the efficacy of security controls in terms relevant to the business.
Core Insight Enterprise provides IT security leaders with an automated and continuous view of IT security risk for the very first time.
“Using Core Insight Enterprise to test across our IT infrastructure on a continual basis has given us an entirely new way of looking at whether or not our most critical IT systems and electronic data are protected from real-world attacks,” said Larry Whiteside, chief information security officer of the Visiting Nurses Service of New York. “Just as importantly, it tells us how well our existing defenses are functioning and what type of return we’re getting from our previous security investments.”
“Core Insight Enterprise changes how enterprises should view security,” said Charles Kolodgy, research vice president for Security Products at IDC. “It makes security goal oriented by allowing security professionals to determine if their critical assets are vulnerable.”
Core Insight builds upon the expanding demand and established innovation of Core Impact, a penetration testing software product, now in its 11th version, said the company. While Impact is the software application of choice among thousands of security testing professionals, Core Insight creates the opportunity to test and measure exposures in a comprehensive and realistic manner.
AES Corporation's IntelliNet division has announced that its AES-7904 IntelliPro subscriber accessory module has been tested for full data communications and now allows for full data capture from the Modem II and Modem III formats of Bosch/Radionics alarm panels.
In addition, alarm companies can remotely program select Honeywell Vista and First Alert alarm panels and deliver full data to central stations over AES-IntelliNet radio networks. In normal operation, the IntelliPro will transmit full CID, pulse formats and now Bosch/Radionics Modem formats from the alarm panel through the AES-IntelliNet network to the central station for processing the alarm panel's digital dialer output.
AES has set up a Web page that will advise alarm companies of all alarm panels and protocols that the AES-7094 IntelliPro has been tested to support. According to Tom Kenty, general sales manager for AES's IntelliNet division, "this is an ongoing process as we continually enhance this product in moving toward universal compatibility. We are formatting this Web page so that we can keep customers updated when we add new manufacturers and models of panels to this list."
The AES-IntelliNet's MultiNet alarm communications system is a self-healing, long-range wireless mesh radio communication network. It works in conjunction with the Internet to provide customers the ability to monitor alarms in multiple regions from one location without recurring monthly communications costs or infrastructure fees typically associated with remote monitoring. The mesh network also offers a more reliable, faster means of communicating alarm signals to central monitoring stations without relying on telephone lines or cellular services that are vulnerable to line cuts, weather conditions, radio jamming, and recurring monthly costs.
The Geospatial Information & Technology Association (GITA) has announced the results of its officer election for 2011. Those elected will constitute the executive committee, along with President Robert Austin and Past President Susan Ancel.
Ancel was appointed by the President upon the recommendation of the nominations committee to fill the open position of immediate past president that was created by a resignation. The nine at-large directors were appointed for one-year terms by the president upon the recommendations of the nominations committee.
All officers and at-large members will take office beginning January 1, 2011.
2011 Executive Committee
President: Robert Austin, Ph.D., City of Tampa, Florida
Past President: Susan Ancel, EPCOR, Edmonton, Alberta
President Elect: Dan Shannon, Telus, Edmonton, Alberta
Treasurer: Talbot Brooks, Delta State University, Cleveland, Mississippi
Secretary: Peter Batty, Ubisense Consulting, Denver, Colorado
2011 At-Large Director Appointments
John Eason, GE Energy, Jacksonville, Florida
Ian Fitzgerald, Truckee-Donner PUD, Truckee, California
Jerry King, Bentley Systems, Exton, Pennsylvania
Richard McKay, TerraGo Technologies, Atlanta, Georgia
Kecia Pierce, Intergraph Corporation, Huntsville, Alabama
Carl Reed, Open Geospatial Consortium Inc., Ft. Collins, Colorado
Stephen Swazee, Minnesota Governor’s Council on Geospatial Information, Eagan, Minnesota
Leann Wheeler, URS Corporation, Dallas, Texas
Randy Frantz, Esri, Redlands, California