Today 1070

Yesterday 1557

All 39534372

Monday, 16.09.2024
eGovernment Forschung seit 2001 | eGovernment Research since 2001

Sicherheit

  • USA: OMB, DHS outline data security best practices

    The Office of Management and Budget and the Homeland Security Department today explained 10 common mistakes agencies make when securing data and personal information and offered a host of best practices to correct each mistake.

    In a new paper, “Common Risks Impeding the Adequate Protection of Government Information,” OMB and DHS discuss common problems in areas such as training, contracting and records management.

  • USA: Panel: Government leadership in IT security is lacking

    A panel of government and industry representatives on Wednesday agreed that the government has not provided adequate leadership for the nation’s cybersecurity, but that is just about all they agreed on.

    “We are all frustrated at the pace at which the government has been reacting to this,” said Rep. Tom Davis (R-Va.), who has taken a lead in IT issues in Congress.

  • USA: Preventing System Intrusion Before it Happens

    Federal agencies need help improving identification management for network security

    Too often, government takes an after-the-fact approach to network security--confronting issues after a breach takes place. But by offering effective identification management solutions, VARs can help agencies to detect malicious intruders before they ever get inside.

    During a panel discussion at an identity management conference hosted by the Information Technology Association of America (ITAA), Bill Crowell, security consultant and member of the Markle Foundation Task Force on National Security, described how he drove up to the hotel where the event took place with two Propane tanks sitting in plain view and obviously no one took much notice. "[My car] is still parked out front," he said. "For all the cameras, there aren't that many watching."

  • USA: Public safety functions drive increased state, local IT spending

    Spending on public safety and justice and health and human services will drive increased state and local IT spending over the next four years, according to a report from the London-based market analysis firm, Datamonitor PLC.

    These functions accounted for more than one-half of the total IT investment by state and local governments in 2004 and will be the focus of the spending increases, the firm said.

  • USA: San Bernardino County, Calif.: Simple sign-on

    When passwords got out of hand, a California county put its finger on the problem

    When the auditor/controller-recorder’s office of San Bernardino County, Calif., tried to improve its information technology security through requiring complex passwords with upper- and lower-case letters and special characters, the plan backfired, IT chief Patrick Honny recalled.

    “We had situations, especially after a weekend or a holiday, when our help-desk requests went through the roof,” Honny said.

    To avoid forgetting the long passwords, some users were writing them down, a basic security no-no.

  • USA: Schlechte Noten für Heimatschutzministerium

    Das US-amerikanische Department of Homeland Security (DHS) ist seinen Verpflichtungen hinsichtlich Cybersecurity bislang nicht ausreichend nachgekommen - so lautet das Urteil des Government Accountability Office (GAO). Das DHS habe trotz zunehmender Gefahr durch Attacken über das Internet - keine seiner 13 Kernverantwortlichkeiten ganz erfüllt, bemängelt das US-Pendant zum Bundesrechnungshof in einem aktuellen Untersuchungsbericht. Zu den Cybersecurity-Pflichten, die dem vor rund zwei Jahren gegründeten Ministerium auferlegt wurden, zählen unter anderem die Identifikation und Einschätzung möglicher Bedrohungen durch das Internet, die Entwicklung eines nationalen Plans zum Schutz kritischer Infrastruktur sowie die Einrichtung von Frühwarnsystemen und die Entwicklung von Notfallplänen.

  • USA: Security Industry Association Offers Guidelines for Biometrics in Federal E-Verify Program

    7 Recommendations Aimed At Helping To “Protect Individual Privacy And Prevent Identity Theft”

    he Security Industry Association (SIA) has released a set of recommendations for adding a biometric component to the federal E-Verify program.

    E-Verify allows employers to use Social Security numbers to confirm that job applicants are legal residents of the United States and can lawfully work for them. The program, though, is subject to significant error rates and is unable to detect fraud and identity theft. SIA, on Sept. 16, released a statement asserting that the use of biometrics in the program “can reduce these error rates, increase privacy and enhance identity assurance.”

  • USA: Supply Chain Cyber-Security Could Be Weaker Than Thought

    New research from a IT strategy firm has found that the U.S. supply chain may be even more prone to cyber-attacks than commonly believed..

    The Enterprise Strategy Group (ESG) unveiled research late last month divulging how vulnerable the businesses behind the U.S. supply chain and resources network — goods and services forming the backbone of the country’s well-being and economy — are to cyber-attack. ESG found that in the past two years most of them have been breached, many more than once. Only a few employ cyber-security best practices for the supply chain.

    These are eye-opening findings, according to Jon Oltsik, ESG principal analyst and the author of the report, Assessing Cyber Supply Chain Security Vulnerabilities within the U.S. Critical Infrastructure.

  • USA: Task force to aid agencies in information compliance

    A new interagency group is forming next month to help shepherd agencies through the dozens of cybersecurity and identity management mandates they must comply with.

    The Office of Management and Budget and the Chief Information Officers Council will kick off a new task force called the Security and Identity Management Committee. The group aims to help agencies comply with the Federal Information Security Management Act, Homeland Security Presidential Directive 12, Federal Desktop Core Configuration and Trusted Internet Connection, to name a few.

  • USA: The Case for a Digital Social Security Card

    Is it time for a Social Security card makeover? Not the whole program, just the card. Today, the Social Security card is a piece of paper with a number on it that probably sits in a drawer at home. Social Security numbers, on the other hand, are all over the place. Employers, banks, credit card issuers and bureaus, insurance companies, hospitals, doctors, government agencies and others use Social Security numbers to identify all of us.

    The problem is that the Social Security number is very vulnerable to theft and misuse, even though it is the foundation of almost every U.S. citizen's identity. A paper card certainly does nothing to help protect the Social Security number printed on it.

  • USA: The secret is out: DHS launches state-local network

    The Homeland Security Department is deploying a new “secret” data network to pass classified information to hundreds of state and local officials, DHS officers said at a congressional hearing today.

    The Homeland Security Information Network-Secret (HSIN-Secret) is an “immediate, inexpensive and temporary approach to reach state and local homeland security and law enforcement sites that can receive secret-level information,” Matthew Broderick, director of the Homeland Security Operations Center, said in testimony today to the House Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment.

  • USA: Washingtons Funknetze stehen weit offen

    Große Pläne zu "Cyber-Security" belasten in den USA die Unternehmen. Dabei kümmert sich Washington offenbar selbst nicht: Wer will, kann sich auf eine Parkbank vors weiße Haus setzen und in die Regierungscomputer einloggen.

    Ein Hacker auf einer Parkbank könnte sich in dutzende Netzwerke der US-Regierung einloggen, berichtet ein Washington-Korrespondent des australischen Infodienstes AustralianIT. Der Journalist bezieht sich dabei auf einen neuen Report, den er in die Finger bekam. Dem Papier zufolge arbeitet die Regierung auf Basis alter lückenhafter Sicherheitsstandards.

  • USA: When securing information, don’t overlook intranet

    As agencies work to improve management systems to align with the president’s management agenda, Web sites are necessarily going to be high on the agenda. But while leaders and information technology departments undoubtedly understand the importance of security and compliance when it comes to external Web sites, they may not realize the importance of applying the same scrutiny to their intranet sites.

    Intranets have grown to be thousands and even millions of pages of content. Given their size and scope, they present challenges that are similar to those common in external sites. There has also been a tendency for intranets to become dumping grounds for obsolete and irrelevant content. The result can be unforeseen privacy and security risks, wasted employee productivity and unnecessary cost burdens.

  • USA: White House Issues Cybersecurity Report

    The report notes progress on developing national and international cybersecurity strategies and national cyber incident response plan.

    The White House on Wednesday issued an update of the Obama administration's ongoing cybersecurity work, detailing some of the steps being taken in an effort to secure the nation's networks against cyber attacks and in the process offering some new insight into the administration's future plans.

    The progress report, issued immediately after a meeting held by White House cybersecurity coordinator Howard Schmidt with agency secretaries, cybersecurity experts, and industry, notes that the cybersecurity directorate of the White House national security staff is currently in the midst of developing an updated national cybersecurity strategy based on the 12-piece Comprehensive National Cybersecurity Initiative.

  • USA: White House Tightens Cybersecurity Reporting Requirements

    As the Obama administration continues its efforts to update and strengthen the federal government's defenses against cyber threats, the White House has issued new rules that will require agencies to monitor their IT systems for intrusions and vulnerabilities in real time.

    A memo (PDF format) released this week by the Office of Management and Budget lays out new requirements for agencies to set up automated threat-monitoring feeds that automatically gather data from security management tools -- enabling admins to gather real-time data on attacks and other dangers.

  • USA: White House wants online authentication standards

    President Obama has created a group called the National Strategy for Secure Online Transactions. The charge of the organization is to produce a framework that may eventually lead to U.S. citizens using strong authentication when conducting business on the Internet.

    The vision of the group is: “To improve the trustworthiness and security of online transactions by facilitating the establishment of interoperable trust frameworks and implementation of improved authentication technology and processes for all online transaction participants, across federal, civil and private sectors.”

  • USA: Wichita: Security key as health records go electronic

    A recent study shows that it's not hard to get into most medical computer systems, making local health officials even more mindful of privacy.

    As Wichita health care providers move toward paperless work environments, the security of private data is paramount to successful systems.

    Yet electronic health records are surprisingly easy to hack into and are vulnerable to exploitation, according to a study by the eHealth Vulnerability Reporting Program.

  • Vertrauenswürdige Open-Source-Systeme in Großbritannien

    Im Auftrag der britischen Regierung entwickelt eine Unterabteilung der britischen eGovernment-Behörde Cabinet Office unter anderem spezielle Proof-of-Concepts für vertrauenswürdige Open-Source-Systeme mit SELinux und Xen.

    Die Initiative des Cabinet Office sieht vor, spezielle Sicherheitstestprofile für Open-Source-Systeme zu entwickeln, die auf SELinux und Xen aufbauen. Die entsprechenden Einzelheiten zu diesem Projekt wurden in einer Debatte des House of the Lords, dem britischen Oberhaus, bekannt. Das Ziel des amtlichen Projekts ist die Schaffung vertrauenswürdiger Plattformen für Webservices und ferngewartete Systeme, die in allen britischen Regierungsbehörden bedenkenlos eingesetzt werden können.

  • VIS!T: Förderung der Informatiksicherheit in Regierung und Verwaltung

    Am 14./15. Juni 2004 fand das 2. Symposium "Verwaltung integriert sichere Informationstechnologie" (ViS!T) im Kursaal Bern statt. Ziel des Symposiums war, die Diskussion zum Thema Sicherheit der Informations- und Kommunikationstechnologie (IKT) in den drei deutschsprachigen Ländern Deutschland, Österreich und der Schweiz zu fördern.

  • Visa arbeitet bereits an Spracherkennung

    Während die Visa-Kartenorganisation Corner Bank eine neue Sicherheitstechnologie mit "Verified by Visa" eingeführt und angekündigt hat, arbeitet Visa international schon einige Stufen weiter.
Go to top