http://www.csoonline.com/article/2926718/security-awareness/what-enterprise-should-do-when-helpless-employees-lose-hope-in-fighting-cyber-attacks.html By David Geer CSO May 28, 2015 Hit too many times with successful attacks and compromises, an enterprise’s human resources can develop a victim mentality, a.k.a. learned helplessness. When this happens, employees who feel they are helpless to do anything effective to fight cyber attacks lose hope. CSO looks at the symptoms of the victim mentality in the enterprise, how it comes about, and what enterprises can do technically and psychologically to avoid it. The victim mentality and its symptoms In the field of psychology, professionals also refer to the victim mentality as learned helplessness. “Learned Helplessness is a pattern of behaviors that develop in people when they are in a situation where they feel they have no power or control and they essentially give up,” says Steven Salmi, PhD, LP, President and CEO, Corporate Psychologists. Learned helplessness can surface in the corporate world where constant and extreme information security threats flourish. “If people feel stuck in a situation where no available choice will get them out of it, they can start to shut down,” says Salmi. […]
http://www.jamaicaobserver.com/news/OAS-hails-Jamaica-s-cyber-security-efforts_18310037 By Balford Henry Senior staff reporter jamaicaobserver.com January 30, 2015 ASSISTANT secretary general of the Organisation of American States (OAS), Ambassador Albert Ramdin, says that Jamaica has made a sound choice of a model for its National Cyber Security Strategy (NCSS). Speaking at the official launch of the strategy at the Jamaica Pegasus hotel in New Kingston on Wednesdayy, Ramdin congratulated the government on drafting and approving its NCSS in just under a year, and appointing a “dedicated multi-stakeholder”, the National Cyber Security Task Force, to develop the strategy. He said that the group, working with the OAS and other experts from partner institutions, has committed significant effort and time to develop a strategy that has met and followed international best practices and recommendations. “I am sure that your experiences and approach will be valuable learning lessons for other Caribbean countries to take into consideration in drafting their own security strategies,” he said. […]
http://www.infosecnews.org/jimmy-kimmel-asks-what-is-your-password/ By William Knowles @c4i Senior Editor InfoSec News January 17, 2015 President Obama just unveiled a number of proposals to crack down on hackers. It’s great that the government is working on this but we need to do a better job of protecting ourselves. So Jimmy Kimmel sent a camera out onto Hollywood Boulevard to help people by asking them to tell us their password. It’s too bad there’s no legislation planned for poor password choice. […]
Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2015, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.
http://gcn.com/articles/2014/10/21/nist-hypervisor-security.aspx By GCN Staff Oct 21, 2014 The National Institute of Standards and Technology released a draft of SP-800-125 A, Security Recommendations for Hypervisor Deployment, for public comment. Because of widespread growth in server virtualization for hosting enterprise applications and providing cloud services, recommendations for secure deployment of hypervisor platforms are needed, the standards agency said. Since the January 2011 publication of NIST’s SP 800-125, Guide to Security for Full Virtualization Technologies, both the feature set of hypervisors as well as tools for configuring the virtualized infrastructure spawned by the hypervisor have seen considerable increase. The NIST guidance examines the security implications of hypervisor platform choices and provides security recommendations for deployments in an enterprise. Hypervisors provide abstraction of all physical resources (such as CPU, memory, network and storage) and allow IT managers to run multiple virtual machines (VMs) on a single physical host, also referred to as a virtualized or hypervisor host. The hypervisor can also define a network that enables communication among the VMs. Enterprise data centers use the hypervisor for server virtualization because it makes better use of hardware resources and reduces power consumption However, it is also susceptible to threats from rogue VMs that can subvert the hypervisor’s access control to hardware resources such as memory and storage. […]
http://www.informationweek.com/mobile/mobile-business/hilton-turns-smartphones-into-room-keys/d/d-id/1297618 By Thomas Claburn InformationWeek.com 7/29/2014 Hilton Worldwide plans to allow guests to check-in and choose their rooms using mobile devices, and even to unlock their hotel rooms. By the end of the year, Hilton says it will offer digital check-in and room selection at 11 of its brands, across more 4,000 properties. The service will be available to Hilton HHonors members in more than 80 countries, the company said. “We analyzed data and feedback from more than 40 million HHonors members, as well as guest surveys, social media posts, and review sites, and it’s clear that guests want greater choice and control,” said Geraldine Calpin, SVP and global head of digital at Hilton Worldwide, in a statement. Calpin cited a company-commissioned study conducted by Edelman Berland that indicates some 84% of business travelers want the ability to choose their own room. Calpin said Hilton is enabling guests to select rooms, room types, and room numbers, subject to availability, using mobile devices. […]
http://www.haaretz.com/news/diplomacy-defense/.premium-1.591665 By Gili Cohen Haaretz.com May 20, 2014 Iyyar 20, 5774 Speaking at the CyberNight conference at the Shamoon College of Engineering in Be’er Sheva, Maj. A., the Military Intelligence legal adviser, described the role of legal consulting in the era of cybernetic warfare, saying that “Although the field is not regulated – and because the field is not regulated – the legal adviser plays a central role. This role is developing on the job, step by step, because there is no breakthrough convention or legislation” on the horizon. The IDF last year appointed a legal adviser for cyber warfare, whose main task is to regulate cyber warfare activities, based on principles of international law. The military has refused to confirm whether one of this adviser’s tasks is to approve targets, as it is for most of its legal advisers in operational positions. Many field commanders have been critical of these legal advisers’ work, said Maj. A. “Our ‘customers,’ at least some of them, perceive the jurists as interfering, rather than helping,” she said. “It’s no small challenge.” Maj. A. said that when providing advice “for various operations,” as she put it, she often had no choice but to rely on the Law and Administration Ordinance of 1948, “which has a clause that is still relevant, which says the army is allowed to take any legal step necessary to protect the State of Israel. That’s how we operate today.” […]
http://gulfnews.com/news/gulf/oman/teen-hacker-hits-five-omani-government-websites-1.1306001 Staff Report Gulf News March 19, 2014 Muscat: Five Oman government websites, including the Telecommunications Regulatory Authority (TRA) and the General Directorate of Traffic, were hacked on Tuesday evening. Local media reported that the hacker was a 14-year-old who calls himself Dr DarknesS. He said he hacked the TRA website to express his displeasure over the poor services provided by telecom companies, according to Shabiba daily newspaper. The teenager said that one has to shell out a large amount of money when signing up for any telecom subscription but the service provided is below par. “Hacking is the only way to register one’s protest,” the hacker said. The quality of Internet services in Oman is poor compared to other GCC countries, he said, adding that in neighbouring countries people have a wide choice because there are a large number of operators but here due to the monopoly the quality is very poor. […]