An agency’s computer system is under constant cybersecurity threats from several factors. While many of them are intentional, such as fraud and theft, there are also the unintentional errors and omissions that threaten a systems security. Let’s take a closer look at some examples.
The Intentionally Malicious
Information technology is increasingly used to commit fraud and theft. Computer systems are exploited in numerous ways, both by automating traditional methods of fraud and by using new methods.
Unfortunately, insiders who are authorized users of a system perpetrate the majority of the fraud uncovered on computer systems. Since insiders not only have access to, but are also familiar with the victim computer system (including what resources it controls and where the flaws are), authorized system users are in a better position to commit crimes. Former employees may also pose threats, particularly if their access is not terminated promptly.

The title of this series underscores our motivation for building a toolbox for system management, silencing the pager. In the first part of the series, we discussed the importance of standardization. We then talked about automation.  As we conclude the series, we turn our focus on resiliency. Operations management aims to keep failures to a [...]

Last month, we began addressing some frequently asked Security Content Automation Protocol (SCAP) questions. Now that we have clarified what SCAP is, what it consists of, and how it helps with compliance issues, let’s look at FAQs about how validation and independent testing factor in.

What is validation?
The SCAP Program is responsible for maintaining established standards and ensuring that validated products comply. Validation is achieved through proving that the testing performed by the laboratory has been carried out correctly.
Who does independent testing?
Test results for validation are accepted from laboratories that are accredited by the National Voluntary Laboratory Accreditation Program (NVLAP). This accreditation is earned after full review of the laboratories’ Quality Management System (QMS) and passing of the technical proficiency tests.

When having what seems to be a complex network connectivity problem, sometimes the best method to tackle the issue is to implement the KISS Method. Look for the simple stuff first and keep these tips in mind when troubleshooting network connectivity. Top 10 Tips for Troubleshooting Network Connectivity  

Each cloud service and delivery model is designed to meet specific business requirements. Some offer greater cost savings, but may not provide the appropriate level of visibility and security. Others may offer higher levels of security, but at the expense of elasticity and costs. The key is to find the best fit for the business requirements and the IT service.

One method that may prove useful is a multi-criteria decision analysis (MCDA). In its simplest form, an MCDA is a discipline used to help support the decision making process in the absence of hard measurements. This method uses measurements based on the subjective strengths of various preferences. By aligning the preferences to the various IT services and applying some if-then logic, it becomes clearer which services may most benefit from which types of cloud offerings.

Cloud computing and virtualization.

If you work within the federal, state and local, and higher education IT industries, you most likely have been exposed to these terms. However, for some, understanding the distinction between the two can be a little confusing. This year at FOSE 2011, DLT Solutions and Quest Software helped visitors cut through the fog of uncertainty surrounding this issue.

During the event, DLT asked public-sector IT professionals to participate in a series of “Minute to Win It” style games to illustrate the complexities of cloud computing and virtualization. These games were designed to show participants that not everything is as simple as it looks which according to a Norwich University study*, proves that they are not alone.

Way back in 2003, an eternity in tech years, Network Appliance purchased Spinnaker Networks an appliance maker that utilized SpinFS. Since the acquisition NetApp , as it is now called, has developed two different operating system offerings a.k.a. their “special sauce.” The original ONTAP “flavor” (ONTAP 8 7-mode) and the ONTAP 8 Cluster-mode, a reincarnate of technology acquired from Spinnaker and previously known as ONTAP GX.

As the world of computing, has changed over the years, we have lived through consolidation of server count and the increase in ease of management thanks to the virtualization craze, only to find out that our data did not stop growing. In fact, with our connected world of emails, texts, apps, music, movies, status updates and Facebook photo albums with pictures of our exciting family vacation to a museum (all 200 of them); we create 2.5 quintillion bytes of data every day. Per IBM, 90% of the world’s data has been generated in the past two years!

In our last discussion, we aspired for automated provisioning and continuous monitoring of Network Security Management. The National Institute of Standards and Technology (NIST) has spearheaded Security Content Automation Protocol (SCAP) efforts for the last ten years. NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation’s first federal physical science research laboratory. In essence, SCAP is a NIST-sponsored effort for both pieces (automated provisioning and continuous monitoring).
As a refresher: SCAP, pronounced “S-Cap”, combines a number of open standards that are used to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement and policy compliance evaluation and was the next logical step in the evolution of our compliance automation tools for Federal Agencies. SCAP defines how the following standards (referred to as SCAP ‘Components’) are combined and allows results to be easily shared for Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB), Department of Homeland Security (DHS) and others.

Cloud computing expands on the many existing choices that are already available to IT for the delivery of IT services. Currently, we have RISC, x86, ATOM and ARM processors. We have Windows, Linux, UNIX, and mainframe operating systems. We also have a number of choices for application servers, databases, and development languages. The good thing about having these choices is that it allows architects to pick the best fit (either client-server or mainframe platforms) for the delivery of IT services (applications).

Cloud computing is really no different. There are a number of different cloud services and delivery models, and each should be evaluated for a best fit for the targeted application. Different cloud services will cater to different security profiles, different developer environments, different levels of control, and different kinds of applications. Each cloud service model has different business and IT benefits and challenges.

The race to virtualize everything has created a host of unintended consequences, not the least of which is how to meet the SLAs (service level agreements) for application backup. As we move into cloud alternatives this problem will only grow since your cloud provider will have to provide this to you on an application by application basis.

Every virtual machine is essentially a set of large files such as VMDKs in a VMware context. These large files are typically stored in storage arrays which can be connected via iSCSI or Fiber Channel or on NFS volumes. Traditional data protection techniques such as VMware’s VADP, or VMware VCB rely on an agent to protect VMDK files associated with virtual servers.