DoD Approves Ethical Hacker Certification

Certified Ethical Hacker training and certification is now an option for four categories of IT pros in meeting Department of Defense job requirements.

By Elizabeth Montalbano, InformationWeek

Editors note: This story was updated on March 9.

Government cyber defenders can now be trained in the techniques of a hacker under a certification program that was recently approved by the Department of Defense.


The DoD requires its computer network defenders (CNDs) to meet certain requirements under Directive 8570, which provides a variety of certification options depending on job description. The newly approved Certified Ethical Hacker certification program, offered by the International Council of E-Commerce Consultants (EC-Council), now fulfills DoD requirements for four categories of CND service providers: analysts, infrastructure support, incident reporters, and auditors. Other certification options are also available to those workers.


The Certified Ethical Hacker qualification tests someone’s knowledge in the mindset, tools, and techniques of a hacker. CNDs — who are part of the DoD’s information assurance workforce — protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.


Assistant Secretary of Defense John Grimes officially instated the Certified Ethical Hacker requirement in late February under DoD Directive 8570, which provides guidance for how DoD information workers should be trained and managed.


Read the full article at InformationWeek.com/news

Global CIO: BP’s Extraordinary Transformation Led By CIO Dana Deasy

BP CEO Tony Hayward told top managers the company had become a “serial underperformer.” Here’s how CIO Dana Deasy and the IT teams answered the challenge.

By Bob Evans, InformationWeek, March 8 2010 issue

Two years ago, the CEO of one of the world’s largest corporations laid some very tough love on his 500 top managers. Despite having annual revenue of about $300 billion, BP had become, said CEO Tony Hayward, “a serial underperformer” that had “promised a lot but not delivered very much.” 


At that March 2008 meeting, those same 500 top BP managers also heard a Morgan Stanley oil and gas analyst tell them that while the rest of the energy industry was undertaking rapid change, BP was building a legacy of consistent failure both in finding and extracting new energy, and in refining and marketing finished products. And unless BP transformed its entire global business dramatically and rapidly, the analyst predicted, “BP will not exist in four to five years’ time in its current form.”


 One of the people in that meeting was BP CIO and group VP Dana Deasy, who’d joined the company four months earlier as its first global CIO. He was a key figure in the strategy by Hayward, who became CEO in May 2007, to restore revenue growth across the enormous company, refocus the behavior of the company around high performance and accountability, and reduce the stifling complexity of the organization. That effort already had resulted in the elimination of up to four layers of management.


Read the full article at InformationWeek.com/news

AOL Adopts Google’s “Interminable” Hiring Process

by Nicholas Carlson

AOL — its management ranks increasingly stuffed with former Google executives — is now hiring people the way Google (GOOG) does, a couple sources close to the company tells us.

Specific changes:

  • “Cultural Ambassadors” will interview candidates to make sure they are a fit for the new AOL culture
  • Besides interviewing with these ambassadors, candidates will now be required to go through several more interviews cover topics from cultural fit, to project management skills, to job-specific skills.
  • Scores from these interviews will be be aggregated into an overall candidate scorecard, to be reviewed by the hiring manager and then an exec above that.
  • AOL CEO Tim Armstrong will sit on a committee that rubber-stamps each batch of hires.
  • All hires must go through human resources recruiters, now.

An AOL (AOL) rep refused to comment on this news, telling us: “We don’t comment on internal policies like hiring practices.”

Full article available at Silicon Alley Insider

Georgia’s Most Promising Companies to Present at Venture Atlanta 2010

 

October event expected to attract Georgia entrepreneurs and investors from across the U.S.

 

Atlanta – March 23, 2010 – Venture Atlanta 2010, the premier investor event for emerging technology companies in Georgia, will host its third annual investor conference October 12-13, 2010 at the Georgia Aquarium in downtown Atlanta. The world’s largest aquarium will serve as the stage for nearly 50 companies, in industries ranging from software and communications to medical devices and alternative energy, as they display their business models and technologies to venture capitalists, bankers, angel investors and others who provide access to the capital essential for business growth and development.

The event founders, Atlanta CEO Council, Metro Atlanta Chamber, and Technology Association of Georgia (TAG), expect to build on the success of the 2009 conference and provide a forum that catalyzes further investment dollars into emerging Georgia companies. Last year’s event attracted nearly 600 attendees, and drew more than 100 venture capitalists from multiple geographies across the country, including Silicon Valley, Boston, Denver, Washington D.C. and the Southeast.

View the full article at the Technology Association of Georgia

Forrester Webcast: SIM overview and Market Drivers

Forrester Webcast: SIM overview and Market Drivers

Sponsored by: Splunk

WHEN: Available Now

SPEAKERS: John Kindervag, Senior Analyst at Forrester

Mark Seward, Director of Marketing for Security and Compliance Solutions at Splunk

About This Vendor Webcast

Many security pros are approaching security and compliance with a more progressive and flexible point of view than traditional SIM and log management solutions allow. If you are following suit, there are several key characteristics to look for when evaluating a SIM solution. In this webcast, Forrester security and compliance analyst John Kindervag outlines those characteristics as well as identifies what issues are driving SIM adoption.

View this webcast to learn about a SIM solution that:

  • Collects, indexes, searches and stores not just logs, but all the data from any IT system, security device, logs, and more
  • Cuts incident investigation time by 50 to 90%
  • Dramatically reduces the window of exposure by reacting in seconds or minutes

 Click here to view this webcast now.

About the Speakers:

Mark Seward, Director of Marketing for Security and Compliance Solutions at Splunk

  • Mark Seward is currently the Marketing Director of Security and Compliance Solutions at Splunk Inc. Mark has over 10 years of experience in the IT security management profession as a security practitioner and product manager with experience in log management and vulnerability management. Mark holds a Masters of Science in IT and a Federal CIO certification from the University of Maryland.

John Kindervag, Senior Analyst at Forrester

  • John is a 25-year veteran of the high-tech world. He holds numerous industry certifications including CISSP, CEH, QSA, and CCNA. Prior to joining Forrester, John was the senior security architect with security consultancy Vigilar, and he started the security practice for a Cisco Gold VAR, Flair Data Systems, where he was a principal security consultant. He has particular expertise in the areas of wireless security, intrusion detection and prevention, and voice over IP hacking.

From an e-newsletter published by SearchSecurity.com, part of the TechTarget network.

Copywrite 2010 TechTarget

Secret Service Paid TJX Hacker $75,000 a Year

By Kim Zetter

Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government

Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.

“It’s a significant amount of money to pay an informant but it’s not an outrageous amount to pay if the guy was working full time and delivering good results,” says former federal prosecutor Mark Rasch. “It’s probably the only thing he was doing — other than hacking into TJX and making millions of dollars.”

008 WinFITTS.com 03-23-10 Windows Fast IT Tips with Chris Pope / TechJives.net

03-23-10  Windows 7 / Windows 2008 Tip – See WinFITTS.com for tip details!

Top Five SIM Pitfalls: Ensuring Successful Security Information Management

Bitpipe.com

The purpose of this whitepaper is to help Security, IT and Compliance professionals deploying SIM avoid the pitfalls that have led to failed or limited implementations for others.  By exploring the risks and challenges associated with SIM projects, we hope to provide organizations in need of SIM with guidance for ensuring a successful SIM project.

Why Security Information Management?

To satisfy regulatory requirements and better protect their networks, many organizations are turning to Security Information Management (SIM) tools. By collecting, correlating and reporting security events from firewalls, IDS/IPS devices, servers and other data sources across the network, SIM technology enables defense-in-depth. Properly implemented and managed, SIM technology improves security operations by providing:

  • Faster identification and response to real threats
  • Elimination of false positive alerts
  • Assessment and prioritization of risk
  • High level metrics for strategic decisions

For organizations subject to regulations such as PCI, GLBA, FFIEC, HIPAA, SOX, FISMA, NERC CIP and others, SIM technology addresses key compliance requirements for monitoring and auditing logs. SIM also delivers automated compliance reporting that can be used to monitor compliance status and demonstrate control effectiveness to auditors.

However, implementing and managing SIM technology is not an easy task. Many organizations have struggled with SIM projects due to unanticipated risks and challenges. This has resulted in wasted resources, weaker operational security and negative audit findings.

(Links within text provided by Niko)

Full white paper at Top Five SIM Pitfalls

Opera Mini Submitted to App Store

By Charlie Sorrel

Opera has submitted its Mini browser for the iPhone to Apple for approval. The super fast browser doesn’t technically break any of Apple’s rules, but Opera is laying on the hype to make any refusal as high-profile as possible.

Opera Mini, which we got some hands-on time with at the Mobile World Congress in Barcelona this February, is merely an application for displaying web content that has been pre-rendered and compressed by Opera’s servers. To the user, it behaves like a regular browser – the text is selectable, for example – with one exception: Speed. Opera Mini is so fast it makes Mobile Safari look like wheezing old man.

13 of the Brightest Tech Minds Sound Off on the Rise of the Tablet

Photo: Dan Winters

Neil Young

CEO and Cofounder, ngmoco

Cool and Connected

Is the tablet a new mobile computing device? Well, yes, it is, by default. But what is most interesting to me as a gamemaker is the impact that it can have in the least-mobile entertainment venue — the home. Aren’t home games played on consoles? Yes. But for years, more and more players, especially teens, have been migrating to laptops and Flash gaming. The Web has become not just a viable venue for games but also one of the most vibrant.

The iPhone 3GS is already far superior to the Nintendo DS or PSP and is approaching the performance level of the Wii. A tablet that is powerful enough to handle great games and portable enough to take anywhere — with an immediate library of tens of thousands of inexpensive or free experiences from the App Store — will be serious competition for laptops.

Of course, the netbook was supposed to replace the laptop and be used by millions around the world. Forget the netbook. It’s a slow, clunky piece of junk. Do I want to look like the guy who couldn’t afford a real computer or the guy who went to the future and brought back a device that’s as cool as I imagine I am?

If the tablet is as appealing and useful as a laptop, with the power of a game console and an always-open library of apps, games, music, and entertainment, it will kill the laptop as a home games machine and kick the netbook out the window before it’s had a chance to disappoint us with its inadequacy.

Read the full article at Wired.com/magazine