Information Security Blog

HomeInformation Security BlogEthical Hacker Roundup – eGov Efficiency

Ethical Hacker Roundup – eGov Efficiency

Ethical Hacker Roundup – eGov Efficiency

0 Flares

0 Flares


×

These Government links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing.

These articles have were emailed to us, shared on Twitter @pivotpointsecGoogle Plus and read in RSS subscriptions this week.

line-break

Phishing As The Attorney General

As folks get smarter and stop responding to emails about Nigerian Prince’s needing to transfer large sums of money – the bad guys get smarter.  In the latest twist, New Jersey Attorney General, Jeffery Chiesa, announced that New Jersian’s are being phished by an email/letter regarding a multi-million dollar class action settlement, urging people to contact a local number to see if they are eligible for a portion.  The letter is being distributed by email and though regular mail.

  • On the Department of Law and Public Safety letterhead
  • Signed by a fake Attorney General, Edward Thompson
  • Entices victims to provide social security and bank account information
  • Instructs victims to call a local New Jersey telephone number for eligibility

You can view the actual scam letter on the NJ.gov website.

Is GovCloud The Ideal eGov Cloud Solution?

Amazon Web Services has a cloud offering specifically for eGovernment.  They assert that they are compliant with FISMA, FIPS 140-2, HIPAA and PCI DSS Level 1 and support it with a SAS-70 and ISO 27001 certification

Choosing whether to use a public or private cloud is never easy.  One common “mistake” we see when an organization uses public cloud is they think that if the cloud is “certified” they are.  If your cloud provider is 27001 certified you are not – your ISMS still needs to manage its risks – most notably the risks associated with using a third party to deliver critical business services.

Maximizing Efficiency of Philly’s IT Infrastructure

Philadelphia’s new CIO Adel Ebeid recently gave a rather interesting presentation to the city’s IT vendors which he has also published on Author Stream.  In the presentation he talked about the challenges of the city’s F100 equivalent infrastructure and the future direction of the city.   What we found most interesting was his plan to use ISO 27001/2 to ensure the security of the city’s private cloud.

Kudos to Adel for guiding the city into a great direction.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.

line-break

Don’t miss out on the Ethical Hacker Roundup

The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, reach out to us through email.

Be sure to catch the weekly roundups by subscribing to the Pivot Point Security blog via RSS or email.

9
MAR
0


Related Articles That Might Interest You

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Categories: Ethical Hacker Roundup

Tags: , , ,

About the Author:

Marketing at Pivot Point Security
Subscribe to Comments

Add a Comment

0 Flares Twitter 0 Facebook 0 Google+ 0 Pin It Share 0 LinkedIn 0 Reddit 0 StumbleUpon 0 Email 0 Email to a friend 0 Flares ×