As folks get smarter and stop responding to emails about Nigerian Prince’s needing to transfer large sums of money – the bad guys get smarter. In the latest twist, New Jersey Attorney General, Jeffery Chiesa, announced that New Jersian’s are being phished by an email/letter regarding a multi-million dollar class action settlement, urging people to contact a local number to see if they are eligible for a portion. The letter is being distributed by email and though regular mail.
- On the Department of Law and Public Safety letterhead
- Signed by a fake Attorney General, Edward Thompson
- Entices victims to provide social security and bank account information
- Instructs victims to call a local New Jersey telephone number for eligibility
You can view the actual scam letter on the NJ.gov website.
Amazon Web Services has a cloud offering specifically for eGovernment. They assert that they are compliant with FISMA, FIPS 140-2, HIPAA and PCI DSS Level 1 and support it with a SAS-70 and ISO 27001 certification
Choosing whether to use a public or private cloud is never easy. One common “mistake” we see when an organization uses public cloud is they think that if the cloud is “certified” they are. If your cloud provider is 27001 certified you are not – your ISMS still needs to manage its risks – most notably the risks associated with using a third party to deliver critical business services.
Philadelphia’s new CIO Adel Ebeid recently gave a rather interesting presentation to the city’s IT vendors which he has also published on Author Stream. In the presentation he talked about the challenges of the city’s F100 equivalent infrastructure and the future direction of the city. What we found most interesting was his plan to use ISO 27001/2 to ensure the security of the city’s private cloud.
Kudos to Adel for guiding the city into a great direction.
Government IT Security
Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.
Don’t miss out on the Ethical Hacker Roundup
The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, reach out to us through email.