By Roberta Anderson
On February 12th, the National Institute of Standards and Technology (NIST) released its long-anticipated Framework for Improving Critical Infrastructure Cybersecurity together with a companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Framework is issued in accordance with President Obama’s February 19 Executive Order 13636, Improving Critical Infrastructure Cybersecurity Version 1.0., which tasked NIST with developing a cost-effective Framework “to reduce cyber risks to critical infrastructure.” The companion Roadmap discusses NIST’s next steps with the Framework and identifies key areas of development, alignment of cybersecurity standards and practices within the U.S. and globally and collaboration with private and public sector organizations and standards- developing organizations.
The Framework applies to organizations in critical infrastructure. But, given the pervasiveness of cybersecurity incidents, and the ever-present, increasing, and evolving cyber risk threat, all organizations should consider whether their current cybersecurity risk management practices would pass muster under the Framework. In addition, although the Framework is “voluntary”—at least so far—organizations are advised to keep in mind that creative class action plaintiffs (and even some regulators) may nevertheless assert that the Framework provides a “de facto” standard for cybersecurity and risk management even for non critical infrastructure organizations. One thing that companies should consider as they review the Framework is what “Tier” of cybersecurity risk management they wish to achieve. The Tiers—which range from “informal, reactive” responses to “agile and risk-informed” are addressed below, together with an overview of the Framework and additional detail regarding certain of its key aspects.
Read more ›
Scott Aurnou – CryptoLocker is a type of “ransomware” that encrypts the data on an infected computer so that it can’t be read and then demands payment to decrypt it. This clip discusses how to safeguard your computer against it and what to do if CryptoLocker strikes.
Helpful websites referenced in this video include:
AppFresh for Mac
This clip is taken from the CLE course Data Confidentiality, Security & Recent Changes to the ABA Model Rules.
Tagged with: AppFresh
, Cyber Crime
, The Security Advocate
, What is CryptoLocker
, What is Ransomware
Posted in Fraud & Scams
, Laptops & Desktops
By Scott Aurnou
This article originally appeared in the February 5, 2014 issue of the New York Law Journal.
Can you or your firm actually be held liable for using the wrong software? If that software is well known as out-of-date and insecure, yes. That circumstance is coming very soon. Below is a discussion of specific risks for attorneys and law firms (hint: it’s more than just your firm’s computers), as well as what to do if your office is still using the popular older software.
Microsoft software like the Windows operating system (OS), MS Office and Outlook is commonplace in law offices. As newer versions are released over time, older ones are effectively retired. “Software retirement” itself is not unusual, though a particularly wide-ranging example is rapidly approaching.
What’s at issue? On April 8, 2014, both the Windows XP operating system and Microsoft Office 2003 will reach their respective “end-of-life” dates (also referred to as going “out of support”). While that does not mean that XP or Office 2003 will suddenly stop working on April 8, it does mean there will be no further technical support from Microsoft and no more security updates…ever. That should be a particular concern, since the combination of a widely used 13-year-old operating system and an older version of commonly used office software going out of support on the same day is basically a dream come true for hackers.
Read more ›
Computer Security Tip of the Week
Scott Aurnou – Computer forensics experts need to be both qualified to retrieve data without altering it and potentially be ready to testify in any subsequent litigation. There are a number of certifications that should be considered when choosing one.
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.
Tagged with: ACE
, Computer Forensics
, Expert Witness
, Forensic Expert
, Forensic Tesitimony
, The Security Advocate
Posted in Security Tip of the Week