Tech Update SummaryJanuary 2016

Blue Mountain Data Systems

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the

Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for January 2016. Hope the information and ideas prove

useful.

Best,Paul VeselyPresident and Principal ArchitectBlue Mountain Data Systems Inc.

Databases

Databases & Storage

16 FOR ’16: What You Must Know About Hadoop and Spark Right Now. Amazingly, Hadoop has been redefined in the space of a year. Take a look at all the salient parts of this roiling ecosystem and what they mean. Read more[INFOWORLD.COM]

SQL SERVER 2005: State Governments Face Data Security Rules Ahead of SQL Server 2005 Migration. Local and state governments running SQL 2005 must comply with appropriate laws and regulations. Read more[STATETECHMAGAZINE.COM]

Databases & StorageORACLE: Despite the Rise of Open Source, Oracle Was 2015’s Fastest-Growing Database. According to a new report from DB-Engines, a site that tracks the popularity of database technologies, Oracle was not only the most widely used and discussed database in the world in 2015, it was also saw the most growth in those areas last year as well, at least by one metric. Read more[WIRED.COM]

MongoDB: What Storage Engine is Right for You? – Part 1. Here’s a review of some of the available options for a MongoDB database storage engine and the pros and cons of each. Read more[DZONE.COM]

Databases & Storage

NoSQL: A Primer on Open-Source NoSQL Databases. A beginner’s guide to the different flavors of NoSQL databases, including key-value, document-oriented, graph, and column-oriented databases. Read more[DZONE.COM]

OPEN SOURCE: 16 Open Source Big Data Databases. The databases and data warehouses you’ll find on this list are the true workhorses of the Big Data world. They hold and help manage the vast reservoirs of structured and unstructured data that make it possible to mine for insight with Big Data. Read more[DATAMATION.COM]

Databases & StorageSHAREPOINT: Shrinking An Already Ginormous SharePoint Database Transaction Log. What do you do when you can’t avoid huge transaction logs in SharePoint and your files are too large? Read more[COMPUTERWORLD.COM]

OPEN SOURCE FOR GOVT AGENCIES: Bringing Open Source to Government Agencies. Although the American economy has stabilized, Capitol Hill is still closely examining the spending and budgets of government agencies with an eye toward program cuts wherever possible. With this in mind, government CIOs are always on the lookout for ways to centralize and optimize their existing technology to fit into new budget requirements, and are looking to open source to enhance innovation while reducing costs. In fact, open-source technologies have become a high priority for government agencies as they look to rein in spending while delivering high performing, secure, flexible, and scalable solutions for government IT groups. Read the rest [DATA-INFORMED.COM]

Databases & Storage

NoSQL: NoSQL Databases – 4 Game-Changing Use Cases. Sure, you’ve heard about NoSQL, but is it just another technology fad that’s all hype? What can you actually do with a NoSQL database? With the performance and scalability that NoSQL offers, the only limit is your imagination. Read more[SMARTDATACOLLECTIVE.COM]

SQL SERVER 2005: What You Need to Know as SQL Server 2005 Fades Away. On April 12, 2016, Microsoft will end support for the 2005 version of the venerable database server, which means no more upgrades or security patches. IT directors who haven’t already upgraded face the possibility of a costly migration from the decade-old technology. There’s still time to plot your upgrade strategy before Microsoft ceases support.Read more[STATETECHMAGAZINE.COM]

Mobile & Wireless

Mobile & Wireless

ANDROID: 6 New Year’s Resolutions for Android fans in 2016. A set of realistic goals to sharpen your smartphone experience — and save you money! — this coming year. Read more[COMPUTERWORLD.COM]

C#: Using C# for Cross-Platform Development With Xamarin. Xamarin certified developer Jim Bennett discusses the Xamarin platform and its benefits for cross platform native development. Read more[DZONE.COM]

Mobile & Wireless

AT&T: AT&T Finally Joins Modern Wireless World, Kills Off Contracts. AT&T plans to abandon the wireless contract this month, a move that should ultimately mean more flexibility for consumers, who will also save money in the long run despite higher up-front costs. Read more[CIO.COM]

MOBILE APP DEVELOPMENT: With Flutter, Google Aims Dart to Mobile App Cross-Development. Flutter is a new open-source framework built by Google that aims to enable cross-platform development using a single Dart codebase on iOS and Android. It aims to provide high performance and 60fps, jitter-free experiences on both platforms. Read the rest[INFOQ.COM]

BYOD

BYOD

GOOD CHANGES: Why BYOD Spells Good Changes for IT. Enough with the fear and loathing of Bring Your Own Device (BYOD) policies. Your IT staff should be happy about the shift in responsibilities. Read more[ZDNET.COM]

IT STRATEGY: Shadow BYOD Runs Rampant in Federal Government. Survey highlights the extent to which government employees insist on bringing their own devices to work, despite rules to the contrary. Read more[CIO.COM]

BYOD

EDUCATION: The Jury Is Out on the Future of BYOD in Schools. How will the current edtech trend ‘BYOD’ – or ‘Bring Your Own Device’ fare in K-12 schools in 2016? Read more[EDUCATIONWORLD.COM]

CES 2016: Dealing with the Network Challenges Presented by the Internet of Things. With everything from ceiling fans to smart feeding bowls for pets now connecting to the expanding Internet of Things, how can network and IT professionals cope with the escalating pressure on bandwidth and capacity? Read more[ITPORTAL.COM]

Security Patches

Security PatchesGOOGLE: Google Patches Five Critical Android Security Flaws. Almost all devices running a modern version of Android are affected by at least one of the five critical flaws. Of the highest-rated vulnerabilities in its sixth monthly release, Google said one nasty flaw could allow an attacker to remotely execute code — such as malware — by exploiting a flaw in how Android processes some media files. Read more[ZDNET.COM]

ADOBE: Adobe Flash Releases Back-to-Back Critical Patches. On Dec. 28, Adobe released an update correcting 19 critical bugs that could allow an attacker to take control of affected systems. At that time, it reported that at least one of the flaws was being exploited in the wild. On Jan. 1, another critical patch was released that corrected problems loading Flash in embedded applications. Adobe recommends that those who do not have automatic updates enabled install the new version as soon as possible. Read more[BUSINESS.FINANCIALPOST.COM]

Security PatchesJUNIPER: Patches Firewall Backdoor Risk. Older-model Juniper ScreenOS-based firewalls are patched for vulnerabilities that could leave organizations exposed to risk. During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker who can monitor VPN [virtual private network] traffic to decrypt that traffic. Read more[EWEEK.COM]

SOFTWARE SECURITY: In Patches We Trust: Why Software Updates Have to Get Better. All too often, security patches are breaking the devices they set out to protect, and trust in the software companies to protect those devices is wearing thin. Read more[ZDNET.COM]

Security PatchesMICROSOFT: Microsoft Patches Six Critical Security Flaws Affecting Windows, Office. Microsoft said Tuesday as part of its its monthly security bulletin that all Windows users should patch their systems to prevent attackers from exploiting at least two critical flaws. The first two critical patches fix a number of security vulnerabilities in Internet Explorer and Microsoft Edge respectively. The most serious flaw (MS16-001) affecting Internet Explorer could allow an attacker to remotely execute code by tricking a user into visiting a specially-crafted webpage. The attacker would gain the same user rights as the current user, which puts administrators at a greater risk. Read more[ZDNET.COM]

Security PatchesActivePERL: Security Patches for ActivePerl. In mid-December a number of security issues were identified in core modules of the Perl language. The first–found by David Golden of MongoDB and patched with code from Tony Cook–involved the File::Spec::canonpath() returning “untainted” strings even when passed “tainted” inputs. Read more[DZONE.COM]

OpenSSH: Patches Critical Flaw That Could Leak Private Crypto Keys. OpenSSH released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in separate advisories. Qualys’ security team found the vulnerability Jan. 11 and the OpenSSH team had it patched within three days. Read more[THREATPOST.COM]

Security PatchesGOOGLE: Rolls Out January 2016 Security Patches. Last year was a rather eventful one in terms of mobile software security, one which saw the rise and subsequent fall of the infamous Stagefright vulnerability, and around halfway through the year, Google and few major OEMs vowed to push monthly security updates to maintain a continuous integration cycle of patches and thus stay ahead of vulnerabilities and the usual 6 month update cycle. Read more[XDA-DEVELOPERS.COM]

OpenSSL: OpenSSL Team Fixes SSLv2 Downgrade Issue. The OpenSSL project has delivered on its promise made at the start of the week and released versions 1.0.1r and 1.0.2f, which addressed two security bugs, one labeled as “high severity” and one as a “low severity” issue. Read more[NEWS.SOFTPEDIA.COM]

Security PatchesMOZILLA: Patches Critical Vulnerabilities in Firefox 44. Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week. The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser. Read more[THREATPOST.COM]

MICROSOFT: January Security Patch Can Break SharePoint 2013. Microsoft’s Stefan Gossner described a workaround by installing patch KB3114508, released on Jan. 5. Klindt, in an update to his blog post, explained that it was an “individual patch from the Foundation CU that fixes” the problem. However, he noted that the patch should be tested first, as it can’t be uninstalled. Read more[REDMONDMAG.COM]

Security PatchesJAVA: 8 Critical Java Security Holes Fixed by Quarterly Patch. Oracle Corp.’s latest Critical Patch Update (CPU), published last week, includes fixes for eight Java security holes, three of which were rated critical, earning Common Vulnerability Scoring Standard (CVSS) scores of 10.0.Read more[ADTMAG.COM]

Application Development

Application Development

TRENDS IN 2016: 3 Trends That Will Shake Up App Development in 2016. With the number of apps and mobile users projected to increase exponentially, developers who create the most advanced technology fastest will gain the competitive edge needed to stand out amongst competition. Read the rest[INFORMATION-AGE.COM]

HYBRID APPLICATIONS: Web Standards Evolution Drives Hybrid Apps: IDC Study. Progress in the Web platform standards such as HTML5 and in the latest versions of iOS and Android has made Web languages and tools more viable for a greater swath of enterprise apps, according to a recent IDC study. In a report titled “The Evolving State of Mobile Software Development,” IDC analyst Al Hilwa says Web platform technologies now occupy an “ever-larger footprint” inside of many third-party cross-platform mobile platforms. Read more[EWEEK.COM]

Application DevelopmentAGILE & BUSINESS: Why One Real Estate CIO is Sold on Agile. A part of a plan to increase business value, Marcus & Millichap is embracing agile software development as it plans to refresh or replace several applications in 2016, says CIO Ken Sayward. Read more[CIO.COM]

HEALTH TECH & THE CLOUD: Sending Medicaid to the Cloud. The Wyoming state government already has considerable experience with cloud-based services. It uses Google Apps for Government, NEOGOV for human resources and is looking at Salesforce.com for customer relationship management. But as its Department of Health prepares to issue an RFP to replace its Medicaid Management Information System (MMIS), all eyes in the Medicaid IT sector are on Wyoming because it will be the first time a state has tried to move away from an expensive custom-developed system to an MMIS-as-a-service approach. Read more[GOVTECH.COM]

Penetration Testing

Penetration Testing

DHS: Giving Firms Free Penetration Tests. The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help “critical infrastructure” companies shore up their computer and network defenses against real-world adversaries. And it’s all free of charge (well, on the U.S. taxpayer’s dime). Read more[KREBSONSECURITY.COM]

Penetration TestingATTACK SIMULATION: Startup Offers Free Cyberattack Simulation Service. First came penetration testing, then the tabletop exercise, and now attack simulation — the relatively nascent practice of war-gaming attacks on your network to gauge how prepared (or not) you are, and where your weaknesses reside. Unlike pen-testing, attack simulation doesn’t run exploit code. It’s more about simulating the way attackers do their dirty work, from composing a phishing email and infecting a machine to the path the take to access and then pilfer credit-card data out of company. Attack simulation startup vThreat announced free access to its software-as-a-service based applications. The concept of simulating and providing a detailed postmortem of how an attacker could hack you is capturing some venture capital interest. Read more[DARKREADING.COM]

Penetration TestingSECURITY THINK TANK: Pen Testing Must Be Followed by Action. How can an organization ensure they get value from penetration and security testing services? What role can penetration and security testing play in improving the security of an organization? If the testing is comprehensive, carried out regularly and any issues found quickly corrected then the overall picture of an organization’s security is greatly improved, although it must be said that testing is not sufficient on its own. Read more[COMPUTERWEEKLY.COM]

AGENCIES: As hackers and other malicious actors become more sophisticated and agile in their attacks, federal agencies need to be proactive about cybersecurity. “Don’t wait to be hunted,” Linus Barloon, IT security branch manager for the U.S. Senate Office of the Sergeant at Arms, told attendees at the Public SectorCybersecurity Summit hosted by Raytheon | Websense on Dec. 1. “Start hunting,” he said. Read more [FEDERALTIMES.COM]

Electronic Document Management

Electronic Document Management2016 TRENDS: 8 Tech Trends Changing How We Work In 2016. People value the flexibility to work from anywhere, any time, on any device, and have come to expect this user experience. What does this mean for the business? Greater complexity to support the end user experience in a secure way. However, the benefits to the business when they support mobile workspaces and workplace of the future are typically substantial. Here are some key trends that organizations need to consider and prepare for as the workforce of the future is at their doorsteps today. Read more[FORBES.COM]

GOVT TECH 2016: 3 Government Tech Trends to Watch in 2016. Legislation under the U.S. Patriot Act and Government Paper Elimination Act, as well as recent programs such as the Affordable Healthcare Act, have legalized electronic signature applications and made the use of digital document management systems not only available, but a requirement in some cases. Read more [NEXTGOV.COM]

Electronic Document ManagementINTEGRATORS: Document Overload. Just like the security market, the language services industry is undergoing major technology advances. Manual processes are more a thing of the past. Quality localization is as much about the varying cultures and languages as it is about data mining and document management systems. There are three major categories of work that must be completed when going global. Read more[SECURITYINFOWATCH.COM]

PHARMA: Streamlining the Regulatory Review Process in Pharma: The Upcoming Transition to Electronic Common Technical Documents. For pharmaceutical companies, filing Common Technical Documents (CTDs) is a critical aspect to the regulatory approval process. Historically, this process has been paper-centric until recently. Read about a recent collaborative effort between West Pharmaceutical Services, FDA, Health Canada and others to establish a process and protocol for filing CTDs electronically, which will likely become common practice as early as 2017. Read more [RAPS.ORG]

Big Data

Big DataFRAMEWORKS: Five Things You Need to Know About Hadoop v. Apache Spark. They’re sometimes viewed as competitors in the big-data space, but the growing consensus is that they’re better together. Read more[INFOWORLD.COM]

ANALYTICS: Top Programming Language In Demand. If you are looking to advance your career or considering who to hire in 2016, you may be looking at particular skills sets, including coding. But what languages should you target? One programming language instructor has made a discovery in Google Trends: Starting in Nov. 2015, more people were searching for “learn Python” than were searching for “learn Java” for the first time ever. That’s when those two points converged as Python continued to rise and Java edged ever so slightly upward over the last few years. Read more[INFORMATIONWEEK.COM]

Big DataDATA VISUALIZATION: Making Big Data More Meaningful through Data Visualization. Jans Aasman Ph.D., psychologist and expert in cognitive science as well as CEO of Franz Inc., discusses the use of semantic visual discovery to make big data meaningful. Read more[INSIDEBIGDATA.COM]

APPLICATION DEVELOPMENT: 4 Great Leaps Machine Learning Made in 2015. Until recently, machine learning was an esoteric discipline, used only by a few who understood the algorithms and had access to tons of data on which to employ it. But with big data technology becoming a commodity and algorithms easier to use, machine learning has moved out of the shadows and into the hands of citizen developers and regular users. Read more[INFOWORLD.COM]

Big Data

CUSTOMER SERVICE: What Big Data Can Do For Your Contact Center. Almost two-third of contact center operations depends on voice services. But the future of contact centers is no more limited to just voice calls. A recent survey suggests that in the next couple of years, a larger number of users will choose digital interactions over voice-based interactions for connecting with contact centers. Read more[INSIDEBIGDATA.COM]

ANALYTICS: Fighting Evil AI, IBM Opens Watson IoT HQ: Big Data Roundup. Elon Musk invests in AI to benefit humanity. Microsoft is acquiring SQL queries for all data by all users. IBM is connecting Watson with IoT via APIs. Read more[INFORMATIONWEEK.COM]

Big Data

QUALITY CONTROL: Big Data’s Billion-Dollar Quality Problem: 3 Tips for Sidestepping It. The costs of working with dirty data are staggering. Save money and time by following these tips on how to improve the quality of your company data. Read more[TECHREPUBLIC.COM]

2016: 6 Predictions For Big Data Analytics And Cognitive Computing In 2016. The larger market for business analytics software and business intelligence solutions which now includes the new disciplines of data science and cognitive computing, is at least 5 times bigger. But a much larger market, which may indeed approach a trillion dollar sometime in the not-distance future, includes the revenues companies in any industry will generate from “monetizing” their data and algorithms. Read more[FORBES.COM]

Project Management

Project Management

PROJECT MANAGERS: Project Managers Are Great Change Managers Too. Driving transformational change can seem like an insurmountable challenge. But you may already have more resources at your disposal than you think. Read more[MANAGERS.ORG.UK]

BEST PRACTICES: 5 Reasons You Didn’t Get That Last Project Management Job. You wanted a job or tried for a career move that didn’t happen. Here are five top reasons why you maybe didn’t land the position. Read more[CIO.COM]

Project ManagementTHE CLOUD: Managing Projects in the Cloud. Technology is moving to the cloud. We no longer use our precious SSD space to store the pictures from our recent holidays. Our personal files are located on Dropbox, Google Drive or any other storage or sharing service. This not only helps in keeping the files safe from the hardware malfunctions, but also assists in sharing the data with our networks. Besides these obvious incentives there are a growing number of reasons to use cloud-based project management. Read more[SMARTDATACOLLECTIVE.COM]

cURL: How to cURL the JIRA Project Management API. The cURL project is the cross-browser command line utility for transferring files using various protocols. The project consists of two products; curl is the CLU for sending or receiving files using URL syntax; libcurl is the client-side URL transfer library that supports a range of protocols, including FTP, IMAP, SMTP and HTTPS, among many others. Learn more [PROGRAMMABLEWEB.COM]

Microsoft

MicrosoftSHAREPOINT & SALESFORCE: 7 Steps to Integrate Salesforce With Sharepoint. Here’s a tutorial on how to use Microsoft Azure to integrate Salesforce with Sharepoint. Read more[DZONE.COM]

AZURE CLOUD: Microsoft to Cut Some Azure Computing Prices. The cloud pricing race to the bottom continues. Good news for businesses using Microsoft’s Azure cloud platform: their infrastructure bills may be shrinking come February. Microsoft announced that it will be permanently reducing the prices for its Dv2 compute instances by up to 17 percent next month, depending on the type of instance and what it’s being used for. Users will see the greatest savings if they’re running higher performance Linux instances — up to 17 percent lower prices than they’ve been paying previously. Windows instance discounts top out at a 13 percent reduction compared to current prices. Read more[COMPUTERWORLD.COM]

MicrosoftBUSINESS INTELLIGENCE: Microsoft’s Power BI Starts 2016 With Excel-Friendly Updates. Microsoft introduces more ways of working with Excel data along with new collaboration, alerting and printing capabilities. Read more[EWEEK.COM]

OFFICE 2016 FOR MAC: Office 2016 for Mac Updates with Fullscreen Outlook, Other New Features. Microsoft has updated Office 2016 for Mac, adding not just bugfixes but new features for all of the apps in the suite, such as Outlook and PowerPoint. Read the rest[APPLEINSIDER.COM]

Search Engines & Technology

Search Engines & Technology

ELASTICSEARCH: Elasticsearch Servers Targeted by Linux-Based Botnet Operators. A honeypot experiment ran by AlientVault has shown that the recent security vulnerabilities discovered in Elasticsearch servers over the summer are now actively being used by botnet operators. Read more[NEWS.SOFTPEDIA.COM]

SEO: Is Google’s Search Market Share Actually Dropping? In a followup to his 2014 survey, contributor Eli Schwartz shares his data on search engine market share and looks at how it’s changing over time. Read more[SEARCHENGINELAND.COM]

Search Engines & Technology

ARTIFICIAL INTELLIGENCE: Google’s Tough Search — A Quantum Leap in Computing Power. A computer that’s millions of times faster than the most powerful machine available today could improve everything from climate and disease research to understanding the contents of every YouTube video. That’s the promise of another ambitious, long-term Google project that the Internet giant opened up about this week. Like other so-called moonshots, this one could take a decade or more to produce anything of tangible value, according to experts in the field. But Google is hopeful. Read more[BLOGS.WSJ.COM]

Search Engines & Technology

BIG DATA SEARCH: 9 Useful Open Source Big Data Tools. Hadoop is not the end-all, be-all of Big Data. There are lots of other Big Data platforms and tools, many of which are open source. Apache Solr is designed to be highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and other features. Read more[ENTERPRISEAPPSTODAY.COM]

For the CTO, CIO & CISO

For the CTO, CIO & CISOLOOKING BACK: 7 Times Technology Transformed Government. Federal Times just wrapped up its 50th year publishing the news and information that matters to federal employees. One thing is certain: in that time, technology drove a number of government transformations. Among all of the possible examples, a few stand out as key moments. Here are the seven most important technology innovations and events — in chronological order — that have shaped the way government operates today. Read more[FEDERALTIMES.COM]

ENCRYPTION DEBATE: 8 Things CIOs Should Know. Governments want access to encrypted communications to prevent terrorist attacks, but IT professionals and tech vendors say any weakening of encryption is a threat to privacy and data security. Read more[INFORMATIONWEEK.COM]

For the CTO, CIO & CISOCYBERSECURITY: Year of ‘Fairly Unsophisticated Breaches’ Underscores Need for Cyber Hygiene, According to CISOs. After a year of high-profile breaches, organizations should concentrate on reinforcing crumbling security foundations rather than adopting complex new software, said 25 chief information security officers in a recent survey. Read more[FEDSCOOP.COM]

FEDERAL GOVT CTO: 6 Predictions for Federal IT in 2016. 1) Cyber crime legislation goes global. 2) Intelligence officers go rogue. 3) Increased attacks on critical infrastructure. 4) Cloud gets less scary. Read the rest[FEDERALTIMES.COM]

For the CTO, CIO & CISOCTO: U.S. CTO Megan Smith Promotes Obama Tech Initiatives with Help from Seattle Techies. U.S. Chief Technology Officer Megan Smith took to the stage last week at CES 2016 to highlight and encourage participation in a variety of technology initiatives being pursued by the White House. She had help from a couple of prominent Seattle techies: City of Seattle CTO Michael Mattmiller and CTO of the Department of Veterans Affairs Marina Martin. Read more[GEEKWIRE.COM]

CIO: Software Defined Networking, IoT Top CIO’s Strategic Priorities. Avnet’s CIO Steve Phillips plans to build and test a software-defined network and an Internet of Things solution for predictive machine maintenance. He will also mix agile and waterfall methodologies, as part of a plan to adopt a bimodal IT development process. Read more[CIO.COM]

For the CTO, CIO & CISOCISO: Business Confidence in Cloud Security Grows. According to a Cloud Security Alliance (CSA) survey, 64.9% of IT leaders think the cloud is as secure or more secure than on-premises software. This could be the result of the fact that 71.2% of companies now have a formal process for users to request new cloud services. Read more[INFOSECURITY-MAGAZINE.COM]

MANAGEMENT: CIOs – Don’t Think Your Role is Mostly Operational. Business peers want you leading the digital transformation, a new survey says. Read more[CIO.COM]

For the CTO, CIO & CISOLOOKING BACK: 7 Times Technology Transformed Government. Federal Times just wrapped up its 50th year publishing the news and information that matters to federal employees. One thing is certain: in that time, technology drove a number of government transformations. Among all of the possible examples, a few stand out as key moments. Here are the seven most important technology innovations and events — in chronological order — that have shaped the way government operates today. Read more[FEDERALTIMES.COM]

ENCRYPTION DEBATE: 8 Things CIOs Should Know. Governments want access to encrypted communications to prevent terrorist attacks, but IT professionals and tech vendors say any weakening of encryption is a threat to privacy and data security. Read more[INFORMATIONWEEK.COM]

For the CTO, CIO & CISOCYBERSECURITY: Year of ‘Fairly Unsophisticated Breaches’ Underscores Need for Cyber Hygiene, According to CISOs. After a year of high-profile breaches, organizations should concentrate on reinforcing crumbling security foundations rather than adopting complex new software, said 25 chief information security officers in a recent survey. Read more[FEDSCOOP.COM]

FEDERAL GOVT CTO: 6 Predictions for Federal IT in 2016. 1) Cyber crime legislation goes global. 2) Intelligence officers go rogue. 3) Increased attacks on critical infrastructure. 4) Cloud gets less scary. Read the rest[FEDERALTIMES.COM]

Incident Response

Incident ResponseNETWORKS: The Incident Response “Fab Five”. CISOs should consider and coordinate incident detection and response in five areas: hosts, networks, threat intelligence, user behavior monitoring, and process automation. Read more[NETWORKWORLD.COM]

FEDERAL GOVERNMENT: Incident Response in the Spotlight. The White House is devising a plan specifying federal agencies’ responsibilities in the event of a crippling cyberattack, which could be released as an executive order or presidential directive in the next few months, MC has learned. The guidance will address the federal response to a cyberattack against “critical infrastructure,” including power plants, chemical facilities, banks and telecommunications providers, according to industry officials. The goal is to ensure agencies are focused on chasing hackers out of compromised systems rather than figuring out who to call or talking to lawyers. Read more[POLITICO.COM]

Incident ResponseOPINION: A Breach is Coming — Is Your Agency Ready? Advanced threats are spreading at an alarming rate, putting agency data at risk and making attacks almost inevitable. In July, the Government Accountability Office reported that information security incidents involving federal agencies skyrocketed from 5,503 in fiscal 2006 to 67,168 in fiscal 2014. Read more[FCW.COM]

VICTIMS OR VILLAINS: Intelligent Incident Response Can Save the Day. We all know the lessons of nursery school tales: don’t lie, don’t steal, and play nice with others. The data breach morality tale is a bit more complicated. When you find out someone is stealing from you: don’t lie, act quickly, and be nice even when everyone’s mad at you. If you get defensive or try to be sneaky, you’ll go from victim to villain in the swipe of a headline. Data breaches are happening with greater frequency, and are compromising larger volumes of data, than ever before. Read more[INFOSECURITY-MAGAZINE.COM]

Operating Systems

Operating Systems

NETWORK SECURITY: Juniper Will Repatch Its Netscreen Operating System. Company says there’s nothing wrong with the current patch, but redoing it will make ScreenOS more robust. Read more[NETWORKWORLD.COM]

THOUGHT LEADER ON LINUX… AND MORE: Why Linux Is Still Better Than Windows 10. Why one writer dumped Windows and switched to Linux 13 years ago, and Amazon wants its Android OEMs to integrate its services into their phones. Read more[INFOWORLD.COM]

Operating SystemsAPPLE: Safari Suggestions Bug Causes Browser Crashes in iOS and OS X. A server-side problem with the Safari Suggestions feature in recent versions of iOS and OS X appears to be causing Safari to crash and hang for some users. Developer Steve Troughton-Smith helped to identify the issue overnight, though it has also been discussed in a pair of Reddit threads in the Apple subreddit. The problem appears to be causing hanging and strange behavior in OS X and outright crashes in iOS. Going to Settings > Safari in iOS (or to the Safari Preferences and then the Search tab in OS X) and disabling the Safari Suggestions feature appears to fix the problem, or you could try using another browser. Read more[ARSTECHNICA.COM]

MOBILE: 5 Gmail App Alternatives for Android. For most Android users the stock Gmail or Email apps on smartphones and tablets is plenty. They have enough features or functionality to complete most daily tasks. But…not everyone wants to use Gmail. Here’s a list of five or so great Email app alternatives for Android. Read more[GOTTABEMOBILE.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: Researchers Uncover JavaScript-based Ransomware-As-Service. Malware, based on Node.js desktop framework, offered up to would-be extortionists for fee. Read more[ARSTECHNICA.COM]

JAVA: Java Loses No Luster in Popularity Index. Once mired behind the C language in popularity, Java has regained its mojo and is expected to have bright future as it retains its top spot for the month. Read more[INFOWORLD.COM]

C#: How to Work with Sockets in C#. Take advantage of sockets in C# to implement inter-process communication for the purpose of sharing data over a network. Read more[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

RUBY ON RAILS: Ruby on Rails Takes on Node.js with WebSocket Support, API Mode. The first beta for the 5.0 edition of the popular Web framework for Ruby is out, with WebSockets support as a major feature — and with Ruby 2.2.2 as a requirement. Read more[INFOWORLD.COM]

ANGULAR 2: Up Close with Google’s Angular 2 JavaScript Framework. Here’s all you need to know about Angular 2, the exciting new successor to Google’s wildly popular JavaScript framework, AngularJS. Read more[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

ADOBE: Finally Tells Developers to Stop Using Flash. Once the primary means of making animation, browser games and interactive visualisations for the web, Adobe Flash has been ailing for a long time. And now — after almost everyone else recognised the massive security and performance problems with the proprietary tech — its makers Adobe have announced that it will be moving away from the platform. Adobe said that it would now encourage developers to “build with new web standards”, primarily HTML 5. Read more[WIRED.CO.UK]

FTC: Ruling Against Oracle Shows Why It’s Time to Dump Java. The FTC says Oracle hasn’t been uninstalling older, insecure versions of Java. It’s time for users to ditch client-side Java altogether. Read more[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

GOOGLE: Confirms Next Android Version Won’t Implement Oracle’s Proprietary Java APIs. Google is replacing its implementation of the Java application programming interfaces (APIs) in Android with OpenJDK, the open source version of Oracle’s Java Development Kit (JDK). The news first came by a “mysterious Android codebase commit” from last month submitted to Hacker News. Google confirmed to VentureBeat that Android N will rely solely on OpenJDK, rather Android’s own implementation of the Java APIs. Read more[VENTUREBEAT.COM]

Programming & Scripting Development Client & Server-Side

JAVA: Developers Can Dish Out Tastier Web Apps with JSweet. With JSweet, which recently became available via open source, developers can leverage their Java skills to build Web apps in JavaScript. The technology transpiles from Java to TypeScript and, in turn, JavaScript. TypeScript is a Microsoft-built superset that compiles to JavaScript. Read more[INFOWORLD.COM]

JAVASCRIPT: Ransom32 – Even JavaScript Can Implement Ransomware. Despite JavaScript living inside the browser’s protected and sandboxed environment, restricted on what it can or not do on the user’s machine, it is still possible for those restrictions to be bypassed upon infection with ‘drive-by download’ malware. Read more[I-PROGRAMMER.INFO]

Programming & Scripting Development Client & Server-Side

IN-DEMAND SKILLS: What Are the Most-Wanted Data Science Skills for 2016? To find the most-wanted data science skills, CrowdFlower analyzed job postings on the business-oriented social media site, LinkedIn. Hadoop, Python, Java, and R round out the top five in-demand skills. Read more[ADTMAG.COM]

NEVER TOO EARLY: Fisher-Price Now Has a Toy That Teaches Preschoolers How to Code. When is the ideal time to start your child on the path to a comfortable and mostly satisfying career as a developer? High school? Grade School? Fisher-Price thinks preschoolers should be introduced to the problem solving skills they might one day need to be a great coder. Read more[GIZMODO.COM]

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: JavaScript as the Language of the Cloud. JavaScript is the essential glue that holds cloud apps together. A decade in the software industry is like a century in other fields. Browsers are no longer dumb terminals, and JavaScript has emerged as a tool for building cross-platform apps. Expensive and bloated Java application servers declined in popularity years ago. Node has emerged as a platform for server-side JavaScript. Read more[COMPUTERWORLD.COM]

NODE.js: Node.js Welcomes Microsoft’s Chakra JavaScript Engine. Node has traditionally been focused on Google’s V8 JavaScript engine, but adding ChakraCore support will allow developers to target more platforms. Read more[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

JAVA: PayPal is the Latest Victim of Java Deserialization Bugs in Web Apps. The company’s Java-based, back-end system was vulnerable to an attack that researchers have warned about for a year. Read more[PCWORLD.COM]

ORACLE & JAVA: Oracle Pushes Java Fix: Patch It or Pitch It. Oracle has shipped an update for its Java software that fixes at least eight critical security holes. If you have an affirmative use for Java, please update to the latest version; if you’re not sure why you have Java installed, it’s high time to remove the program once and for all.Read more[KREBONSECURITY.COM]

Cloud Computing

Cloud Computing

2016 PREDICTIONS: 5 Aspects of Cloud Computing to Watch Out For in 2016. The cloud computing space evolved a lot in 2015. 2016 holds quite a bit in store, like a rise in hybrid cloud, container tech, and more. Read more[DZONE.COM]

INDUSTRY SNAPSHOT: Adobe, Microsoft, Red Hat Aim For Cloud Makeovers. The Internet cloud generally refers to services delivered online, such as software downloads, video streaming and data stored in remote data centers that consumers can access anywhere via mobile devices. For makers of desktop software, the rise of such services has caused a revolution, not just in software packaging (there is none), but also in drastically reducing customers’ initial costs of implementing and using new programs. As a result, Adobe and Microsoft are shifting from selling boxed software and one-time licenses to monthly or annual subscription services delivered over the Internet. Read more[NEWS.INVESTORS.COM]

Cloud Computing

MICROSOFT: Adds Virtual Array to StorSimple Hybrid Cloud Storage. The company adds a new virtual array product to its StorSimple line of hybrid cloud storage and announces updates to its 8000 Series hardware and Cloud Appliance. Read more[EWEEK.COM]

DATA PROTECTION: When It Comes to Cloud Security Which is Better? Heavy Hand or Gentle Policing? When it comes to successfully managing cloud use within the enterprise, some security organizations try to establish and enforce firm lines between what is permissible and what is banned, while others try to learn what their employees are trying to achieve and help them do so more securely. In a recent interview, Jim Reavis, cofounder and chief executive officer at the Cloud Security Alliance, shares a sense of what enterprises think about cloud deployments and cloud security. As a nonprofit, the Cloud Security Alliance promotes the use of security assurance best practices in cloud computing, as well as cloud computing education. Read more[CSOONLINE.COM]

Cloud Computing

USDA: Ramps Up Cloud Service Strategy. As director of the Department of Agriculture’s relatively new cloud strategy and policy office, Tony Cossa is working to build out department’s cloud services and drive a cultural change inside and across government agencies. Read more[GCN.COM]

RANSOMWARE: Ransomware a Threat to Cloud Services, Too. Ransomware – malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin – has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services. Read more[KREBONSECURITY.COM]

Cloud Computing

ENTERPRISE: Are Enterprises Taking On More Cloud Services Than They Can Handle? Does it make sense to have a lot of clouds doing different things for the enterprise? A recent study suggests enterprises may be taking on more cloud services that they can handle. What is a solid threshold for cloud service adoption? Read more[FORBES.COM]

MICROSOFT: Microsoft to Donate Cloud Services Worth $1 Billion Over 3 Years. Microsoft Corp. will donate cloud services worth more than $1 billion to nonprofit groups over the next three years in a bid to “advance the public good” and help solve some of the world’s toughest problems, President and Chief Legal Officer Brad Smith said. Read more[BLOOMBERG.COM]

Encryption

Encryption

CYBERSECURITY: Privacy Groups Discuss Encryption with White House. White House officials met Dec. 10 with multiple civil liberties groups behind a petition urging the Obama administration to support strong encryption. Administration officials told representatives from the American Civil Liberties Union, the Center for Democracy and Technology, Human Rights Watch, Access Now and New America’s Open Technology Institute that they planned to issue a formal response over the holidays. Read more[FCW.COM]

Encryption

FBI: Renews Warnings on Terror and Encryption, With No Clear Solution in Sight. Lawmakers face dueling security concerns as tech companies warn any backdoor access to encrypted data will pave the way for cyber attacks. In the wake of the Paris and San Bernardino terror attacks, a long-simmering debate over thesecurity risks of terrorists using encryption has come to a boil. Speaking before Congress last week, FBI Director James Comey reiterated warnings that popular encrypted communication apps are making it difficult for law enforcement officials to monitor suspected criminals and terrorists. Read more[FASTCOMPANY.COM]

Encryption

SSL: Testing Your SSL Encryption Can Provide Important Security Insights. Since the Heartbleed vulnerability of 2014, more IT managers have been concerned about the integrity of their SSL encryption, TLS services and associated supporting code libraries. And while most SSL technology vendors have patched their servers since then, there are still many ways to take advantage of this encryption protocol that you should be aware of. A new series of free SSL server tests from High-Tech Bridge can help highlight any problems and potentially show you what is going on with how you encrypt your Internet traffic. Read more[SECURITYINTELLIGENCE.COM]

Encryption

SECURITY: The Government Really Doesn’t Seem to Like Encryption. Cryptographers, civil libertarians, and privacy advocates have spoken loud and clear about how weakening encryption will make online communications and e-commerce more vulnerable (and make tech companies less competitive economically). But the war against crypto rages on in the wake of terrorist attacks in Paris and San Bernardino. Read more[WIRED.COM]

Business Intelligence

Business IntelligencePREDICTIONS: Six Business Intelligence Predictions For 2016. #1: The big bang you hear is the explosion of innovation. #2: We must adapt or die. #3: Whose BI will you buy? Read the rest[FORBES.COM]

ANALYTICS: 3 Trends for Government Data Analytics. In 2015, data discovery moved out of the IT shop and onto users’ desktops. Tools such as Tableau, QlikView, Domo and Datameer augmented existing enterprise IT systems and allowed individuals to apply sophisticated visualization capabilities to vast amounts of existing data without writing code. The days of submitting requirements, designing and developing solutions and testing and deploying systems over many months (or years) for all things data-related have faded. Read more[GCN.COM]

Business IntelligenceSTATE CIOs: Top Priorities For State CIOs: 2016. State government CIOs face many of the same challenges that private sector IT executives do, such as updating systems for a digital world, securing those systems, and leveraging big data. Here are their top 10 priorities, according to NASCIO’s annual membership poll. Read more[INFORMATIONWEEK.COM]SOFTWARE: Forrester Predicts Boom Time for Software. Cloud, Saas and business analytics set to drive up demand for software. Read more[COMPUTERWEEKLY.COM]

Federal Government

Federal GovernmentMOBILE: New Rules Coming for How Agencies Buy Mobile Services. Anne Rung, OFPP administrator, and Tony Scott, the federal chief information officer, issued a draft policy in late December to try, once again, to better manage the $9 billion agencies spend annually on software licenses. The draft policy, which currently shows only four comments, would increase the number of enterprise software license agreements available across government. Read more[FEDERALNEWSRADIO.COM]

EPA: EPA’s IT Modernization Starts with Agility. Ann Dunkin, CIO of the Environmental Protection Agency, discusses how the agency is changing the way IT services are developed and paid for. Read more[GCN.COM]

Federal Government

FEDERAL AGENCY IoT: Are Agencies Really Ready for the Internet of Things? It’s a hydra-headed opportunity and test – and it’s not something agencies can afford to ignore. The much-hyped Internet of Things (IoT) is exponentially more risky, rewarding and challenging than yesterday’s tech arrangements. Increasingly connected, sensor-laden and data-driven systems are poised to change everything from national security to office-space management. But they generate more data and complexity than many agencies are comfortable managing, which means serious changes are on the horizon. Read more[FCW.COM]

Federal Government

SOFTWARE: Federal Agencies Face Compliance Issues by Sticking with SQL Server 2005. Microsoft will no longer provide security updates for its SQL Server 2005 relational database platform as of April 2016. For federal agencies that looming deadline means they need to upgrade to ensure they are in compliance with data security laws and regulations. Federal agencies need to make sure they comply with applicable IT laws, including the Federal Information Systems Modernization Act. Learn more[FEDTECHMAGAZINE.COM]

Federal GovernmentANALYSIS: What Does Federal Spending in 2016 Mean for the Cybersecurity Sector? President Barak Obama included $14 billion for cyber security spending in his 2016 budget. A look at some key numbers and trends for 2016 reveals big opportunities for vendors who provide cyber products and services to federal agencies, and big challenges for federal agencies around recruiting and retaining cybersecurity staff. Read more[CSOONLINE.COM]

NIST: A Conversation With The Most Influential Cybersecurity Guru To The U.S. Government. Ron Ross is a Fellow at the National Institute of Standards and Technology, or NIST, a non-regulatory agency of the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Check out his comprehensive approach to data security. Read more [FORBES.COM]

Federal GovernmentSURVEY: Majority of Agencies Follow NIST Cybersecurity Framework. A recent survey found that 82 percent of 150 IT and security professionals in the federal government said their agencies are either fully or partially implementing the NIST Framework for Improving Critical Infrastructure Cybersecurity. When broken down further, 53 percent are fully implementing, with 29 percent partially implementing the guidance. Read more[GCN.COM]

ENCRYPTION: Why Federal Encryption Regulations Could Put Cybersecurity At Risk. Efforts to pass regulations in response to new security technology could, however, run into legal and constitutional roadblocks. End-to-end encryption may be defended under the Fourth Amendment right to privacy against unreasonable search, as wiretapping often occurs without proper warrants on civilians who are not suspected of being involved in criminal activity. Read more[BROWNPOLITICALREVIEW.ORG]

IT - State & Local Governments

IT - State & Local Governments

SEATTLE: Begins Three-Year IT Consolidation. Over the next three years, Seattle will consolidate its disparate IT departments into a new agency, called Seattle IT, and city officials expect big things from the change. Read more[GOVTECH.COM]

US COUNTIES: New Interactive Tool Provides Key County Info. The NACo County Explorer is a web-based visualization tool that provides key information on a wide variety of topics that are summarized at the county-level. An interactive map allows users to explore a variety of indicators, such as population density, median household income, and number of endangered and threatened species. County profiles are provided to highlight data and information related to key federal policies and legislation. Read more[COAST.NOAA.GOV]

IT - State & Local GovernmentsLOCAL BANKS: These Cyberthreats May Be Coming to a Local Bank Near You. A common consumer of news might assume that financial services hacking incidents are just a big-bank problem. Cyberintrusions of the largest institutions by sophisticated criminals and potentially foreign governments are well documented. But community banks of every stripe should be on alert for a genus of attacks meant more for smaller institutions than bigger ones. On Nov. 3, the Federal Financial Institutions Examination Council issued a joint statement intended for community banks warning of the “increasing frequency and severity of cyberattacks involving extortion.” Read more[AMERICANBANKER.COM]

IT - State & Local GovernmentsBIG BANKS: S&P Downgrades Holding Companies of Eight U.S. Banks. Standard & Poor’s cut its nonoperating holding company (NOHC) ratings on eight U.S. “global systemically important banks” by one notch, citing uncertainty about the U.S. government’s willingness to provide support to the banking system if it came under stress. Read more[REUTERS.COM]

DHS: House Bill Lets State, Local Take Advantage of DHS Cyber Tools. New legislation requires DHS to open the National Cybersecurity and Communications Integration Center (NCCIC) to state and local governments that request assistance, either in shoring up cybersecurity posture or help investigating a specific incident. Read more[FEDERALTIMES.COM]

IT - State & Local GovernmentsMICHIGAN: Report Rips Security of State Computer Systems. Hundreds of state computer servers are vulnerable to hacking and failure because of outdated operating systems, ineffective security configurations, poor password control, failure to install security patches and a lack of timely scanning to detect vulnerabilities, according to a report released Thursday by Michigan Auditor General Doug Ringler. Read more[FREEP.COM]

INDUSTRY PERSPECTIVE: 4 Critical Challenges to State and Local Government Cybersecurity Efforts. While the federal government works on big-picture solutions, state and local government agencies are under tremendous pressure to secure critical data, infrastructure and services. In fact, cybersecurity is the No. 1 strategic IT priority in 2015 for state and local agencies, according to the National Association of State Chief Information Officers. Read more[GOVTECH.COM]

IT - State & Local GovernmentsVOTING SECURITY: Outdated Voting Machine Technology Poses Security and Election Risks. A new report highlights the looming crisis state and local governments face with aging voting machine technology ahead of the 2016 election. A recent report by the Brennan Center for Justice at New York University School of Law found that the expected lifespan of core components in electronic voting machines purchased since 2000 is between 10 and 20 years, and for most systems it is probably closer to 10 than 20. Experts surveyed by the Brennan Center agree that the majority of machines in use today are either “perilously close to or exceed these estimates.” Read more[STATETECHMAGAZINE.COM]

IT Security | Cybersecurity

IT Security | Cybersecurity

ENCRYPTION: Security Experts Support Dutch Stance on Encryption. Security experts have come out in support of a Dutch government statement against weakening encryption for the purposes of law enforcement and intelligence agencies. Read more[COMPUTERWEEKLY.COM]

MICROSOFT: As Microsoft Support Winds Down, Security Risks Ratchet Up. When it comes to security, government IT managers do their best to balance risk and cost. In 2016 that balance will be harder to maintain when “extended support” for some Microsoft products ends. Read more[GCN.COM]

IT Security | CybersecurityWEB BROWSERS: Web Developers Rejoice; Internet Explorer 8, 9 and 10 Die Soon. Internet Explorer has long been the bane of many Web developers’ existence, but here’s some news to brighten your day: Internet Explorer 8, 9 and 10 are reaching ‘end of life’, meaning they’re no longer supported by Microsoft. A patch, which goes live on January 12, will nag Internet Explorer users on launch to upgrade to a modern browser. KB3123303 adds the nag box, which will appear for Windows 7 and Server 2008 R2 users still using the old browsers after installing the update. Read more[THENEXTWEB.COM]

SOFTWARE: Schools Face Security Risks as End of Support for SQL Server 2005 Looms. Microsoft will end security support for SQL Server 2005 in April 2016, and schools must prepare to upgrade. Read more[EDTECHMAGAZINE.COM]

IT Security | Cybersecurity

NETWORKS: 5 Cybersecurity Trends to Watch for 2016. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute put the average cost of a data breach at $3.79 million, and that figure is expected to grow in the year ahead. With the right resolutions, you can drastically reduce your chances of falling prey to cybercriminals. Here are five major trends in cybersecurity that you should have in mind when updating your InfoSec plans for 2016. Read more[NETWORKWORLD.COM]

2016 THREATS: Cybersecurity Nonprofit Addresses 2016 Threats for States, Localities. The head of the Multi-State Information Sharing and Analysis Center shares what he’s hoping to educate governments about in the new year. Read more[FEDSCOOP.COM]

IT Security | Cybersecurity

WASHINGTON STATE: Announces Federal Cybersecurity Partnership, Office of Privacy and Data Protection. Washington Gov. Jay Inslee recently named two new ways the state will protect its systems and the data of its citizens. Read more[GOVTECH.COM]

CYBERSECURITY SALARIES: Top Cyber Security Salaries In U.S. Metros Hit $380,000. Last week Forbes reported that there are over one million cybersecurity job openings in 2016. This week they take a look at the highest paying jobs in cybersecurity. Read the rest[FORBES.COM]

IT Security | Cybersecurity

ATTACKS/BREACHES: Former Director Of NSA And CIA Says US Cybersecurity Policy MIA. Gen. Michael Hayden says US government doesn’t have the ‘framework’ to handle attacks by nation-states, others against the power grid, data. Read more[DARKREADING.COM]

FEDERAL IT: Cybersecurity Underfunded, Industry Tells Congress. Agency IT managers who believe they do not have the resources to adequately fight cybersecurity threats got some backing from industry experts who voiced the same concerns to Congress. Read more[GCN.COM]

IT Security | Cybersecurity

LEGAL: How to Secure Law Firms. Cybersecurity practice groups are springing up at law firms at a rapid pace. This should come as no surprise given the increasing number of high profile hacker attacks. While these teams of legal professionals are assisting corporate America with understanding potential liability associated with security breaches, there is an obvious, yet less often discussed question: What should law firms be doing to protect the security of their own data and the integrity of their IT infrastructure? Read more[BOL.BNA.COM]

MARKETS: Cyber Security, Small Business And The 2015 Trends That Will Matter More In 2016. Frank Sorrentino, Chairman and CEO of ConnectOne Bank (CNOB), examines the top three themes that influenced banks, small businesses and the economy at large in 2015 – many of which still remain top-of-mind today. Read the rest

[FORBES.COM]

IT Security | Cybersecurity

TRAVEL SECURITY: T.S.A. Moves Closer to Rejecting Some State Driver’s Licenses for Travel. As soon as next year, a driver’s license may no longer be enough for airline passengers to clear security in some states, if the Department of Homeland Security has its way. Federal officials said they would soon determine whether Transportation Security Administration agents would start enforcing a 10-year-old law that required states to comply with a set of federal standards when issuing driver’s licenses. Read more[NYTIMES.COM]

HOME IT SECURITY: Rarely Patched Software Bugs in Home Routers Cripple Security. Wi-Fi devices, vulnerable to hackers, show difficulty of updating software after release. Read more[WJS.COM]

IT Security | Cybersecurity

ANDROID: Android Security: Nearly Third of Owners Don’t Use a Lockscreen Passcode. Not only is Android patching a source of security concerns, Android owners are less inclined than iPhone owners to enable the lockscreen passcode. Read more[ZDNET.COM]

APPLE: Apple’s iOS 9.2.1 Is Here, and It Fixes a Security Hole from 2013. Users of iPhones, iPads and iPods probably didn’t give much thought to Tuesday’s iOS update, which brings the mobile OS to version 9.2.1. According to Apple, the update contains “security updates and bug fixes,” with the company highlighting an issue that can prevent app installation completion when using an MDM server. But it’s notable that one of those security updates fixes quite a nasty security bug that’s been discovered nearly three years ago. Read more[MASHABLE.COM]

IT Security | Cybersecurity

SURVEY: Releases Findings into NHS IT Security Levels. Sophos recently released the results of its survey assessing IT security levels within NHS organizations. The study, which included 250 NHS-employed CIOs, CTOs and IT Managers, revealed a gap between perceived beliefs of IT security levels and the actual IT security structures that are currently in place, with 76% of respondents believing that the NHS is well-protected against cyber-crime. Despite this, as little as 10% felt that encryption was well-established within the NHS. Read the rest[INFOSECURITY-MAGAZINE.COM]

IT Security | Cybersecurity

INDUSTRY 4.0: Revolutions Require Security — From The Outset. It is said that the ‘fourth industrial revolution’ is taking place right now. It’s said to be bringing massive disruptive changes to the way humanity produces stuff and does business. There are great hopes that these changes will help bring about a leap in business productivity and efficiency. At the same time, there are fears it could also cause millions of job losses and bring poverty to whole communities. With so much at stake, it’s more than just a buzzword; it’s also why it’s this year’s central theme at the World Economic Forum. Read more[FORBES.COM]

IT Security | Cybersecurity

CLOUD COMPUTING: Why Cloud Computing Will Shake Up Security. In 2016, you can expect massive changes in the security landscape. Technology providers such as firewall vendors, switching vendors and others will fade as new solutions better suited to the cloud computing environment emerge. On the flip side, companies that provide encryption and anti-malware technologies will continue to see their fortunes rise because the demand will continue to grow. But to thrive, these vendors must bring out new products and services evolved for cloud computing. Read more[TECHCRUNCH.COM]

PC SECURITY: How to Build the Ultimate Free PC Security Suite. Take some time next weekend to secure your PC without spending a dime. Read more[PCWORLD.COM]

IT Security | Cybersecurity

MANAGEMENT: IT Security Staff Want a Challenge, Not More Money. The notion that people are mercenaries when it comes to work and would most likely move if given an opportunity to earn more is, by a large margin, incorrect. That’s basically what a new report by developers AlienVault says. The report, entitled ‘Blood on HR’s floor – The challenge of Retaining IT Security Skills’, has a couple of interesting points. Read more[ITPROPORTAL.COM]

NETWORK SECURITY: 91 Percent of IT Security Execs Say Their Company’s Sensitive Data Is Vulnerable. And 39 percent have suffered a data breach or failed a compliance audit due to security issues in the past year alone, a recent survey found. Read more[ESECURITYPLANET.COM]

IT Security | Cybersecurity

FDA: FDA Guidelines Target IoT Medical Device Security. The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices. “A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats,” the FDA says in its proposal. Read more[TECHNEWSWORLD.COM]

RESEARCH: IT Security Pros Lack the Confidence and Know-how to Protect Payment Data. 54% of surveyed IT professionals said their companies had a data breach involving payment data an average of four times in past two years. Read more[INFORMATION-AGE.COM]

Tech Vulnerabilities

Tech VulnerabilitiesTHREATS: BackStab Attack Takes Indirect Route To Mobile Data. Attack technique takes advantage of weak protections around mobile user’s backup files. While there are plenty of mobile device vulnerabilities just waiting for bad guys to pick up on, some of the lowest hanging fruit for mobile-oriented attackers isn’t on the device itself. Instead, the softest target comes in the form of insecure back-ups stored on a traditional desktop or laptop. Read more[DARKREADING.COM]

COMPUTER SUPPORT: Vulnerabilities Found in Lenovo, Toshiba, Dell Support Software. The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect. The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges. Read more [CIO.COM]

Tech VulnerabilitiesGOOGLE: Patches Critical Media Processing and Rooting Vulnerabilities in Android. Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages. Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin. Read more[INFOWORLD.COM]

CLOUD: Security Worries Hamper Adoption of Cloud Technology. Companies migrating to the cloud plan to enforce internal security policies: 56 percent plan to improve identity and authentication management. Read more[EWEEK.COM]

From the Blue Mountain Data Systems Blog

Three-Dimensional Governance for the CIOhttps://www.bluemt.com/three-dimensional-governance-for-the-cio

7 Reasons to Take Control of IT Incidentshttps://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/

Breach Mitigation Response Time Too Long, Survey Sayshttps://www.bluemt.com/breach-mitigation-response-time-too-long-survey-says/

Six Tactics for Cyberdefensehttps://www.bluemt.com/six-tactics-for-cyberdefense/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems BlogMalware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of Labor Employee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. Vesely Founder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAILpaul@bluemt.com

WEBhttps://www.bluemt.com