Pointers: Recommended reading

Lessons learned from data breaches; Password hackers on the loose; the Internet and civic engagement; and Twitter guidelines

Data breaches: 5 security lessons learned
Source: InformationWeek

An analysis of three data breaches in the private sector provides some hard-earned lessons learned for any organization that stores personal data.

Lesson No. 1: Get serious about Web security. It’s not enough to install firewalls and keep up with security patches, according to the article. Security must become part of the application development process.

The authors also note that intrusion detection systems, vulnerability scanners and other security tools can never keep up with the bad guys. They advise using event management systems and similar technology to watch for unusual traffic that could indicate a possible security problem.

Password hacking: Sizing up the threat
Source: InfoWorld

InfoWorld’s Roger Grimes identifies the six most daunting threats to the security of your password.

One technique is password sniffing. It involves installing a standard network protocol analyzer — often called a sniffer — between the authentication client and authentication database, Grimes said. If the log-on credentials are not protected en route, they are easy pickings.

Other techniques try to avoid the log-on process altogether. In authentication bypassing, hackers might use a separate boot disc to gain access to the data partition they want without ever seeing a log-on prompt.

The article discusses the best defenses against those and other techniques.

The Internet and civic engagement
Source: Pew Internet and American Life Project

The nation’s well-to-do could lose their grip on the political process thanks to the Internet, according to a new report from the Pew Internet and American Life Project.

On the one hand, the digital divide is still apparent: People who are educated and financially secure are more likely to participate in political activities, such as sending a letter to a government official or making a contribution to a candidate — whether they do it online or off-line.

But socioeconomic factors appear to play less of a role in the type of political involvement that centers around blogs and social-networking sites. That is because younger users — ages 18 to 29 — have higher levels of online engagement than their older and more affluent counterparts, the report states.

Twitter guidelines: The UK edition
Source: The E-government Bulletin

Government officials in the United Kingdom recently drafted guidelines for agencies that want to join the conversation on Twitter.

The guidelines highlight the various objectives Twitter might help agencies achieve and metrics for measuring their success. For example, if agencies hope to provide “thought leadership,” they should measure the frequency with which their updates are retweeted by other users.

The guidelines also identify risks and possible mitigation strategies. For example, agencies concerned that sensitive or embargoed information might be published in error can develop light but effective procedural controls or require that a digital media team approve all tweets before posting.

About the Author

John Monroe is Senior Events Editor for the 1105 Public Sector Media Group, where he is responsible for overseeing the development of content for print and online content, as well as events. John has more than 20 years of experience covering the information technology field. Most recently he served as Editor-in-Chief of Federal Computer Week. Previously, he served as editor of three sister publications: civic.com, which covered the state and local government IT market, Government Health IT, and Defense Systems.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.