Pointers: Recommended reading

Lessons learned from data breaches; Password hackers on the loose; the Internet and civic engagement; and Twitter guidelines

Data breaches: 5 security lessons learned
Source: InformationWeek

An analysis of three data breaches in the private sector provides some hard-earned lessons learned for any organization that stores personal data.

Lesson No. 1: Get serious about Web security. It’s not enough to install firewalls and keep up with security patches, according to the article. Security must become part of the application development process.

The authors also note that intrusion detection systems, vulnerability scanners and other security tools can never keep up with the bad guys. They advise using event management systems and similar technology to watch for unusual traffic that could indicate a possible security problem.

Password hacking: Sizing up the threat
Source: InfoWorld

InfoWorld’s Roger Grimes identifies the six most daunting threats to the security of your password.

One technique is password sniffing. It involves installing a standard network protocol analyzer — often called a sniffer — between the authentication client and authentication database, Grimes said. If the log-on credentials are not protected en route, they are easy pickings.

Other techniques try to avoid the log-on process altogether. In authentication bypassing, hackers might use a separate boot disc to gain access to the data partition they want without ever seeing a log-on prompt.

The article discusses the best defenses against those and other techniques.

The Internet and civic engagement
Source: Pew Internet and American Life Project

The nation’s well-to-do could lose their grip on the political process thanks to the Internet, according to a new report from the Pew Internet and American Life Project.

On the one hand, the digital divide is still apparent: People who are educated and financially secure are more likely to participate in political activities, such as sending a letter to a government official or making a contribution to a candidate — whether they do it online or off-line.

But socioeconomic factors appear to play less of a role in the type of political involvement that centers around blogs and social-networking sites. That is because younger users — ages 18 to 29 — have higher levels of online engagement than their older and more affluent counterparts, the report states.

Twitter guidelines: The UK edition
Source: The E-government Bulletin

Government officials in the United Kingdom recently drafted guidelines for agencies that want to join the conversation on Twitter.

The guidelines highlight the various objectives Twitter might help agencies achieve and metrics for measuring their success. For example, if agencies hope to provide “thought leadership,” they should measure the frequency with which their updates are retweeted by other users.

The guidelines also identify risks and possible mitigation strategies. For example, agencies concerned that sensitive or embargoed information might be published in error can develop light but effective procedural controls or require that a digital media team approve all tweets before posting.

About the Author

John Monroe is Senior Events Editor for the 1105 Public Sector Media Group, where he is responsible for overseeing the development of content for print and online content, as well as events. John has more than 20 years of experience covering the information technology field. Most recently he served as Editor-in-Chief of Federal Computer Week. Previously, he served as editor of three sister publications: civic.com, which covered the state and local government IT market, Government Health IT, and Defense Systems.


  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected