Is Your SOC Flying Blind?, (Sun, Jun 3rd):
After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
- Which security controls are not sending data to your SOC?
- Would your SOC know when your most critical systems stopped sending their logs?
- What is the baseline of traffic volume in and out of your sensitive network zones?
- What is the health status of your security agents?
Share what you find valuable on your SOC wall!
(Via SANS Internet Storm Center, InfoCON: green)
Typical mistakes of SOCs – forgetting the audience, not accommodating multiple audiences, and not providing content tailored to each audience. Metrics, analytics, dashboards, and reporting are every bit important as any other SOC function.
The Bleak State of Federal Government Cybersecurity | WIRED
It’s a truism by now that the federal government struggles with cybersecurity, but a report recent report by the White House’s Office of Management and Budget reinforces the dire need for change across dozens of agencies. Of the 96 federal agencies it assessed, it deemed 74 percent either “At Risk” or “High Risk,” meaning that they need crucial and immediate improvements.
While the OMB findings shouldn’t come as a complete shock, given previous bleak assessments—not to mention devastating government data breaches—the stats are jarring nonetheless. Not only are so many agencies vulnerable, but over half lack even the ability to determine what software runs on their systems. And only one in four agencies could confirm that they have the capability to detect and investigate signs of a data breach, meaning that the vast majority are essentially flying blind. “Federal agencies do not have the visibility into their networks to effectively detect data exfiltration attempts and respond to cybersecurity incidents,” the report states bluntly.
Perhaps most troubling of all: In 38 percent of government cybersecurity incidents, the relevant agency never identifies the “attack vector,” meaning it never learns how a hacker perpetrated an attack. “That’s definitely problematic,” says Chris Wysopal, CTO of the software auditing firm Veracode. “The whole key of incident response is understanding what happened. If you can’t plug the hole the attacker is just going to come back in again.”
This isn’t just my tax $ failing to protect me, it’s all Americans and residents and taxpayers whose tax money fails to protect them as well.
Makes one think more critically about the Executive Branch deciding that there is no need for key CyberSecurity jobs including the Coordinator position. It also makes one wonder if the States, like California, New York, and Texas, can together force better Federal cybersecurity through legal action.
How to Use Suica with Apple Pay when Traveling to Japan – Mason Simon
Suica is one of the main transit payment cards in Japan. It has a cute and fun design and works in lots of places aside from train stations. Apple supports using your Suica via Apple Pay, and has a great support article on how to set that up. Unfortunately, it didn’t work for me.
I live in USA and traveled to Tokyo recently. I used an iPhone X (supported) and followed all the steps in the support article, including setting my device region to Japan. But when I went to add a new card to Apple Pay, I never received the prompt to add a Suica.
After a couple of pleasant calls with Apple support, it sounded like the problem was that I had an Apple Music subscription, which locked my iTunes account to USA. I tried canceling that, but you have to wait for the thing to expire, and my trip would be over by then.
Luckily, there is another way.
(Via Mason Simon)
Read on for the scoop. This is one of the best write-ups I’ve seen & the one I wish was around when I moved here.