Lucia Febechi Okaro

This article explain how a business owner was extorted through DDoS. His attackers wanted him to pay them to stop attacking his website. Rather than give in to the extortionist, he decided to fight back, which started a two weeks cat and mouse game with the hackers. In the end, he was able to stop the attack, but at what cost?

Was it really…[Read more]

Article link : http://thehill.com/policy/cybersecurity/225845-defense-bill-requires-cyberattack-reporting

This article talks about a clause in a defense bill that mandates government contractors to report on cyber attacks. If this bill is passed, certain contractors will be required to report on attack with details including :
1. Techniques were used in the cyber attack
2. A sample of any malicious software used in the hack
3. Summary of any…[Read more]

This article talks about the 5 ways health data breaches are worse than financial data breaches. I found this interesting because Prof, Senko talks about how the health industry is “unsecure” yet the impact from such breaches are usually severe.
Link:http://www.govhealthit.com/news/5-ways-health-data-breaches-are-far-worse-financial-ones

A bug was discovered on Apple’s iOS that allows hackers to install a malware app on your phone. Once installed, the app can used to steal data off the phone, possibly including sensitive banking and email log-in information. FireEye discovered the loophole in July and privately told Apple about the bug. But last week, the first known campaign to…[Read more]

SAN assignment 4 : When assessing vendor application quality, it is important to first establish goals and criteria of the process. Although the assessment process is complicated, the information gathered can be used to ensure that the vendor security selected is in line with business requirements.

SAN assignment 5: This talks about the risks…[Read more]

Article : FCC fines 2 phone companies $10 million over data breach

Two companies TerraCom and YourTel America posted private information (drivers license, social security number etc) of over 300,000 clients on the internet. They were immediately fined by FCC, after a reporter stumbled upon the information through a google search. I found this…[Read more]

Key point form reading : The aftermath of 9/11 were comprehensive laws and regulations that contained detailed provisions to make the United States secure. Organizations were created to provide detailed recommendations on how to prevent such an attack from happening again. In essence, the united states created a disaster recovery plan.…[Read more]

Physical security is all about minimizing the impact of environmental, technical and human-caused threats. It is important for organizations to conduct a threat analysis before implementing a physical security plan.

My article is about the new windows 10 OS and its agreement policy. Microsoft aims to release a “technical preview” of their new windows 10 OS with an agreement policy that says “Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we c…[Read more]

Chapter 16 reading: Information technology security management are guidelines that allow an organization to protect its IT assets and operations from internal and external threats. It provides guidelines for risk mitigation and business continuity.

It is essential that all levels of management agree with the IT security policy and that it is…[Read more]

My article is on Ebay and the accusation that they did not respond to a cyber attack. According to the article, the attack was hidden behind a fake iphone5 posting. From my understand when customer clicked on the listing, they were redirected to an ebay look alike site and their information was grabbed. It took over 12 hours for ebay to finally…[Read more]

The readings this week talked about risk management , security management systems and the steps to implement them (Plan -do-act-check). This really stuck to me because I have audited a company’s policy using IS0 27001 and it is amazing how some of them print off an IT security policy from the internet and stick their logo on it. There is no…[Read more]

From recent happenings, I think it is safe to say that there is no “perfect system”. The fact that humans are in the equation makes the process of risk mitigation a bit more complicated.

In the news this week is Florida’s new law data breach law. It seems that governments are now reacting to this new data breaching trend. Florida has expanded its definition of personal information and what needs to happen if there is a breach.

link :…[Read more]

Key point in the reading: The aftermath of a security breach to company goes beyond the dollars they have to re-invest to secure their systems. Its about the lack of faith from their customers and damages their reputation. With the likes of Target, Home Depot, Goodwill etc. Target experienced a 2 to 6 percent decrease in sales the last week of the…[Read more]

In the wake of the recent cyber attacks going on around the world (Home Depot, Target, I cloud etc.), a company called Trustwave has decided to open an ethical hacking lab. The lab is based in Chicago and will focus primarily on testing consumer based products (phones, webcams, ATMs etc.) . The article talked about being able to hack into an ATM…[Read more]

Also , from this week’s reading, I realized that business risks are related to the organization and its core processes. Before a risk assessment, it is important to understand the business environment and its processes.

A question for my classmate would be : The book talked about vendor neutral programs, do any of you in the industry know if…[Read more]

This week, I chose an article that talks about how the icloud was “hacked” and personal pictures of celebrities were leaked to the public. The articles talks about how a script was used to access the icloud services via the “find my iphone feature” . An apparent flow in this apple feature allowed the hackers to try several password combinations…[Read more]