Russia and China to agree in Information Security measurements

It was announced this week that officials from Russia and China are seeking to establish an agreement on information security, specifically to stop any potential escalation from cyber attacks. At first glance I am skeptical of any agreement between Russia and China, mainly because of.....history. However, it appears on the surface that they are taking these steps in order to simply "cooperate" (whatever that means).

Federal Government to Use Pin and Chip Technology

I was in South Africa earlier this year for business. The first night out at dinner our group split the check evenly, two of us being from the US found it very strange when the waitress approached the table with a portable credit card terminal. It turned out that most countries in Africa use advanced chip and pin technology in order to prevent credit card fraud. Our dinner mates found it very strange that we would just hand our cards off to a complete stranger to take across the restaurant to pay the bill...I had to agree this was not the best method. Last week I ordered my first chip and pin card from my credit card company, which happened to arrive on the same day that President Obama ordered all federal agencies to begin using chip and pin terminals for transactions. Seems a bit late, but at least we are taking steps to securing ourselves against fraud.

Standards of Due Diligence

In chapter 7 of our text standards of due diligence is discussed as certain organizations being legally required to maintain a certain level of security(Whitman & Mattord, 2014). A quick Google search led me to this article on on hedge fund businesses and how they must always stay ahead of the technological curve. They can no longer simply state that their due diligence has been done, they must often prove how it has been tested. Thinking about the worlds financial markets, and the hundreds of billions of dollars in hedge funds, it makes sense to me that standards for security will be developed here. People with that kind of money are always targets, and it is easy to understand why their systems must be completely secure. Whitman, M. E., & Mattord, H. J. (2014). Management of Information Security. Stamford: Cengage.

Security Awareness Training Is Top Priority

According to a study published this week by PWC, security related incidents continue to rise, creating staggering losses for large companies. The main cause for the incidents remain to be employees; which by no surprise may lead to why employee security awareness training programs are the top priority among the firms surveyed. Education and prevention is by far much more favorable than spending on recovery efforts. For some reason this makes me think of Smokey the Bear and his motto, "Only You Can Prevent Forest Fires". InfoSec needs a spokesbear, too.