<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>SC Magazine Discussion  by Dr MJ Frederick</title>
      <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0</link>
      <description>Operations Security</description>
      <language>en-us</language>
      <pubDate>2017-09-30 21:09:13 UTC</pubDate>
      <lastBuildDate>2018-11-03 01:42:08 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>Zero Trust (group 1)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/292770162</link>
         <description><![CDATA[<div>This article gives an example of how an attaker can have control of your computer data and use it any way he/she wants. It gives an example about how costumer of booking.com received email with their actual hotel reservation from an attaker who had stolen data from booking.com.  The attaker was phishing for personal information. <br><br><a href="https://www.scmagazine.com/home/security-news/how-consumers-can-adopt-a-zero-trust-mindset-for-cybersecurity/">https://www.scmagazine.com/home/security-news/how-consumers-can-adopt-a-zero-trust-mindset-for-cybersecurity/</a>&nbsp;<br><br>Group 1<br>Marleni Chiappini<br>Jessie Spires<br>Tyler Orr<br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-10-15 12:37:18 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/292770162</guid>
      </item>
      <item>
         <title>Data from soldiers’ fitness trackers reveal sensitive locations, routines (Group 8)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/292840849</link>
         <description><![CDATA[<div>A heatmap of two years’ worth of fitness tracker Strava’s global data, released last November but discovered more recently by an Australian student, inadvertently revealed the location of U.S. military facilities in war zones.<br><a href="https://www.scmagazine.com/home/security-news/privacy-compliance/data-from-soldiers-fitness-trackers-reveal-sensitive-locations-routines/">https://www.scmagazine.com/home/security-news/privacy-compliance/data-from-soldiers-fitness-trackers-reveal-sensitive-locations-routines/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-10-15 14:27:35 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/292840849</guid>
      </item>
      <item>
         <title>Group 7 (Nate Orolfo</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293106182</link>
         <description><![CDATA[<div>A sibling duo embedded malware into prominent figures in the Italian government and other public figures. These people became victim to a spear-phishing tactic that has been going on for years. The emails with the malware contained .zip files that contained EyePyramid, allowing the access of the victim's data. But the attackers were caught due to lack of OPSEC. They communicated and talked about their victims on their phones, used IP addresses associated with their company, and then tried to delete the evidence when they were caught.</div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/cybercrime/italian-sibling-hack-team-not-sophisticated-but-efficient-report/" />
         <pubDate>2018-10-16 00:00:15 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293106182</guid>
      </item>
      <item>
         <title>Group 5</title>
         <author>mark_deel</author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293319321</link>
         <description><![CDATA[<div>This article discusses overall policy changes to our national cyber security strategy.  This is a product of a risk management process on currently existing assets and policies and updating them to a less passive/more aggressive strategy.</div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/white-house-touts-release-of-national-cyber-strategy/" />
         <pubDate>2018-10-16 13:31:21 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293319321</guid>
      </item>
      <item>
         <title>Android spyware BusyGasper has many features, but few known victims ( Group 3)</title>
         <author>pytou1995</author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293578921</link>
         <description><![CDATA[<div>This article is about mobile malware implant that is called BusyGasper. This mobile malware targets the Android users. Blog post, Kaspersky Lab researcher Alexey Firsh reports that BusyGasper has existed since May 2016. Malware could reportedly issue around 100 commands, and its capabilities include spying on device sensor, exfiltration data from messaging app such as WhatsApp and Facebook, keylogging, and bypassing the Doze battery saver.<br><a href="https://www.scmagazine.com/home/security-news/android-spyware-busygasper-has-many-features-but-few-known-victims/">https://www.scmagazine.com/home/security-news/android-spyware-busygasper-has-many-features-but-few-known-victims/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-10-16 19:45:53 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293578921</guid>
      </item>
      <item>
         <title>Group 1</title>
         <author>cameronbartlett1998</author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293627604</link>
         <description><![CDATA[<div>This article discuses the "Securing Our Critical Infrastructure" conference. Where four NCSA panelist discuss the worries and future of cyber security. All 4 panelist agreed there is no huge threat to cyber security right now. The four panelist answered question from an audience at their CyberSecurity Summit.<br><br><br><a href="https://www.scmagazine.com/home/security-news/expanding-attack-surfaces-and-difficulties-obtaining-the-right-people-worry-ncsa-panelists/">https://www.scmagazine.com/home/security-news/expanding-attack-surfaces-and-difficulties-obtaining-the-right-people-worry-ncsa-panelists/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-10-16 22:49:20 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293627604</guid>
      </item>
      <item>
         <title>Group 9</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293636997</link>
         <description><![CDATA[<div>A data breach at the Pentagon occurred not involving the Pentagon directly but by a third-party vendor. This breach exposed the PII of at least 30,000 military and civilian personnel. One industry member pointed out the "weak link" in contractors while another commented on the increase PII information on the Dark Web.<br><br></div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/pentagon-data-breach-exposed-30000-travel-records/" />
         <pubDate>2018-10-16 23:39:23 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293636997</guid>
      </item>
      <item>
         <title>Group 2 Embracing the social network.</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293652842</link>
         <description><![CDATA[<div>&nbsp;</div><div>Here is an article about Embracing the social network world keeping important data safe online. Expressing even though social media is here to stay like Email we need to walk before we run with the idea of integrating everything through online social platforms.</div><div>&nbsp;</div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/opinions/embracing-the-social-network/" />
         <pubDate>2018-10-17 01:11:18 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293652842</guid>
      </item>
      <item>
         <title>Group 4</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293653116</link>
         <description><![CDATA[<div>This article simply talks about advancements that need to be taken by our government to improve our infrastructure's security level.</div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/about-us/editorial/infrastructure-security-power-to-the-people/" />
         <pubDate>2018-10-17 01:12:47 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293653116</guid>
      </item>
      <item>
         <title>Group 6</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293663542</link>
         <description><![CDATA[<div>https://www.scmagazine.com/home/industrial-tech-security-association-set-up-ncsc-calls-for-cooperation/<br><br>Internal informational tech security is very important to keep information within the company. Procedures such as auditing and biometric authentication are used in hand with relevant access to employees. We can use a more constant structure to keep employees informed and honest. However, security should not just focus on internal systems and protecting from breaches to our technology. In this day and age, threats come in many forms, so we need to expand our reach. Operations security is an often overlooked concept that can be used to protect sensitive information within companies and even in our personal lives. By evaluating the information that needs to be kept secret and analyzing the potential external threats, we can begin to create an idea of the need for operations security. Many competitors will evaluate a company to piece together information that is exposed in order to make a profile they can use to get an advantage on business tactics. In order to overcome this, a company must evaluate its threats, risks, and vulnerabilities and figure out which ones must be prioritized. When this list is made, countermeasures can be made to negate these risks. A countermeasure that stops a threat or vulnerability to precious information has completed the final step of operations security.<br><br>Considering how critical operations security is, it comes as no surprise that an association such as Iotsa has been established. As the article notes, adversarial entities are constantly analyzing the latest trends, practices and holes to be found in operational security. Whether it be criminal activity or state-sponsored espionage, gaps in the understanding and implementation of operational security can and will be exploited by those intending to do others harm. Cyberwarfare is a very real issue, and has become enough of an issue that the UK has seen fit to call for sanctions on participating countreies over it (https://www.thenational.ae/world/europe/uk-calls-for-sanctions-on-russia-over-cyber-warfare-1.780817Links to an external site.). Identifying and addressing what data could be targeted,and by whom, followed by analyzing vulnerabilities and countering them, si the only way to protect critical assets.<br><br>Operational security is the process of determining if friendly actions can be observed by enemy intelligence and then reduce or eliminate exploitations with countermeasures, for example having employees follow strict policies when a network change has been done while monitoring and logging all changes, always having a group or someone to identify and respond to risks on a timely fashion, restricting admission to network devices and utilizing a dual control system so the same set of employees aren’t in charge of security and network at the same time.<br><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-10-17 02:03:03 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/293663542</guid>
      </item>
      <item>
         <title>Group 5</title>
         <author>mark_deel</author>
         <link>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/300021605</link>
         <description><![CDATA[<div>This article discusses overall policy changes to our national cyber security strategy. This is a product of a risk management process on currently existing assets and policies and updating them to a less passive/more aggressive strategy.</div><div><br></div><div><br><br></div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/white-house-touts-release-of-national-cyber-strategy/" />
         <pubDate>2018-11-03 01:40:14 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/cgk1ljaqt4k0/wish/300021605</guid>
      </item>
   </channel>
</rss>
