What to Do? Breach Response

Posted on by Excelsior Staff

Most recently, a hack on the infidelity website known as Ashley Madison made the identities of thousands of formally confidential members public. Despite the disadvantages of these hacks, they can teach us some important things about cybersecurity.Years ago, a business could plan to secure its enterprise. The IT department would harden the system and in most cases there would be a reasonable assurance the enterprise was relatively safe. Things have changed as technology has improved. This improvement has come at a price. The
speed of advancement has not been the easiest environment in which to apply security. This lack of applied security has promoted several issues. This has been noted in many breaches. This has clearly only grown in importance as the breaches the breaches are more common and the businesses provide more data to steal.

In the case of a breach, the first act is that the alleged breach must be verified to have occurred. If one did occur, the business needs to analyze what was affected. Not all breaches are reportable. If there happens to be data involved of a consumer confidential nature, there would need to be a notification. The trigger point would be the data having social security numbers, driver’s license numbers, financial account numbers, passwords, and other personally identifying information.

The business also may be required to notify the affected parties with in a specific amount of time. This period varies on the state and federal level, depending on the subject matter and jurisdiction.  Many states instead of putting a number of this period, simply state this have to be done within a “reasonable” time period. This generally is accepted as 45 days. If there is HIPAA information involved, there may be a timeline in place for the notification.

Once the timeline is in place and divided on, the notice itself has to be written. This is also dependent on the jurisdiction. Certain states have requirements that have to be met. For instance, Rhode Island has for its notification law six items to be met. There may be a template or form letter to be used.

These events are not going to slow down in occurrence or magnitude. As the attackers have operationalized this as a business, it has proven itself to be a revenue producer, and popular as an attack tool.

About Charles Parker, II

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.

What does your email username say about you?

Posted on by Excelsior Staff

Remember when it was fun and necessary to be creative with a user name? It may have even been a competition.  Let us remind you of some creations that we may have seen in the last two decades: AnGelgurl4Life, Aquagirl007, cutemomma0f3, or how about 2fast4u81?

While these are fun, catchy, and may even speak to us, they can come across as unprofessional to others. Think about how hiring managers would react to your email address when your resume pops into their in boxes.  What do you think their first reaction would be? Here are some good thoughts for creating a professional user name that will help you to create a good first impression:

  • Create an email that includes your first and last name with a number. You can also use a combination of these, for example an initial and number would also work.

    SNL
    image retrieved from http://quickbase.intuit.com/blog/10-most-cringe-worthy-career-mistakes
  • Another benefit to using your name is that the receiver will automatically know who you are and would not have to search the message for your information.
  • Think of Jane Doe. What would be a good email for her? JaneDoe12@….com, DoeJ@….com, or DoeJane1@….com would all suffice. We’re sure you could come up with many other combinations as well.

So we challenge you to take a look at your email. What would make it more professional? Does it include your name? Does it have the potential to make someone think differently of you?  Don’t miss out on an opportunity due to an email user name that is just plain silly.

Your Student Success Coaches,

Savannah & Hannah

Savannah White, Student Success Coach
Savannah White, Student Success Coach

Understanding Hepatitis: Diagnosis, Symptoms, and Treatment

Posted on by Nursing Staff

What is Hepatitis?

The word hepatitis breaks down to hepa, which refers to the liver, and itis, which means inflammation. Therefore, hepatitis means there is inflammation of the cells within the liver.

Several types of acute (short-term) and chronic (long-term) hepatitis exist. These are primarily caused by viruses, but can also be caused by bacterial infection, and immunological disorder, or liver damage resulting from consumption of alcohol, drugs, or poison.

Magill’s Medical Guide summarizes the five most common types of hepatitis as follows:

  1. Hepatitis A (HAV) is caused by consumption of contaminated food or water.
  2. Hepatitis B (HBV) is a sexually transmitted disease.
  3. Hepatitis C (HCV) is spread via direct contact with the blood of someone who is infected with HCV.
  4. Hepatitis D (HDV) is seen only in someone who is also infected with hepatitis B.
  5. Hepatitis E (HEV) is caused by eating or drinking contaminated food or water.

Other forms of hepatitis include:

  • Hepatitis G (GBV-C), spread by the blood of someone infected with GBV-C.
  • Hepatitis X, diagnosed when the inflammation cannot be identified as any other form of hepatitis.

How is hepatitis diagnosed?

An individual who suspects they may have hepatitis should see a health care provider as soon as possible, not only to seek diagnosis and treatment, but to reduce the spread of this disease. The health care provider will take their health history, ask about their symptoms, and conduct blood and other diagnostic tests, such as a liver biopsy, ultrasound, and CT scans.

What are the symptoms of hepatitis?

Symptoms of hepatitis include fatigue, flu-like symptoms, abdominal pain, loss of appetite, unexplained weight loss, and yellowing of eyes and skin. Dark urine and pale stools may also be present. If left untreated, the liver will eventually stop functioning normally and liver failure can occur. This can result in bleeding disorders, fluid buildup in the abdomen which can cause breathing difficulty, liver cancer, kidney failure, and a decrease in mental abilities. If left unchecked, it can also lead to death.

How is hepatitis treated?

Treatment varies with the type of hepatitis. For instance, hepatitis A, acute hepatitis B, and hepatitis E do not require treatment beyond bed rest and hydration. Avoiding alcohol is also important for those with hepatitis, since alcohol is toxic to the liver. Other forms of hepatitis are treated with different medications that target specific types of viruses. Some individuals with hepatitis C may need a liver transplant.

If you think you may have hepatitis, or have questions about this disease, contact your primary health care provider. You can also seek out support groups for those affected by specific forms of hepatitis.

References

Alder, R. P., & Irons-Georges, T. (2016). Hepatitis. Magill’s Medical Guide (Online Edition).

Attracting More Men to the Nursing Profession

Posted on by Nursing Staff

male nurse at work stationDid you know that men have always been nurses? The first school for male nurses was established in India around 250 BCE, and documentation exists of men serving as nurses as far back as 1600 BCE and the 2nd Century CE.

However, many nursing organizations in the late 1800s and early 1900s restricted men from entering nursing. In their 2008 article about men in nursing, Brown, Nolan and Crawford note that even Florence Nightingale believed that “men’s ‘hard and horny’ hands were not fitted ‘to touch, bathe and dress wounded limbs, however gentle their hearts may be.’” Over time, Nightingale’s view led to the exclusion of males from nursing.

Today, men are more widely accepted as nurses. But the number of men in nursing continues to lag behind other previously single-gendered professions in achieving demographics that reflect the gender statistics of the general population; while only 10% of nurses are men, men currently make up 49% of the American population. Although the number of male nurses will increase over time, only about 20% of current nursing students are male.

There are several reasons for this, but measures can be taken to increase the number of men pursuing careers in nursing. For example, publishing children’s books depicting men in nursing, introducing men who are nurses at school career days, linking male nursing mentors to male nursing students, using gender-neutral language in nursing scholarship applications, and featuring more images of male nurses in recruitment collateral.

The mission of the American Assembly for Men in Nursing (AAMN) is to shape the practice, research, and leadership for men in nursing and advance men’s health. The purpose of AAMN is to provide a framework for nurses as a group to discuss and influence factors that affect men as nurses. AAMN is a national organization with local chapters such as the New York Capital Region (NYCR) chapter.

Membership in AAMN is open to any nurse, male or female, to better facilitate discussion and meet the most important objective of AAMN, which is to strengthen and humanize health care. To learn more, visit AAMN.org or contact Excelsior College faculty program director Mark Wahl, MS, RN, at mwahl@excelsior.edu.

 

References

Brown, B, Nolan, P., & Crawford, P. (2000). Men in nursing: Ambivalence in care, gender and masculinity. International History of Nursing Journal, 5(3), 4 – 13.

Kenny, P. (2008). Men in nursing: a history of caring and contribution to the profession (part 1). Pennsylvania Nurse, 63(2), 3 – 5.

Robert Wood Johnson Foundation. (2016). The changing face of nursing: Creating a workforce for an increasingly diverse nation. Charting Nursing’s Future: Reports That Can Inform Policy and Practice, 27, 1 – 8. http://www.rwjf.org/content/dam/farm/reports/issue_briefs/2016/rwjf425988

United States Census Bureau. (2014). American community survey. https://www.census.gov/programs-surveys/acs/

United States Census Bureau. (2014). Quickfacts. https://www.census.gov/quickfacts/table/PST045215/00

 

The Community College Cybersecurity Summit (3CS) Recap

Posted on by Excelsior Staff

The Community College Cybersecurity Summit (or 3CS) was held in Pittsburg in July. This conference, while targeted at community colleges offered several sessions that would appeal to university faculty, cybersecurity practitioners, and government. What differentiates this conference from most other cybersecurity conferences is the wealth of hands-on, innovative, and collaborative sessions. This is the place to be if you are an educator looking to introduce cybersecurity concepts into a course, build an entire curriculum around security, or revitalize material. Not an academic? That’s fine, too. By offering the sessions in such a collaborative way professionals may hone skills and learn new approaches and identify how business, academia, and government can support each other and cybersecurity for our country.

Prominent at this conference were several National Science Foundation (NSF) funded projects to help insert secure coding and other cybersecurity fundamentals into new and existing courses and information on how to improve our country’s cybersecurity academic offerings through the National Security Agency/Department of Homeland Security (NSA/DHS) Centers of Academic Excellence (CAE) programs. These programs showcased some of what was available through generous grants intended to disseminate information and empower educators to improve curriculum. The collaborative environment ensured that any attendee who needed assistance or wished to further the ideas presented would have a venue and contacts to accomplish that goal. The overall feeling was of a shared mission, understanding of the similar issues so many faced, and of empowerment.

The National Cyber Summit Recap

Posted on by Excelsior Staff

The National Cyber Summit (NCS) June 7-9, 2016 in Huntsville, Alabama was one of the best cybersecurity conferences I have attended. The conference included many sessions ranging from paper presentations, new technology overviews, and hands-on workshop sessions. The keynote speakers were knowledgeable, funny, and engaging, and included Lt. Gen. Edward Cardon, Commander US Army Cyber Command and Second Army, the Honorable Mike Rogers, former US House of Representatives from Michigan, and the closing keynote speaker was John Matherley, Founder and CEO of Shodan. Thought provoking ideas offered by the presented included questioning how the 2nd Amendment may or may not apply to cybersecurity and the actions of the US in retaliation against cybersecurity threats and exploits.

The sessions ranged from innovative new product ideas offered in proof-of-concept type sessions that were as vendor neutral as a company can get while still sharing new innovation to topic-specific ways to secure systems, networks, and industries. The applications ranged from kiosk solutions to small networks to world-wide-WANS and cloud services and all sizes in between. Several calls to action included the need for innovative solutions to cybersecurity problems, additional education, training, and certification to empower and equip cybersecurity professionals and those new to the field to meet, mitigate, and hopefully eliminate the threats. The problem with this conference was determining which of the concurrent sessions to attend during each period. The dates for next year have already been shared (June 6-8, 2017) and I plan to go next year!

R.I.S.E Webinar: Web Security

Posted on by Excelsior Staff

When we think of the impact of the Internet on our daily lives, we can’t help but be astonished at the breadth and depth of the effect it has on all aspects of our world. For the vast majority of us, the Web is our means of accessing Internet resources. The Web employs an innovative and unique method of incorporating text, graphics, audio, video, and links to other sites to allow us to transcend geographical and other barriers as we use it to communicate, search, share, and buy. During the webinar, attendees will learn about basic concepts of security while using the Internet. This webinar is the eighth in a series of eight webinars discussing the fundamentals of cybersecurity (Cybersecurity 101).

Presenter: Dr. Kevin Newmeyer, NCI Fellow

Currently the Chief of Staff for the DoD High Performance Computing Modernization Project, Dr. Newmeyer has successfully held a variety of positions in the military, academia, international civil service, and the private sector. His research focuses on international policy issues in cybersecurity.

Along with his Ph.D. in Public Policy from Walden University, Dr. Newmeyer’s educational career is highlighted by his selection as an Olmsted Scholar which enabled him to earn his MA in International Relations from the Instituto Universitario Ortega y Gasset in Madrid, Spain. He holds additional degrees from Escuela Diplomática of Spain (Diplomado de Estudios Internacionales), George Mason University (MBA), and the US Naval Academy (BS)

About R.I.S.E. Webinar Series

Through its partner relationship with the DC Deputy Mayor for Planning and Economic Development and St. Elizabeth’s East, Excelsior College and its National Cybersecurity Institute propose a series of free webinars to be offered at R.I.S.E. to the general public and government employees. The programs will be offered monthly and include live streaming Q and A with industry experts and NCI fellows.

What Is Your Business Cybersecurity Score?

Posted on by Excelsior Staff

What Moody’s and Standard & Poor’s are to credit ratings of companies, companies such as  FICO and Bitsight are becoming to cyber risk ratings for companies. Businesses have relied on credit ratings to determine investment risk levels and now companies are relying on rating companies to have a standard bench mark of cyber risk.  This growth industry of raters includes a number of providers and their customers use their services in a variety of ways.

Uses of Cybersecurity Scores

Insurance companies often use cybersecurity scores to help assign risk level for cyber insurance. Potential impact: Cost for cyber insurance will likely be higher for small businesses with gaps in their cybersecurity than for companies that have strong measures in place.

Businesses use scores to rate their third party providers during selection process. Potential impact: Suppliers may lose bids not on cost or service commitments, but rather on weak cybersecurity.

Businesses use scores to monitor their third party providers’ security risk level and potential impact to them. Potential impact: Large businesses may demand stronger cybersecurity measures from its suppliers and terminate agreements with low scored providers.

Businesses use scores to monitor their competitors’ cybersecurity level. Potential impact: Businesses may find ways to leverage a competitive advantage of their strong cybersecurity v their competitors’ weaker measures.

Companies use their own score to communicate their risk level to the board of directors. Potential impact: This may provide support for cybersecurity management to get the support they need due to increased board awareness.

The Data

Data comprising the cybersecurity score is gathered from a variety of publicly accessible information sources, including:

  • Hackers’ forums and data available on the Dark Web
  • Use of multi-factor authentication by a company
  • Known vulnerabilities to a company’s network
  • Open ports to a company’s network
  • Patching practices

The risk raters also analyzing data that may flow into or out of a network to determine volume of malware, spam, or viruses that may be associated with a company’s network. The raters couple the data collected and analyzed with their proprietary predictive modeling. In some services, the data is monitoring continuously and a rating may quickly change to reflect any fluctuations. For example, if stolen data suddenly appears for sale on the Dark Web, the rating of the impacted company may be quickly decreased.

What You Can Do

If your business uses third party providers, you should think about investigating the services of scoring companies. If you are a supplier to a large company, you should consider talking to your client about how they are using cybersecurity scores for their vendors such as you. Cybersecurity is no longer a private matter within your own company. Future business deals and contracts may be won or lost on cyber security effectiveness, not just price or service levels.

Lessons Learned from the Automotive Industry’s Approach to Cybersecurity

Posted on by Excelsior Staff
Cybersecurity needs to be part of the supply chain.

The automotive industry’s cyber threat information sharing organization, Auto-ISAC, recently announced its best practices for cybersecurity measures for automobiles. The best practices are intended for all manufacturers and suppliers in the automotive industry, regardless of size. The organization states they built in flexibility for implementation by a range of companies.

Auto-ISAC is a member of the National Council of Information Sharing and Analysis Centers (ISACs). ISACs were created for various critical infrastructure industries after a presidential directive in 1998. The directive asked key critical infrastructure sectors to establish organizations that would share information about threats and vulnerabilities within their specific industry. Auto-ISAC is owned and operated by automotive manufacturers and suppliers.

The Auto-ISAC’s best practices are categorized by functions:

  • Governance
  • Risk assessment and management
  • Security by design
  • Threat detection and protection
  • Incident response
  • Awareness and training
  • Collaboration and engagement with appropriate third parties

One lesson learned from the risk assessment and management category is the acknowledgement that cybersecurity needs to be part of the supply chain. The best practices recommend including the supply chain in risk assessments as well as developing a process to confirm compliance by critical suppliers to verify security requirements, guidelines, and training. A manufacturer can’t ensure final security without including all key suppliers.

Another lesson that can be learned from the automotive industry is its recognition that cybersecurity in the industry is about safety, not a competitive advantage. The best practices call out specifically the need for sharing of information with third parties such as Auto-ISAC, peers, researchers and government agencies. Collaboration is important among stakeholders to defend against cyber-attacks.

Billington Cybersecurity, a media company that produces a variety of events on cybersecurity, hosted a conference last week for the automotive industry. The Cyber Wire covered the conference in detail and noted that the large manufacturers are taking collaboration and sharing seriously.

The conference was attended by the Department of Transportation, auto manufacturers and suppliers. Participants seem to be highly interested in how other critical industries such as aerospace and defense are handling cybersecurity. A further lesson learned for small businesses is that increasingly, industries realize cyber-attacks need to be discussed among industry players and best practices shared.

Small businesses have an opportunity in many of their industries to be part of cybersecurity conversations and industry cybersecurity initiatives. Small businesses have as much to lose in cyber-attacks as do large businesses. Small business voices should be expressed to ensure their needs are represented.

Video: Strengthening Communities by Bridging Health and Economic Development

Posted on by Mike Lesczinski

As part of the Nyquist Leadership Series, Excelsior College brought together experts from across the country for a panel discussion exploring the reciprocal relationship between health and economic development – the investment of resources into neighborhoods, buildings, and businesses – and the collective positive impact on communities. The event took place on June 7, 2016.

Panelists included Kathy M. Sheehan, City of Albany Mayor; Tray Hairston, Attorney, Butler Snow LLP; former gubernatorial counsel and policy advisor; Karen Lee, MD, MHSc, healthy built environment and health policy advisor and consultant; and, Kaitlyn W. Meirs, program associate, Robert Wood Johnson Foundation.