Subscribe to RSS - SecurityNext

SecurityNext

A month of travel and education

 - 
Wednesday, February 19, 2020

February, the month of love, captures the hearts of some with flowers, chocolates and cute stuffed teddy bears, but for me, it’s travel that warms my heart and this month is shaping up to be what I call my “travel trifecta.” First it was New Orleans, now Grapevine, Texas and next is San Diego.

Having just recently returned from “N’awlins” from our show, SecurityNext, which was a huge success, I am currently in the midst of attending Milestone’s MIPS 2020, focusing on the power of open. So far, I have learned that “open” gives security integrators choices, which empowers them to create exactly what end users want when it comes to security-related installs — experiences.

“The power of open offers flexibility, choices and possibilities,” Kenneth Petersen, chief sales and marketing manager, Milestone Systems, said during his presentation at MIPS.

As MIPS concludes today, I will continue to share juicy bits of knowledge gained (For example, did you know Milestone became a seller on AWS?) on my Twitter feed @SSN_Ginger, so be sure to follow me if you aren’t already, and be on the look out for more on MIPS 2020 and Milestone in the coming weeks.

Wrapping up this week and into the weekend, I will be jet-setting off to San Diego for AMAG Technology’s 20th Security Engineering Symposium (SES) 2020. This will be a time of learning, networking, developing relationships and interacting with distinguished end users, consultants and integrators with discussions about modern technologies, trends and how the real world of security in changing.

“AMAG Technology's Security Engineering Symposium brings together our community of end-users, consultants, integrators and technology partners to network, interact and discuss the industry's latest issues and trends," AMAG Technology, Director of Business Development, Kami Dukes, told Security Systems News. "It's important for our customers and partners to attend because we learn so much more when we collaborate and work together. AMAG gets inspired to do things differently by listening to the community's interaction and feedback. Their engagement is invaluable. The event remarkably contributes to our product vision and improved solution offerings to the market. I think it's the most valuable event of the year."    

Be on the look out for “tweets de jour” from me during AMAG’s SES 2020 and if you haven’t yet booked travel to any security-related events this year, I highly encourage you to:

1. Do some research to find the perfect event that relates to you and your business.
2. Reach out to the event director with any questions or comments prior to the event.
3. Register and book travel.
4. To get the most out of your event, read my LinkedIn article about how to get the most out of a conference experience.
4. Go enjoy, network and learn!
 

TSA’s quest to merge cybersecurity and information technology

 - 
Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

9 tips to stay cyber safe while traveling

 - 
Wednesday, October 9, 2019

As October presents itself in terms of pumpkin-spiced “everything,” cooler temps, colorful leaves, National Cyber Security Awareness Month (NCSAM) (ICYMI – we are 2019 Champions) and the announcement of SecurityNext’s program, Fall is a whirlwind of excitement! This time of year also reminds me of the extensive travel that takes place to family and friends’ homes for holiday gatherings, industry conferences and other work trips, vacations and the like. And, since the world is so hyper-connected, it is critical and crucial that everyone plans for and takes cybersecurity action when traveling. 

Based on information provided by National Initiative for Cybersecurity Careers and Studies (NICCS), an online resource for cybersecurity training that connects government employees, students, educators and industry with cybersecurity training providers throughout the nation, as well as the Department of Homeland Security, and in honor of our SecurityNext conference, February 9-11, 2020 at the Royal Sonesta in NOLA, and NCSAM, here are some tips to keep yourself, family and friends safe before and during travel:

Before Travel

Update mobile software. Keep the operating system software, web browsers and apps updated will improve your device’s ability to defend against malware. Sign up for and/or turn on automatic updates; set security software to run regular scans; and use anti-virus software.

Back up information. Put contacts, financial data, photos, videos and other mobile data onto another device or external hard drive, or in the cloud. 

Keep devices under lock (and key). Lock your device when you’re not using it; it only takes a few minutes for someone to steal/destroy your data. Set devices to automatically lock after a short time; use strong PINs and passwords. (This is a cool video from HABITU8 for establishing passphrases!) 

Double your login protection. Enable multi-factor authentication (MFA) for email, banking, social media and other services that require logging in. Enable MFA on trusted mobile devices, an authenticator app or a secure token (a small physical device that you can hook onto your key ring, for example.) 

During Travel

No auto-connecting. Disable remote connectivity and Bluetooth to prevent wirelessly connecting automatically to other devices — headphones, automobile infotainment systems, etc. Be choosey when deciding which wireless and Bluetooth networks to connect to. 

Think before connecting. Before connecting to any public wireless hotspot, confirm the network name and exact login procedures with appropriate staff. Your personal hotspot is usually a safer alternative to free Wi-Fi, and only use sites that begin with “https://”.

Play hard to get with strangers. If an email looks “phishy,” do not respond or click on any links or attachments. Use the “junk” or “block” option to no longer receive messages from the sender. 

Never click and tell. Limit the type of information shared on social media and other online places. Keep your full name, address, birthday and vacation plans private, and disable location services. Before posting pictures, make sure there is nothing in it to identify your location such as an address on a building, a street sign, the name of a business, etc. 

Physically guard mobile devices. Never leave devices or components, such as USBs or external hard drives, alone and keep them secured in taxis, at airports, on airplanes and in hotel rooms, lock them up in the commonly provided safe if you don’t want to lug them around with you.

SSN unveils new conference, advisory board and look

Publication has big plans under new ownership
 - 
08/14/2019

YARMOUTH, Maine—There is a lot of excitement at Security Systems News these days as we unveil our new SecurityNext conference, our newly formed Editorial Advisory Board and a new look and refresh to our logo (see below), weekly Newswire and print publication.