The CyberWire Daily Briefing 01.16.15

Cyber Trends

Ponemon Institute Survey: The Cost of Malware Containment (Damballa) The recent breaches of Target, Home Depot, JP Morgan Chase and Sony Pictures are examples of how destructive malware can be to an organization's reputation and financial stability

3 Ways Cyber Insurance Will Improve Security Performance (BitSight Security Ratings Blog) In 2014, Cyber Insurance saw record growth. In fact, in a recent white paper from Advisen, their buyer penetration index showed a five-fold increase in insurance purchases from 2006 to 2013, demonstrating that many organizations have recognized the value in outsourcing corporate cyber risk. Naysayers, however, warn that this move does not make companies more secure and allows organizations to ignore the behaviors and issues that are creating security risks in the first place

Good security is about making a cyber-attack more expensive than a break-in: Kaspersky Lab CEO (Economic Times) When hackers breached the firewalls of Sony Pictures Entertainment, they also fired a missive at corporates worldwide. Hacking is now a clear and present danger. In a chat with Corporate Dossier, Eugene Kaspersky, CEO, Kaspersky Lab, who calls cyber weapons the most dangerous innovation of this century, discusses the dark side of internet

The Top-12 Security Breach Facts Every C-Level Executive and Board Member Must Know (US Cybersecurity Magazine) Innovation, trade secrets and customer data are the lifeblood of U.S. companies and the U.S. economy. They comprise up to 80% of the current and future value of today's organizations. These critical economic engines of competitive advantage must be protected at all cost. What we learned as an industry over the past months and years must be leveraged into your next level of information protection

CIOs beef up security tools in wake of 2014 data breaches (TechTarget) What's different about security strategies in the aftermath of the 2014 data breaches? More money, more monitoring, more employee training, and that's just for starters

DDoS volumes plateau as hackers try new attack vectors: Akamai (CSO Australia) Findings by content distribution network (CDN) provider Akamai that Australia is sliding down the world's broadband rankings got widespread coverage, but Akamai's review of global security exposure has also highlighted more pressing information-security concerns in Australia and elsewhere

Verizon: Most PCI Firms Fall Out of Compliance Within One Year (Infosecurity Magazine) The majority of merchants which sign up to payment security standard PCI DSS fall out of compliance less than a year after being validated, greatly increasing their chance of falling victim to a damaging data breach, according to Verizon Enterprise Solutions

Maintaining PCI Compliance a Showstopper for Many Retailers (Verizon News Center) Initial findings from Verizon's 2015 PCI Report suggest businesses still struggle, lack of compliance linked to data breaches

Legislation, Policy and Regulation

French Rein In Speech Backing Acts of Terror (New York Times) The French authorities are moving aggressively to rein in speech supporting terrorism, employing a new law to mete out tough prison sentences in a crackdown that is stoking a free-speech debate after last week's attacks in Paris

Common Challenges for Indonesia in the Cyber Realm (Jakarta Globe) Redundant or Robust?: President's formation of the National Cyber Agency risks provoking turf war with Defense Ministry

U.K. Knots Closer Cyber Security Ties In Washington (TechCrunch) The U.K. Prime Minister David Cameron is in Washington DC this week, lobbying the U.S. President on the need for circumventing the strong encryption of Internet services

Cameron and Obama plan war games to test cyber resilience (ComputerWeekly) The UK and US have agreed to a series of simulated cyber attacks to test each other's resilience

Why North Korea Hacks (Dark Reading) The motivation behind Democratic People's Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader

Russia blocks bitcoin websites over "shadow economy" fears (Gigaom) The Russian telecommunications regulator Roskomnadzor has blocked access to five bitcoin-related websites because the cryptocurrency "contributes to the growth of the shadow economy"

3 Reasons Why David Cameron's Encryption Ban Won't Work (Computer Business Review) Cybersecurity experts lash out at the prime minister's plans against privacy

With crypto in UK crosshairs, secret US report says it’s vital (Ars Technica) Newly reported Edward Snowden document aired as UK prime minister presses US

Essential freedom is too high a price to pay for safety (Telegraph) We must not let the murder of police and civilians in France turn our heads too far towards a state in which private communication is effectively impossible

Barack Obama proposes shielding companies that share cyber threat data (Naked Security) President Obama on Tuesday proposed new cybersecurity legislation that would put cybercrime on par with racketeering and would protect companies from getting sued if they share computer threat data with the government

Sharing is caring (Economist) Barack Obama wants Congress to bolster cyber-security

Experts speak out about proposed changes to hacking law (CSO) The proposed changes to the CFAA are mixed bag of potential problems

Proposed CFAA Amendments Could Chill Security Research (Threatpost) Legitimate security researchers, from bug hunters to pen-testers, are buckled in for a bumpy ride as vague language in President Obama's proposed amendments to the Computer Fraud and Abuse Act (CFAA) is expected to be debated and sorted out as it makes its way through the legislature

Industry sources: Obama's cyber info-sharing plan falls short on liability protection (Inside Cybersecurity) Industry representatives combing through President Obama's new cybersecurity information-sharing proposal say the plan steps back from the bipartisan Senate bill produced last year and is too restrictive on liability protections for businesses

Why I Hope Congress Never Watches Blackhat (Wired) What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann's Blackhat, a crime thriller that I had the good fortune to work on as a "hacker adviser" (my actual screen credit). Today, all I'm thinking is, please, God, don't let anybody in Congress see the film

Why A Global Cybersecurity Playbook Is Critical Post-Sony (Forbes) On Tuesday, President Obama announced a series of new cybersecurity measures to improve information sharing between the private sector and government, modernize law enforcement's approach to tackle cybercrime, and require national data breach reporting

Cyberspace regulation needed to avert war following recent cyber-attacks (State Press) ISIS sympathizers successfully hacked into the U.S. Central Command Twitter account on Monday — but ISIS is not the only organization that is hacking. Its actions come in the wake of similar attacks against the U.S. institutions, such as the infamous attack on Sony by North Korea and friends late last year

Does Air-Sea Battle Have a Fatal, Cyber Flaw? (National Interest) This commentary offers clarification to the National Interest's December 8, 2014 article, "Will Air-Sea Battle Be "Sunk" by Cyberwarriors?" (Erica D. Borghard & Shawn W. Lonergan). The article presents a misunderstanding of the multiservice Air-Sea Battle Concept on two levels

US Coast Guard Addresses Maritime Cybersecurity Issues (In Homeland Security) The United States Coast Guard fielded questions from maritime security experts and officials Thursday during a Maritime Cybersecurity Standards Public Meeting held at the U.S. Department of Transportation Headquarters in Washington, D.C

Obama turns to 'name and shame' (Reuters via IT Web) The unusually destructive cyber attack on Sony Pictures Entertainment is providing an early test of a new Obama administration policy to reveal more of what it knows or suspects about hacking campaigns

Is it Possible to Ban Autonomous Weapons in Cyberwar? (Just Security) Political and technological developments have often spurred responses from international humanitarian law (IHL). We already have a good sense of the major questions on the agenda in upcoming years. Two are especially noteworthy: First, how to apply IHL to cyberwarfare? Second, how to regulate autonomous weapons systems (AWS) — including whether to create new laws regarding both domains? These two issues, more than commonly appreciated, have a direct relationship with one another, which lawyers and policymakers should acknowledge

Matthew Green on the NSA and Compromising Crypto Standards (Threatpost) Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA's "regret" for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency's influence on crypto standards and the hope for more secure standards in the future

Panel: No alternative to bulk data collection by NSA (Army Times) A committee of scientific experts has concluded that there is no viable technological alternative to bulk collection of data by the National Security Agency that allows analysts access to communications whose significance only becomes clear years later

National Academy of Sciences Releases PPD-28 Report — Bulk Collection of Signals Intelligence: Technical Options (IC on the Record) On January 17, 2014, the President, through Presidential Policy Directive 28, directed my office to assess "the feasibility of creating software that would allow the Intelligence Community more easily to conduct targeted information acquisition rather than bulk collection"

Analysis: Intel Seat Gives Turner Even More Influence (DefenseNews) House Armed Services Committee member Mike Turner has secured a seat on the Intelligence Committee, giving the Ohio Republican added influence on national security issues

Products, Services, and Solutions

How much trust can you put in Telegram messenger? (IDG via CSO) Messaging programs are a closely watched application category, with experts scrutinizing how communications are protected from government surveillance dragnets and hackers. The primary defense invariably involves encryption, but just saying an application uses encryption by no means ensures it's secure

The EFF's secure messaging scorecard. Which app will you use? (Lumension Blog) Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days — following the ghastly events in Paris — UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at least forced to contain a backdoor which the police and intelligence agencies could exploit

Endpoint security fundamentals: Comparing antimalware protection products (TechTarget) Expert Ed Tittel examines the top endpoint antimalware products for small, mid-sized, and larger enterprises

Cloud Security Vendor Centrify Adds MSP Program (CRN) Cloud security vendor Centrify has unveiled a new tier aimed at MSPs and executives say the SaaS-based identity management company is increasingly turning to system integrators and skilled security consultancies to establish a broader customer base

Privacy considerations in a cloudy world (Microsoft Cyber Trust Blog) In today's high tech world, individuals from around the globe can comment in real time on others social media posts and current events instantaneously. With just a few keystrokes, data, thoughts and ideas can reach around the globe. In this fast paced environment, consideration of what you choose to share and to whom is more important than ever. Likewise, as organizations take advantage of the scale and economies offered by cloud computing, understanding how data is managed by cloud service provider is a high priority

Northern Ireland NHS hospital trust deploys ForeScout security (ChannelBiz) Northern Trust wanted to protect 15,000 endpoints across 150 sites and get ready for the Internet of Things

FirePassword — Firefox Username & Password Recovery Tool (Kitploit) FirePassword is first ever tool (back in early 2007) released to recover the stored website login passwords from Firefox Browser

FortyCloud Joins Forces with Numergy to Address Growing Demand for Cloud Localization (The Hosting News) FortyCloud, a pioneer in network Security-as-a-Service for the cloud, today announced a partnership with Numergy, a leading public cloud services provider based in Paris. As part of the new partnership, Numergy customers can now take advantage of FortyCloud's first-of-a-kind offering that bundles all core security components (encryption, firewall, VPN, access control, identity management, etc.) into a single, integrated product delivered as Software-as-a-Service

Technologies, Techniques, and Standards

Hold data on EU citizens? Check if you'll be compliant with the new Data Protection Regulation (Naked Security) It seems like we hear about new data breaches every week. Last year we saw shops, banks, restaurants and other companies lose data on customers, not to mention an epidemic of medical data breaches

Criminals Are After Your LinkedIn Account — Here is How to Protect it (Tripwire: the State of Security) Regularly in the news we hear about organisations having their Twitter or Facebook accounts compromised by cybercriminals — but they're not the only social media outlets which hackers and fraudsters have an interest in hijacking

How a strategic approach to data will advance fraud prevention in healthcare (FierceHealthPayer) Healthcare organizations can learn from existing data, identify irregular behaviors

4 Ways to Mount a Cyber Defense in Light of the U.S. Military's Social-Media Hack (Entrepreneur) This week's hijacking of several social-media accounts run by U.S. Military Central Command underscores a powerful message: Just because it wasn't data or computer networks that were attacked doesn't mean it's not detrimental to your business

Social Engineering: How Dangerous is Your Lunch Break? (Infosec Island) Ever heard the phrase 'Loose lips sink ships?'

Marketplace

Sony hack was good news for INSURERS and INVESTORS (Register) Spilling Hollywood's secrets woke money-land to the need for intrusive oversight

P/C Insurers See Surge in Cyber Insurance, M&A Activity in 2015 (Insurance Journal) Property/casualty insurance executives overwhelmingly predict growth in both cyber insurance and merger and acquisitions (M&A) activity in 2015, according to a new Insurance Information Institute annual survey

Security firms forge alliance to fight growing cyber threat (CNBC) As companies and organizations from Sony to Centcom face growing threats from hackers, four cybersecurity firms are have joined forces to share intelligence

Will Cybersecurity Build or Buy Its Way Out of Fragmentation? (Computer Business Review) The good guys must mend the cracks in our infrastructure

The hottest executive jobs of 2015 (Fortune) What's most in demand? Cybersecurity experts and data-savvy marketers

Concerned Procera Stockholders Announces Intent to Run Dissident Slate for 2015 Annual Meeting (Herald Online) Dilip Singh, the spokesperson for a group known as "Concerned Procera Stockholders," announces the following

Sophos frames strategy to expand in Indian IT security market (InfoTech Lead) IT security company Sophos announced its multi-pronged strategy to strengthen its presence in Indian mid market

A Samsung-BlackBerry Alliance Is Highly Desirable (Seeking Alpha) Samsung will benefit a lot from owning BlackBerry. Samsung can use BlacKBerry's QNX and Elliptic Curve Cryptography assets to build the most secure Machine-to-Machine communication solutions. Samsung can outrun Google in the connected car segment if Samsung owns QNX. QNX is the leading OS in connected cars

ObserveIT Launches New Global Partner Program (Herald Online) User activity monitoring leader increases marketing support, financial incentives, and training for partners around the globe

ObserveIT Announces Addition of Worldwide Vice President of Corporate Strategy & Business Development and Regional Vice President of Sales, EMEA North (Herald Online) Company makes personnel investment in Global Partner Program

NTT Named a Challenger in 2014 Gartner Magic Quadrant for Managed Security Services, Worldwide (MarketWatch) Solutionary, an NTT Group security company NTT, +0.45% and the next-generation managed security services provider (MSSP), today announced that Gartner, Inc., a leading IT research and advisory firm, has positioned NTT in the "Challengers" Quadrant of the 2014 Magic Quadrant for Managed Security Services

Kaspersky Lab Improved Its Position as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms (Herald Online) Kaspersky Lab has been named a "Leader" in the Gartner Magic Quadrant for Endpoint Protection Platforms. The company was placed in the leader's quadrant for the fourth year in a row based on both the "completeness of vision" and "ability to execute" categories specified by Gartner experts

Bromium Appoints Robert Maus SVP of Business Development (Marketwired) Experienced technology executive drives strategic alliances and technical partnerships

Websense Names New Channel Chief, Steps Up Services, Support (CRN) Websense has established a professional services arm to deal with support issues, and named an executive from the private equity firm that acquired it in 2013 to oversee its global channel operations

Duo Security Appoints New Vice President of Worldwide Sales (Virtual Strategy Magazine) Adds West Coast sales & marketing professionals to accommodate rapid growth

Security Patches, Mitigations, and Software Updates

Google publishes third Windows 0-day vulnerability in a month (IDG via CSO) Google ignored Microsoft's calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days

Security experts weigh in on Microsoft-Google vulnerability disclosure debate (TechRepublic) Google adhered to its 90-day policy and disclosed vulnerability details about a bug in Windows the day before Microsoft was scheduled to publish the patch. Which company is right?

Cyber Attacks, Threats, and Vulnerabilities

In Wake Of Violence, France Reports Spike In Cyberattacks (Dark Reading) 19,000 French websites have been attacked since Jan. 7

New Carberp variant heads down under (Symantec Connect) Trojan.Carberp.C uses stealth tactics and seems to have a preference for Australia

KnowBe4 Says New CryptoWall 3.0 Ransomware Makes Paying Ransom "Easier" (Virtual Strategy Magazine) CryptoWall 3.0 Ransomware now comes with improved customer service

WhatsApp sees increasing complexity of spam campaigns (Help Net Security) Over the past few months, AdaptiveMobile has tracked an increase of spam complexity on messaging apps, such as WhatsApp, in the United States, Europe and India, and expects these attacks to continue through 2015

Affordable Care Act Phishing Campaign (US-CERT) US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code

Facebook users warned not to click on 'Hottest Leaked Snapchats' links (Guardian) Security firm BitDefender says posts promising saucy 'leaked' photos and videos could lead to identity fraud

The Truth About Malvertising (Dark Reading) Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats

Academia

Penn State Targeted by Constant Barrage of Cyber Security Threats (StateCollege.com) Recent headlines about the Sony hack and other cyber security issues have not escaped Penn State's attention

WPI Awarded $4.4 Million to Help Bolster the Nation's Cybersecurity Workforce (Worcester Polytechnic Institute) The university will train the next generation of domestic cybersecurity professionals to help fill a growing national demand for experts and address increasing threats to the nation's critical infrastructure

Cybersecurity training needed to raise number of skilled workers (TechTarget) A survey by ESG finds that IT has an ongoing problematic shortage of enterprise cybersecurity skills, and the problem is getting worse

Litigation, Investigation, and Enforcement

Arresting Dieudonné for "defending terrorism" is exactly what he wants (Quartz) "Je me sens Charlie Coulibaly." Translation: "I feel like Charlie Coulibaly." Infamous French comedian Dieudonné M'bala M'bala wrote these words in a puzzling Facebook post published (and since deleted) in the wake of massacres at the offices of satirical newspaper Charlie Hebdo and a kosher supermarket in the Parisian suburbs

Defense bombshell in Silk Road trial: Mt. Gox owner "set up" Ulbricht (Ars Technica) Mark Karpeles had "intimate involvement with the site," Ross Ulbricht's lawyer claims

DHS Believed Mt. Gox CEO Might Have Been Silk Road's Secret Mastermind (Wired) Long before the Department of Homeland Security set its sights on Ross Ulbricht, the agency had another surprising suspect in mind as the possible creator and administrator of the Silk Road's massive online drug market: Mark Karpeles, the chief executive of what was then the world's biggest bitcoin exchange, Mt. Gox

China's spy chief Ma Jian in corruption probe (BBC News) China has confirmed it is investigating a powerful intelligence chief, Ma Jian, for corruption

Marriott's stopped blocking your Wi-Fi hotspots (Naked Security) Marriott says it's throwing in the towel on its unsuccessful legal and PR battle to get the Federal Communications Commission (FCC) to let it block personal hotspots in its conference and convention areas

JPMorgan Asked by States for Detail on 2014 Data Breach (Bloomberg) JPMorgan Chase & Co. (JPM) was pressed for more evidence by a group of states probing a data breach that jeopardized millions of customer accounts last year, including whether any of the compromised information has been connected with fraud

UK Teen Arrested For Sony, Xbox DDoS Attacks (SecurityWeek) An 18-year-old was arrested this morning in the United Kingdom on suspicion of being involved in the distributed denial-of-service (DDoS) attacks launched against Sony's Playstation Network and Microsoft's Xbox Live over Christmas

Design and Innovation

The Ghostly Side of Bug-Hunting (The Analogies Project) I have few vices in life but there is a TV programme called "Ghost Adventures" that has really caught me and yes, I'd go as far as saying I'm a little addicted. It's a fun programme led by 'Zak', who "wants to capture on film what he once saw" — a ghost. So he and his team go to haunted locations all over the world, but mainly in America to suit the audience, in some hope of capturing evidence of ghosts. It's all scientific despite the "for entertainment only" caption at the start of the showreel

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ShmooCon (Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, January 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout the world. Privacy remains a key concern, but increasingly board members, corporate executives and risk professionals are focusing on a broader array of cyber-related risks. These include industrial espionage and various operational risks, including business interruption and contingent business interruption. Mark your diary for Advisen's 4th Annual Cyber Risk Insights Conference in London on Tues 10 Feb 2015. Graeme Newman of CFC Underwriting is the 2015 Conference Chairman. Sponsors include Swiss Re Corporate Solutions, Willis, and Epiq Systems

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity