Tag: approved | SpinSafe

RTK request for computer logins partially approved and denied by OOR

October 5, 2023/in Computer Security

SOMERSET ― The Pennsylvania Office of Open Records filed its determination Sept. 27 concerning a right-to-know request filed by Lester Younkin and denied by Somerset County Commissioners, giving each party a victory.

Younkin said this week he will appeal the determination.

His request, seeking certain computer log information for specified county employees, was determined as granted in part and denied in part. Granted was the county’s point that disclosure of the active directory logs is likely to pose a risk to the county’s computer security, but that access to employees’ names and login and logout times can be released under the state’s Right-to-Know Law.

However, the OOR determined the county doesn’t have those records that Younkin is asking for because the server log showing the login and logout information doesn’t exist within the county’s possession, custody or control.

“The county NEVER disputed the existence of the log. In fact, the IT director submitted an unredacted Active Directory log in their appeal in an attempt to justify why they can’t release the information,” Younkin said in an email. “The county has the information. They simply do not want to release it. The county claim that they would need to purchase software to extract the data is blatantly false.”

More: Somerset commissioners say they have no evidence employees abusing time-off policies

County solicitor Christopher Furman, on behalf of the county commissioners, issued this statement:

“On Sept. 27, 2023, the Office of Open Records issued its Final Determination in OOR Appeal No. 2023-1983, granting the appeal in part, denying it part. The request was for daily computer and Exchange server login and logout times for certain personnel. Because the county does not use an Exchange server, that part of the appeal was denied. Regarding the computer login information, the county’s software is not currently capable of producing the requested information without producing certain other information embedded with it that, if disclosed, would pose a risk to the county’s computer security. Put simply, to provide the requested data, the county will need different software. Because Section 1307(g) of the RTKL provides…

Source…

San Diego City College approved to offer a bachelor’s degree

January 24, 2023/in Computer Security

Students at San Diego City College now have the opportunity to earn a four-year degree for the first time in the school’s 108-year history.

The California Community Colleges Board of Governors approved San Diego City College’s full bachelor’s degree in cyber defense and analysis.

Students at the downtown campus can start applying for the program this fall, with classes expected to begin in August 2024.

The new degree will mean a more affordable education for those who need it most.

“Many of these programs in the upper division courses are at capacity, and students are turned away. This is just something we hope will level the playing field for students that are less advantaged than others,” said David Kennemer, Associate Professor of Computer Information Systems at City College.

The downtown college becomes the second campus in the San Diego Community College District to offer a baccalaureate program.

San Diego Mesa College was among the first community colleges in California to offer a baccalaureate program, after the Board of Governors approved Mesa’s bachelor’s degree in Health Information Management in 2015, as part of a pilot program.

Miramar College administrators have submitted a proposal for a bachelor’s degree program in Public Safety Management.

“This is extremely significant for California, for social justice and equity,” said Kennemer, who has taught in the computer science department for more than seven years. “(It) helps students who would never even have the opportunity to get into a traditional university. Now they do,” Kennemer continued.

The average pay for cyber security analysts in San Diego County reached $111,590 annually as recently as May of 2021, with related jobs offering similar pay.

Those statistics are according to the U.S. Bureau of Labor Statistics.

Source…

NIS2 cyber laws approved by EU legislators

November 29, 2022/in Computer Security

NIS2 builds on the original NIS Directive which took effect in the EU in 2018. It is broader in its scope than the original directive, meaning more organisations across both the public and private sectors will be subject to cybersecurity risk management and incident reporting obligations than before.

Businesses across sectors such as energy, transport, health, and digital infrastructure, as well as waste management, chemicals, food, and manufacturers such as those in the automotive and medical device markets, are among those that will be impacted by the legislation.

Stuart Davey, cyber expert at Pinsent Masons, said: “Whilst member states have 21 months in which to implement NIS2 in their jurisdictions, organisations may wish to make an early start on working on their NIS2 compliance programmes, particularly those in sectors not previously caught by similar cybersecurity regimes.”

Organisations subject to the NIS2 regime will be obliged to “take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services”.

Specific cybersecurity measures endorsed in the legislation include policies on risk analysis and information system security, those regarding incident handling, access control policies and the use of multi-factors authentication or continuous authentication solutions. Supply chain security must also be considered, including the vulnerabilities “specific to each direct supplier and service provider” as well as “the overall quality of products and cybersecurity practices of their suppliers and service providers, including their secure development procedures”.

The precise cybersecurity measures each organisation must implement to comply with their legal obligations under NIS2 will depend on factors such as their size, exposure to risk, the likelihood of occurrence of incidents and their severity, and the availability and cost of implementing technology or international…

Source…

OPM hack $63M settlement approved by federal judge

October 18, 2022/in Computer Security

Written by

John Hewitt Jones
Oct 17, 2022 | FEDSCOOP

A federal judge has given final approval for a proposed $63 million settlement to bring to an end a class action lawsuit brought over the Office of Personnel Management data breaches in 2015.

U.S. district judge Amy Berman Jackson in a hearing on Oct. 14 said the agreed-upon figure was fair and gave approval for the settlement to proceed.

Judge Jackson in June gave preliminary approval for the settlement to proceed, and at the time described the terms as “fair, reasonable, and adequate, and in the best interest of named plaintiffs and class members.”

Most class action lawsuits involve a fairness hearing, during which the judge will consider whether the proposed settlement figure is “fair, reasonable and adequate”, and hear any objections.

Following the final fairness hearing, prospective participants will still have until Dec. 23 to join the lawsuit, after which the validity of each claim will be assessed. Assuming there are no appeals, payouts to claimants are expected to take place in the first or second quarter of next year.

Under terms of the settlement, each claimant is entitled to a minimum of $700 per claim, up to a maximum of $10,000 per claim.

Speaking with FedScoop, attorney for the plaintiffs Jordan Elias said: “It was a challenging case with a lot of pitfalls, so we were pleased we were able to negotiate the case outcome without major objections.”

Elias added that the negotiations took over two years and had been complicated by factors including the COVID-19 pandemic.

In 2015, OPM announced it was hit with a series of intrusions understood to be linked to two Chinese government-sponsored groups, which resulted in the compromise of personal information of around 22 million individuals.

A subsequent report by the House Committee on Oversight and Reform found that the earliest known data breach at the agency came in November 2013 but was not detected for years until a private cybersecurity firm was brought in to run forensics.

Before that, malware was found to be lurking on the…

Source…

Tag Archive for: approved