Transaction Monitoring for online services – NCSC.GOV.UK – National Cyber Security Centre
Transaction Monitoring for online services – NCSC.GOV.UK National Cyber Security Centre
Tag Archive for: monitoring
NowSecure’s Brian Reed: Agencies Need Continuous Monitoring Model to Protect Mobile App Portfolios
Brian Reed, chief mobility officer at NowSecure, said government agencies should have programs in place to facilitate continuous monitoring of mobile applications to detect and address vulnerabilities that could pose security risks to employees and data.
Reed wrote that agencies should commit to ensuring the security of mobile apps and establish mission data protections and access restrictions.
He called on agencies to conduct a thorough review of employees’ access to mission-oriented apps by developing “profile differences based on levels of device control and authority versus mission requirements.”
Agencies should come up with a vetting program for mobile apps, which Reed said involves three stages. The initial stage calls for organizations to develop an inventory of all the devices and apps on the network and the second phase requires the establishment of a process for assessing new applications. The last stage focuses on continuous monitoring of every mobile app’s new version once it is launched.
“By understanding and addressing the risks associated with mobile apps, agencies can support employee productivity with mobile tools while protecting mission data on the device, in the apps and over the network,” Reed noted.
He cited NowSecure’s automated software offering and how it helps agencies perform continuous app monitoring to safeguard their app portfolios.
Missouri offers credit monitoring to teachers affected by DESE data vulnerability
Missouri is offering 12 months of free credit and identity theft monitoring to educators whose personal information could be at risk due to a vulnerability in a state website discovered last month.
At least three teachers’ Social Security numbers became vulnerable last month after data was accessed on the Department of Elementary and Secondary Education (DESE)’s website — which compiles teacher information that can be accessed by local school districts when verifying an educator’s certification. The last four digits of a person’s Social Security number can be used to identify an educator.
No misuse of information nor access to information outside of last month’s incident has been reported, according to DESE, but the option will be extended to approximately 620,000 current and former teachers whose data was included on the department’s website.
The services are expected to cost the state $800,000.
DESE and the Office of Administration Technology Services Division (OA-ITSD) will notify teachers whose information may have been at risk in the coming days.
“Educators have enough on their plates right now, and I want to apologize to them for this incident and the additional inconvenience it may cause them,” DESE Commissioner Margie Vandeven said. “It is unacceptable. The security of the data we collect is of the utmost importance to our agency. Rest assured that we are working closely with OA-ITSD to resolve this situation.”
Gov. Mike Parson said the information was accessed through a “multistep process” that decoded and converted the data. The Cole County prosecutor was notified, and the Missouri State Highway Patrol’s Digital Forensic Unit will conduct an investigation “of all of those involved.”
In a story, the St. Louis Post-Dispatch said one of its employees had “discovered the vulnerability in a web application” and notified DESE.
“The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse. A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no…
