UNM4SK3D: Executive Order, Take-Two, and Facebook

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

UNM4SK3D: Executive Order, Take-Two, and Facebook

Published: February 3, 2017 | By: Olivia | Views: 1566
save

unm4sk3d_blog

#cyberpolicy

You’ve heard of the 12 days of Christmas, now post- holiday we’re looking at 60 days of cyber. An Executive Order draft reveals the White House will be calling for swift review of “national security systems” within 60 days of the order being signed. During this time, President Trump says he will “ask for an assessment based on current threats and vulnerabilities and will call for recommendations on how to incentivize the private sector to adopt effective cyber security measures.”

The document, only 6 pages long, was released by the Washington Post and is one we highly encourage you read. Many acknowledge that this draft mirrors some of former President Obama’s plans for cyber security. One White House official commented, “The changes are in management philosophy, in enterprise risk management, and modernizing federal IT.” At a high level, President Trump indicates that it will be federal government’s mission to protect not just government interests, but also the private sector.

If you’re wondering what hasn’t been included in the draft? Just a few topics, but keep in mind, it’s a ‘draft’ for a reason. Still, among the unmentioned were the FBI’s role in cyber security, whether or not election systems are considered critical infrastructure, whether or not the federal government will attempt to regulate private internet companies on cyber security issues, and net neutrality. Groups like the Electronic Privacy Information Center and the Electronic Frontier Foundation have expressed their concerns that cyber security policy lacks public participation and public oversight.

I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organization -President Trump

Policies are important, be it at an organizational level or otherwise. This video provides an Introduction to Security Policies and Procedures.

#biometrics

If I asked you if you own the rights to your face, you’d say yes, right? Think again. In a recent ruling surrounding face scanning technology, Federal judge John Koeltl of the Southern District of New York dismissed a case that’s been pending for years between siblings Ricardo and Vanessa Vigil and Gamemaker Take-Two Interactive. 

Take-Two’s MyPlayer feature of its NBA 2K15 and NBA 2K16 games allows your mug to be plastered onto the body of a famous athlete as you play, which you have to admit is pretty cool. So what’s the problem? Take-Two makes their images available, unencrypted, online, stored indefinitely and shared. What’s more so, there’s no a court injunction that would force them to stop storing your face print biometric data forever, privacy laws or no. (Face in palm, and not because you’re suddenly camera shy).

The siblings admitted in their lawsuit to giving consent to have their faces scanned in the game’s terms and conditions, but now state the company failed to meet several provisions of the Illinois Biometric Information Privacy Act. As far as we can tell, Take-Two isn’t doing anything questionable with our faceprints.  And who knew faceprints was even a word. But it’s worth questioning whether we want any prints of ours, face or otherwise, floating around in cyber space for anyone to use.

42% said they worry about not being able to access online accounts through biometric authentication in case of a malfunction -recent study by market research firm, Yougov

Maybe we can suggest a re-branding from Take-Two to Two-Faced? In the mean time, read up on biometrics, as one blogger explores ‘Biometrics: Not the Promised Silver Bullet.’

#socialnetworking

Facebook recently rolled out a new ‘Discover Friends’ feature. Essentially, it suggests  you become friends with strangers. Eerily familiar of dating apps like Tinder and Bumble. So, as if you needed another reminder that you’re single, now you have it.

The idea behind the concept is somewhat harmless, as it is meant to help people network and is a move from the ‘Big F’ to extend  into the ‘dating’ scene. It works by prompting users to craft a short bio and then when you click on an event you’ve been invited to, you’ll be shown the profiles of others who are also attending. It’s a bit creepy because you can’t choose which events your profile will show up in. You also cannot edit that bio per event. Essentially, anyone from the general public can see what events you’re attending if those events are public. (If you listen closely enough, you can hear the sound of stalkers around the world rejoicing).

In a related, but opposite spirit of security to ‘Discover Friends,’ Facebook launched an account recovery feature for other websites called Delegated Recovery, “a protocol that helps applications delegate account recovery permissions to third-party accounts controlled by the same user.” Delegated Recovery is available now to GitHub users, allowing them to set up encrypted recovery tokens for their Github accounts in advance and save it with their Facebook accounts. The process works through encrypted HTTPS Web links, so even Facebook can not read the personal data stored in that token.

The social media/privacy ropewalk also brings to light the need for awareness when it comes to ‘social engineering.’ Read Human Hacking: Social Engineering 101 for an in-depth look.

#factbyte

An average of 95 passwords are stolen per second, according to a new report from Thycotic and Cybersecurity Ventures.

#jobspotlight

The “cloud” has become an integral and important part of many organizations. Unfortunately the cloud is subject to problems that can compromise an organization’s data. This has given rise to the Cloud Security Engineers who, in addition to designing systems that use cloud resources to solve business problems, must create an architecture where data can be replicated and where effective disaster recovery strategies are in place.

An effective Cloud Security Engineer needs to have a deep understanding of the Internet’s landscape and threats; an understanding of vulnerabilities and possible attacks; hands-on experience with vulnerability scanning, firewall, antivirus, and malware analysis; an understanding of enterprise computing environments, distributed applications, and networks; and a familiarity with encryption technologies.

Interested in going down this career path? Or maybe you’re already on it and want to expand in your role. Gaining experience and certifications are an excellent resume builder.. Among the skills needed by a cloud security engineer, perhaps most important is their ability to oversee all aspects of the security environment from a cloud services perspective. That’s where Intermediate Cloud Security Micro Certification comes into play.

Those who take the Intermediate Cloud Security course can expect to identify technology enabled for securing mission critical cloud-based assets under the scope of all policies, processes and compliance considerations that go along with this increasing trend in technology adoption.

Use code OBLOG50 for half off your next micro certification. And don’t say I never gave you anything 😉

olivia2Olivia Lynch (Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Now Reading Everybody Writes: Your Go-To Guide to Creating Ridiculously Good Content by Ann Hadley

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel