Guidelines for Secure Use of Social Media by Federal Departments and Agencies, v1.0

November 30, 2009

Risks

Federal Government information systems are targeted by persistent, pervasive, aggressive threats.

In order to defend against rapidly evolving social media threats, departments and agencies should include a multi-layered approach in a risk management program, including risks to the individual, risks to the department or agency, and risks to the federal infrastructure.

Social media technologies such as Wikis, Blogs, and social networks are vulnerable to the following methods/techniques of cyber attacks: Spear phishing, Social Engineering, and Web Application Attacks

The Threat

Federal Government information systems are targeted by persistent, pervasive, aggressive threats. This is well known and documented, as stated in May of 2009 by Margaret Graves, Acting CIO for the Department of Homeland Security.

Recommendations

The following are a series of strategies and recommendations for federal departments, agencies, and policy makers to minimize risk.

Policy Controls

The safe use of social media is fundamentally a behavioral issue, not a technology issue.

Policy addressing behavior associated with protecting data would likely cover current social media technologies as well as future technologies. Policies for Web 2.0 technologies, blogs, wikis, social media sites, mash-ups, cloud computing, Web 3.0, outsourced e-mail, and other new technologies will remain extensible and applicable.

Acquisition Controls

When Federal agencies use hosted information systems, such as social media websites, they must have some level of risk management, mitigation, and acceptance of residual risk.

Most social media websites have a service subscription model that provides additional capabilities, or may be able to provide federal agencies with additional capabilities for a fee. This has already been demonstrated through modifications to Terms of Service (TOS) agreements by GSA.

http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf


First anniversary of the 26/11 attacks, Indians mourned the martyrs

November 26, 2009

http://www.natgeotv.co.in/Programmes/Main.aspx?Id=449


Sarbanes-Oxley Act & Section 302,404,409

November 25, 2009

The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting Reform and Investor Protection Act of 2002 is mandatory. ALL organizations, large and small, MUST comply.

Section 302

Corporate responsibility for Financial Activities

Public Company Officers must certify the accuracy of financial statements and must certify that statements fairly present the operations and financialcondition of the issuer.

It also requires material information that is used to generate reports be retained and made available to the public.

It Affects

This directly affects the IT and security departments because it is
primarily IT systems that generate these periodic reports and which control e-mail, the main method of communication within most organizations.

Section 404

Management Assessment of Internal Controls

Section 404 is the most pertinent section within SOX to issues surrounding information security. It addresses the necessity of corporate management to be fully accountable for the integrity of all data associated with their financials.

It states that management teams of public companies must establish and maintain adequate “Internal Controls” over their financial reporting systems to safeguard against unauthorized and improper use of financial information.

Internal Controls are defined as “all control methods a company uses to prevent, detect and correct errors and frauds that might get into financial statements”.

Section 409

Real Time Issuer Disclosure

Public Companies must be aware of, and declare, changes in their financial conditions or operations within 48 hours of material events.  All events which could affect a company’s finances, stock price or intellectual property (among otherthings) must be captured, documented with a process that can be audited and reported in a rapid fashion.

This includes operational risk with IT systems such as:

• Major or extended system outages
• Loss of critical data
• Security breaches
• Intellectual Property and Digital Rights Management issues
• Major computer virus and worm attacks


Pratibha Patil : First woman president to fly in a Sukhoi snaps taken from TV

November 25, 2009

Pratibha Patil : First woman president to fly in a Sukhoi snaps taken from TV


Pratibha Patil : First woman president to fly in a Sukhoi

November 25, 2009

Pratibha Patil is making history by becoming the first woman president to fly in a Sukhoi. 74-year-old Patil, who’s in a G-suit, will fly for 30 minutes from the IAF base at Lohegaon in Pune. Two Sukhois will escort the President’s flight


US Visa Types for Temporary Visitors

November 23, 2009

Check out the types of  Visa for Temporary Visitors into US

*What the abbreviations (above) mean:
Before applying for a visa at a U.S. Embassy abroad the following is required:
DOL = The U.S. employer must obtain foreign labor certification from the U.S. Department of Labor, prior to filing a petition with USCIS.
USCIS = DHS, United States Citizenship and Immigration Services (USCIS) must approve a petition, filed by the U.S. employer (or U.S. citizen, for fiancé petitions)
SEVIS = Program approval entered in the Student and Exchange Visitor Information System (SEVIS)
(NA) = Not Applicable – Means that additional approval by other government agencies is not required prior to applying for a visa at the U.S. Embassy abroad.

Source: http://travel.state.gov/visa/temp/types/types_1286.html


Fastest Growing Energy Companies in Asia & US : Platts report

November 23, 2009

As per the Platts report

“Asian companies made up more than 20% of the 50 fastest growing companies list, and also took 30% of the top 10 places in the Refining & Marketing category. Reliance Industries and Indian Oil Corporation were first and second, with TonenGeneral Sekiyu of Japan third.”