The government is never going to fix its cybersecurity problem until it fixes its procurement problem!
Shockingly, there are no NAICS, SIC or SIN CODES for cybersecurity products on the GSA Schedule. As a California Certified Small Business owner who offers multi-factor authentication (MFA) products on the GSA Schedule, this is a serious problem.
Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to keep our nation’s electronic data secure. Current procedure involves a keyword search on the GSA Schedule. If the exact keyword is not typed or listed, no match is found. An agency’s only recourse then becomes generating expensive and time consuming RFIs, RFPs and RFQs. Cybersecurity NAICS, SIN and SIC codes are designed streamline the entire process, save money and ensure fast cybersecurity implementations. Read More→
Biometrics give a false sense of security.
On Sept 23, 2015, Office of Personnel Management (OPM) revised the number of stolen fingerprint files to 5.6 million! Why should you care?
Some security pundits believe that biometrics are far more secure than passwords. They argue that since everyone has unique identifiers like their voice, iris, face and fingerprints, why not use these to authenticate a user in to a computer network? Sounds logical and from a theoretical perspective, it’s true. But major flaws become apparent during implementation. Read More→
GSA Schedule Contract Awarded to Access Smart® to purchase of multifactor cybersecurity IT products.
Ladera Ranch, CA – June 2, 2014 – Access Smart, LLC, a leading supplier of logical access control solutions (LACS), wins a General Service Administration (GSA) schedule contract. As the US Government announces new cybersecurity regulations, Access Smart is proud that our Power LogOn® enterprise password management solution is now available to government sectors to address these regulations.
This contract will enable government agencies and the Department of Defense (DoD) procurement officials streamlined access to purchase a multi-factor authentication password manager that quickly integrates with existing CAC, PIV and CIV credentials. Power LogOn is FIPS 140-2 validated that uses AES-256 and SHA-256 encryption, password “salting” and builds upon an agency’s existing cyber infrastructure.
A cyber attack Scrooged Christmas. Treat security as a process – not as a product!
In reading articles about the resent Christmas cyber attacks, the authors’ key take away is that global companies are extremely vulnerable to cyber-attacks and data losses. Guess what, so too are the small and medium size businesses. Every business, healthcare service, government agency and educational institution is vulnerable since they all use many of the same technology components. So who’s to blame
These last few weeks I have been asking the questions: “Who do you think should be held accountable for all the cyber breaches: the Merchants or the Technology companies?” The responses have been most enlightening. Some blame the business owners, others the IT managers, some the technology companies, and some say all the above. Read More→
By Microsoft, the FBI, Europol and industry partners. It’s about Time!
In the past I have written many blogs about how software companies and OS developers need to start taking security more seriously. While Microsoft has been a focus of mine, it seems that they are finally being proactive. While there new Digital Crime Unit is important, they also need to start reworking an entirely new operating system from scratch with no backward compatibility to DOS or older versions of Windows. The Operating System should start from a security stance and then build in functionality. Plus, the rollout can be limited to get other software companies to make changes to their programs, but in five years “Patch Tuesdays” should be a footnote in history books.
The following is an excerpt from a recent Microsoft press release on ZeroAccess. Read More→