Government boosting IT system after breach
The following was posted by the Nation News on March 11th, 2022 [The] Government was forced to shut down its entire information technology (IT) platform yesterday after ransomware found its way through several vulnerable holes in the system. Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organisation’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyse an entire organisation. The ransomware that attacked yesterday forced the Ministry of Innovation, Science and Technology to take its overall Internet service offline so the issues could be identified. In an interview with the Weekend Nation even as a special team was still investigating the matter yesterday, Minister of Innovation, Science and Technology Davidson…
Cybersecurity Framework Profile for Ransomware Risk Management
NIST’s National Cybersecurity Center of Excellence (NCCoE) has released the NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware can disrupt or halt organizations’ operations. This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events. https://csrc.nist.gov/publications/detail/nistir/8374/final
The Metaverse – A Safe Space(?)
At the February 2022 Chapter Meeting of the ISSA Barbados Chapter, we had a presentation titled, “The Metaverse – A Safe Space(?)” was by Christopher Derrell Jnr. Chris (aka Chris Jnr/CJ/upgraded Chris 2.0) is an award-winning software developer who manages UX, architecture, and development to create practical and aesthetic websites. He has 7 years of experience in Software Development and holds a Bachelor of Science (Hons.) in Computer Science and Economics from the University of the West Indies (UWI), Mona. He leads a team of web developers at Adtelligent, and also co-leads Youth Can Do IT, a social enterprise teaching youth the power of data and code. You can view the recording of his presentation below or on YouTube. We’d like to once again thank Chris for agreeing to present and engage with us for our discussion.
Operationalizing the Jamaica Data Protection Act: A Conversation with the Information Commissioner
Symptai Consulting Limited hosted a webinar with Jamaica’s Information Commissioner (equivalent to the role of Data Protection Commissioner under GDPR) for a very engaging conversation around the impact of the Jamaica Data Protection Act which came into effect on December 1, 2021. This marked the start of a 2 year transition period within which Data Controllers must familiarise themselves with the Act, their role and enforce practices that ensure compliance. You can view the recording of the webinar below or read a summy of the Act here.
Dear HR . . . Does data protection law affect my role in HR?
The February 9th, 2022 issue of Barbados Today had a column that discussed the impact of the Barbados Data Protection Act on HR personnel, titled “Dear HR . . . Does data protection law affect my role in HR?“. The article explained why data protection is important, outlines the role of data controllers, how HR staff are impacted and key components of the Act. You can read the entire article here.
Ethical hackers face tough sanction
Ethical hackers who find vulnerabilities on government or private websites in Jamaica could face a $3-million fine and three-year prison sentence if a provision in the Cybercrimes Act, 2015, remains and receives the nod from Parliament. That threat could penalise actors such as Zack Whittaker, the security editor at American online newspaper TechCrunch who, last February, revealed that a cloud-storage server with uploaded documents had been left unprotected on the JamCOVID website. Read the full article here.
NIST Updates Security and Privacy Control Assessment Procedures
The National Institute of Standards and Technology (NIST) has published an update to its SP 800-53A standard, “Assessing Security and Privacy Controls in Information Systems and Organizations.” The publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments, and can be tailored to the needs of organizations and assessors. SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework. The revision includes new assessment procedures that address newly added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5. SP…