For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

1. Tech Update Summary
April 2016
Blue Mountain Data Systems

3. For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

4. For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for April 2016. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

5. Databases

6. Databases & Storage
RANSOMWARE: Why Hospitals Are the Perfect Targets for Ransomware.
Ransomware has been an Internet scourge for more than a decade, but only
recently has it made mainstream media headlines. That’s primarily due to a new
trend in ransomware attacks: the targeting of hospitals and other healthcare
facilities. The malware works by locking your computer to prevent you from
accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are
the perfect mark for this kind of extortion because they provide critical care and
rely on up-to-date information from patient records. Without quick access to
databases that hold drug histories, surgery directives and other information,
patient care can get delayed or halted, which makes hospitals more likely to pay a
ransom rather than risk delays that could result in death and lawsuits. Read more
[WIRED.COM]

7. Databases & Storage
TO SQL OR NoSQL? That’s the Database Question. Poke around the infrastructure
of any startup website or mobile app these days, and you’re bound to find
something other than a relational database doing much of the heavy lifting. Today,
the database landscape continues to become increasingly complicated. The usual
SQL suspects—SQL Server-Oracle-DB2-Postgres, et al.—aren’t handling this new
world on their own, and some say they can’t. But the division between SQL and
NoSQL is increasingly fuzzy, especially as database developers integrate the
technologies together and add bits of one to the other. Read more
[ARSTECHNICA.COM]

8. Databases & Storage
SECURITY: Data and Identity: Two New Security Perimeters. It’s clear that
organizations embracing new cloud and mobile infrastructure have less control of
some IT assets than they did in the past. What does this mean for security of your
data? Read more
[NETWORKWORLD.COM]
HYBRID CLOUD: The 5 Phases of Overcoming Hybrid Cloud Data Integration. An
effect hybrid integration strategy can be broken down into five phases, each with
its own level of complexity. Phase 1: Replicating SaaS apps to on-premise
databases. The first stage in developing a hybrid integration platform is to replicate
SaaS applications to on-premises databases. Companies in this stage typically
either need analytics on some of the business-critical information contained in
their SaaS apps, or they are sending SaaS data to a staging database so that it can
be picked up by other on-premise apps. Read more
[INFORMATION-AGE.COM]

9. Databases & Storage
SECURITY: DB Networks Launches Real-Time Database Security Sensor. By
integrating this sensor into their products, security OEMs provide their customers
with more usage detail and metrics from data-tier cyber-threats. Read the rest
[EWEEK.COM]
MongoDB: Security, and How Not to Get Stung. Recently, Microsoft got roundly
savaged for a database security leak. In the back and forth, MongoDB’s database
security got caught in the crossfire. Find out why MongoDB was mistakenly
blamed. Read more
[DZONE.COM]

10. Databases & Storage
DATA PROTECTION: Safeguarding Databases Against Insider Threats. While
phishing, malware, distributed denial-of-service (DDoS) and similar types of
external threats rightfully receive significant attention from organizations, they
only represent one aspect of the threat equation. Insider threats are the other
piece of this puzzle and can be equally damaging. Read more
[SECURITYINTELLIGENCE.COM]
HOMELAND SECURITY: Visa Waiver Program Now Includes Daily Database Check. A
change to how Customs and Border Protection vets applicants for the Visa Waiver
Program is helping prevent a potential blind spot in the process, the agency’s chief
told a House panel on March 1. Read more
[FCW.COM]

11. Databases & Storage
SPECIALIZED SEARCH DATABASES: Sorting Through the Crowded Specialized
Database Toolbox. With so many choices today, matching database to need isn’t
getting any easier. The database landscape is increasingly complicated. As of April,
Solid IT’s DB-Engines initiative was tracking 303 separate relational and non-
relational databases. Read more
[ARSTECHNICA.COM]
GOOGLE: Shuts Out Competitors on Android? Hardly. One of the persistent
tragedies of Android, Google’s globe-conquering mobile operating system, is that it
continues to be better in theory than in reality. Read the rest
[NYTIMES.COM]

12. Databases & Storage
SECURITY: From Encrypted Drives To Amazon’s Cloud — The Amazing Flight Of The
Panama Papers. The firm ran a three-month old version of WordPress for its main
site, known to contain some vulnerabilities, but more worrisome was that,
according to Internet records, its portal used by customers to access sensitive data
was most likely run on a three-year-old version of Drupal, 7.23. That platform has
at least 25 known vulnerabilities at the time of writing, two of which could have
been used by a hacker to upload their own code to the server and start hoovering
up data. Back in 2014, Drupal warned of a swathe of attacks on websites based on
its code, telling users that anyone running anything below version 7.32 within
seven hours of its release should have assumed they’d been hacked. Read more
[FORBES.COM]

13. Databases & Storage
ELASTICSEARCH: Elastic Gives Search Engine a Graph Option. Elastic has
announced that it has added a graph query engine to the Elasticsearch engine.
Users now have the option of using their search indexes as the basis for conducting
graph analyses. The new option will make it relatively easy for customers to
conduct big data analysis for use cases such as fraud detection and product
recommendations. Find out more
[DATANAMI.COM]

14. More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

15. Security Patches

16. Security Patches
MICROSOFT: Microsoft Rated 6 of 13 Security Updates as Critical, Badlock Bug Fix
Rated Important. Microsoft released 13 security updates, including patches for
zero-days. The patch for the Badlock bug is among those rated only as important.
Read the rest
[NETWORKWORLD.COM]
ANDROID: Keeping Up With Android Security Patches. When did Google start
rolling out monthly security patches for Nexus tablets, and what do these fix? Read
more
[NYTIMES.COM]

17. Security Patches
JAVA: Three-year-old IBM Patch for Critical Java Flaw is Broken. Attackers can
easily bypass the patch to exploit a vulnerability that allows them to escape from
the Java security sandbox. Read more
[CIO.COM]
ADOBE: Adobe Patches Flash Bug That’s Being Exploited to Install Ransomware.
“Actively exploited” critical flaw has been in wild for more than a week. Read
more
[ARSTECHNICA.COM]

18. Penetration Testing

19. Penetration Testing
REGULAR CHECKUPS: Pentesting-as-a-Service. Ten years ago, penetration testing
was viewed as a luxury service, typically aimed at ensuring that companies’ network
perimeters were secured against malicious external attacks. More recently, we have
seen the emergence of vulnerability scanning software, an automated way to
perform more frequent vulnerability testing, but not to the level of rigour the
company would receive from a penetration test performed by a security expert.
Read more
[INFOSECURITY-MAGAZINE.COM]
THINK TANK: Penetration Testing Still Relevant, but Approach Needs to Change.
How can an organization ensure it gets value from penetration and security testing
services? Security managers need permission from their respective companies to
test live networks, and they need the right pen testing tools for the job. Read more
[COMPUTERWEEKLY.COM]

20. Penetration Testing
HOW: A White Hat Hacker Breaks Into a Business. A pen tester talks through how to
break into a company. Read more
[NEWSWEEK.COM]
PENTAGON: Sees White Hat Hackers as Low-Cost Penetration Testers. The Defense
Department announced it would be launching the federal government’s first-ever
"bug bounty," banking on the idea that there’s a nascent community of white hat
hackers that’s been itching to help the Pentagon with its cybersecurity challenges
but hasn’t been able to until now. Read more
[FEDERALNEWSRADIO.COM]

21. IT Management

22. IT Management
SURVEY: 8 Project Management Skills in High Demand. By 2020, reports
estimate that there will 700,000 new project management jobs in the United
States. Do you have what employers will be looking for? Read more
[CIO.COM]
STATE & LOCAL GOVERNMENT: State and Local IT Departments Reorganize for
Innovation. In a bid to shake things up and better serve residents, Massachusetts
and Seattle have restructured, consolidated and reengineered their IT teams.
Read the rest
[STATETECHMAGAZINE.COM]

23. IT Management
STAFFING: Tackling the Government’s Tech Worker Shortage. Richard Spires,
former DHS CIO, is on a mission to help cultivate tech talent. Whether it is
developing the employees they have, recruiting talented outsiders or finding
contracting companies with first-rate professionals, organizations, including
government agencies such as DHS, struggle to maintain a workforce with the
proper skills. This is particularly difficult in the technology area, as approximately
500,000 of the nation’s 5.5 million unfilled jobs are in IT. Read more
[FEDTECHMAGAZINE.COM]
LEADERSHIP: Tackling Gender Bias In Tech And Beyond: Evolving Towards
Equality. Gender bias (both conscious and unconscious) remains a critical
problem in today’s workforce, especially in tech, with many complex influences
and factors sustaining the problem. While hundreds of experts and business and
HR leaders have shared their suggested strategies, solutions and approaches to
this serious challenge, the needle has been slow to move. Read more
[FORBES.COM]

24. For the CIO, CTO & CISO

25. For the CIO, CTO & CISO
CTO: Greg Godbout to Leave EPA. The former executive director of GSA’s 18F tiger
team will join Danish tech company cBrain as it looks to make its mark on the U.S.
market. Read more
[FEDSCOOP.COM]
CIO: CIOs, CMOs Share Tips for Successful Partnerships. The importance of
technology in marketing continues to grow, and the stakes for those leading the
charge to a digital transformation have never been higher. Savvy CIOs can turn the
challenge into an opportunity and make their roles indispensable to the business.
Read the rest
[CIO.COM]

26. For the CIO, CTO & CISO
CISO: What Agency Security Chiefs Want from the Federal CISO. Federal security
chiefs don’t want a boss in the new federal chief information security officer.
Instead, they want someone who is willing to collaborate, build on the ideas they’ve
been developing and give them more of a voice in federal policy circles. Read more
[FCW.COM]
CSO: Two Perspectives on Social Media for Security Leaders. Brian Reed and Ian
Amit from ZeroFox blend two unique perspectives and experience on social media
into an action plan for security leaders. Read more
[CSOONLINE.COM]

27. Application Development

28. Application Development
STRATEGY: Choosing Your Application Development Strategy. Which is more
effective: the top-down or bottom-up application strategy? Discover why choosing
one requires an in-depth understanding of application requirements. Read the rest
[SEARCHSOA.TECHTARGET.COM]
CLOUD: Why Amazon and OpenStack Continue to Thrive in a Complex Cloud World.
Amazon announcing AWS hitting a $10B annual run rate and OpenStack’s 13th
release—lead some to wonder who is winning. Both are. Read more
[EWEEK.COM]

29. Application Development
MICROSOFT: Power BI Hits 5M Subscribers, Adds Deeper Excel Integration.
Microsoft has a ton of new features planned for its cloud-based BI service.
Microsoft’s cloud-based business intelligence service is celebrating a major user
growth milestone with a handful of new features, including the ability to import
data from an Excel spreadsheet and turn it into live-updating charts and graphs.
Power BI now has more than 5 million subscribers, who are using the service to
take in business data and create dashboards they can use to better understand
their businesses. Subscribers will be able to use an Excel connector to easily “pin”
live-updating data from the Excel desktop app to a Power BI dashboard. Both that
feature, and one that allows users to analyze data from Power BI in Excel, were
previously available for beta testing and are now generally available. Read more
[PCWORLD.COM]

30. Application Development
NODE.js: Top Reasons to Use Node.js for Web Application Development. There are
many reasons why developers (regardless of experience level) should use Node.js
for web application development, starting with its speed and ending with its
proficiency at multi-user, real-time web applications. Not to mention that three
years ago Nodejitsu reached out to the npm community for help running the public
npm servers and raised over $300,000 for the project, proving that the community
is both active and generous. Read more
[JAXENTER.COM]

31. BYOD

32. BYOD
PRODUCTIVITY: BYOD Brings Greater Productivity – as Well as Security Issues. The
bring-your-own-device (BYOD) trend continues to be perplexing for many
enterprises. It holds the promise of greater employee productivity and mobility, but
also comes with its share of security problems. Past studies and surveys note the
benefits and challenges of BYOD, but also stress the need for businesses to adopt
policies to manage and secure the devices coming onto the network. Read the rest
[EWEEK.COM]
CLOUD: Shadow IT and Other Cloud Excuses. In an age of bring your own device
(BYOD) to work, those in charge must take charge. They must balance their
employees’ use of self-selected technology and/or their self-deployment of
commercially available cloud services with senior managements’ lack of direction.
Unfortunately in many large entities those with initiative are viewed as rogue
“shadow IT” users who detract from the mission, not as innovative, clever individuals
who optimize off-the-shelf solutions to soldier on.
Read more
[FEDERALNEWSRADIO.COM]

33. BYOD
MOBILITY: Seattle Retools Its Technology to Attract Younger Workers. As baby
boomers retire from public-sector IT departments, state and local governments are
revamping their technology to attract a millennial workforce. Whether tablets and
smartphones arrive in offices through bring-your-own-device (BYOD) initiatives or
government-procurements, their expanded use heightens the need for optimized
software, appropriate security and precise use policies. Read more
[STATETECHMAGAZINE.COM]
SECURITY: 7 Potential Security Concerns for Wearables. Is your organization safe
from all these connected devices? Wearables are rapidly invading the workplace in
much the same way that smartphones did. Fitness trackers, smartwatches, head-
mounted displays and other new form factors are beginning to capture the public
imagination. Sales of wearable electronic devices topped 232 million in 2015, and
Gartner forecasts they’ll rise 18.4% this year, when another 274.6 million devices are
sold.
Read more
[NETWORKWORLD.COM]

34. Big Data

35. Big Data
GOVERNMENT: Why Big Data Needs a Soul. “Data is a story with soul,” said Dr.
Kristen Honey, a policy advisor in the White House’s Office of Science and
Technology Policy. Honey, who appeared with a number of other experts on an April
22 AFFIRM panel on taming the explosion of government data, was quoting author
and storyteller Brene Brown. But she and other panelists said much the same thing,
stressing that the most effective tool for dealing with the oceans of data generated
by federal agencies isn’t technological, but human. Read more
[FCW.COM]
ENTERPRISE: Flexing the Muscles of Big Data. When the term ‘big data’ gets
mentioned, what springs to mind? Massive databases? Hadoop clusters? Business
analytics engines? How about data aggregation systems, filters, metadata creation
systems, indexers, results renderers and reporting systems? All of these should be
part of a big data strategy and require different resources at different times. Read
the rest
[ZDNET.COM]

36. Big Data
MICROSOFT: Integrating Big Data and SQL Server 2016. Many Big Data projects are
implemented using systems like Microsoft’s HDInsight or Hadoop. That said, these
Big Data systems usually need to be integrated with existing data from relational
databases or data warehouses. That’s where SQL Server 2016’s PolyBase feature
comes into play. Find out more
[SQLMAG.COM]
FORRESTER: Start One Of These Two Big Data Businesses. Big data has gotten a lot
of attention from the media and investors, but the segment is broad and
complicated. If someone is interested in starting a big data business, where should
they focus their efforts? Forrester Research principal analyst Mike Gualtieri offered
CRNtv two tips on what’s growing in the big data market today. Read more
[CRN.COM]

37. Project Management

38. Project Management
INTERVIEW SKILLS: 12 Questions Project Managers Should Be Prepared for in a Job
Interview. Project management job interviews can be more stressful than the new
job itself. Most candidates expect to talk about their strengths, weaknesses, skills
and methodology as a PM. But to truly be prepared when walking into that next PM
interview, be ready to answer these difficult questions. Read more
[CIO.COM]
SURVEY: The High Cost of Low Performance. Organizations waste US$122 million
for every US$1 billion invested due to poor project performance – a 12 percent
increase over last year. That’s the finding of the 2016 Pulse of the Profession®,
which reveals an imperative to strengthen the conversation around the benefits of
project management. Download the report now. Read more
[PMI.ORG]

39. Project Management
ORGANIZATIONAL STRUCTURE: Top-Down Solutions Like Holacracy Won’t Fix
Bureaucracy. For all its enemies, bureaucracy is amazingly resilient. Since 1983, the
number of managers, supervisors, and support staff employed in the U.S. economy
has nearly doubled, while employment in other occupations has grown by less than
40%, according to our analysis of data from the Bureau of Labor Statistics. That
makes bureaucracy the organizational equivalent of kudzu, the invasive, herbicide-
resistant vine that has overrun thousands of acres of woodland in the American
south. Why is bureaucracy so difficult to eradicate? Read more
[HBR.ORG]
INNOVATION: To Increase Innovation: Help Your Team Take Smarter Risks. Most
senior managers agree that taking risks is important for innovation, but in far too
many cases, they don’t act like they believe this. How can you break out of this
mode and create an environment that is more conducive to innovation? One of the
starting points is to be more explicit about what risk-taking really means, and what
is acceptable and what is not. Here are four tactics for doing this. Read more
[FORBES.COM]

40. Open Source

41. Open Source
ENTERPRISE APPS: Open Source Code is Common, Potentially Dangerous, in
Enterprise Apps. The Open Source Vulnerability Database shut down this week posed
yet another security challenge for developers who routinely inject massive amounts
of free off-the-shelf code into new software. As the name suggests, OSVD was a
resource where non-commercial developers could look – free – for patches to known
vulnerabilities. Without it, other vulnerability repositories remain, but its closure
points up one of the problems with how open source code is used, particularly in
enterprise development: often once it’s incorporated into apps, it might never be
updated to fix vulnerabilities that are discovered later. Read more
[NETWORKWORLD.COM]

42. Open Source
DHS: Warns on Cyber Risks of Open Source. The Department of Homeland Security
has suggested striking significant passages from a draft White House policy on open
software out of concern that baring too much source code will increase the
government’s vulnerability to hacking. Read the rest
[FCW.COM]
NEW BROWSER: The Young Vivaldi Browser is Taking Its Cues from the Community.
Vivaldi is a new browser, powered by libraries from more than 100 different open
source projects, and growing in popularity. Here’s an interview with Ruarí Ødegaard,
a QA engineer for Vivaldi, the company behind the browser, which was created by
the former CEO and co-founder of Opera, Jon von Tetzchner. Read more
[OPENSOURCE.COM]

43. Open Source
GOOGLE: Google Open Source Hybrid Cloud Gets New OpenStack Backup Driver. The
Cinder driver, which allows Google Cloud Platform to be used as a backup target by
OpenStack, is an important addition to the company’s hybrid cloud. Read more
[INFOWORLD.COM]

44. Digital Government

45. Digital Government
INDUSTRY PERSPECTIVE: Creating a Viable Path to Becoming a Digital Government.
An analog-digital hybrid approach can benefit government workforces that require
mobility to do their jobs. As today’s citizens demand just-in-time and seamless
access to government services, the central question of, “Why can’t government
services be accessed and processed from an app?” is no longer an aspiration. It’s
happening now. The challenge for public-sector leaders has now evolved and
centers on how to quickly apply digital approaches to government – with the end
game of enhancing the citizen experience. Read more
[GOVTECH.COM]

46. Digital Government
FED TECH: When it Comes to Engagement With Citizens, the Government Is Finally
Paying Attention. There is an old saying in retail marketing that “the customer is
always right.” Unfortunately, over the past few decades it has been hard for the
public sector to follow that adage. The acceleration of technological changes in how
the private sector delivers goods and services has raised expectations among
citizens that government agencies can do the same – or even find ways to do better.
In order to meet these expectations, it has become clear that government agencies
must adapt to a cultural shift. Read the rest
[NEXTGOV.COM]

47. Digital Government
ENCRYPTION FIGHT: How Many Times Can The Government Cry Wolf? In two
separate high-profile cases the government pushed hard to compel Apple to hack
into iPhones – then gave up at the last minute. Some have speculated that the two
cases are part of a larger plan. Find out more
[FASTCOMPANY.COM]
MICROSOFT: Sues Over the Right to Inform Customers of U.S. Gov’t Spying.
Microsoft is suing the U.S. government for the right to inform its customers when
the authorities are searching their emails. The lawsuit pertains to the U.S.
government accessing remote data in the cloud, stored on Microsoft’s servers. Read
more
[DIGITALTRENDS.COM]

48. For the CTO, CIO & CISO

49. For the CTO, CIO & CISO
CIO: Why Change Initiatives Fail. Creating the right conditions for successful change
requires putting people before things. Many companies want to change and
transform (especially when facing digital disruption from competitors). Yet a
majority of change efforts fail – one famous and oft-cited study pegged the rate of
failure at 70%. Read more
[CIO.COM]
CTO: Maker Movement at Center of HHS’ Innovative Strategy. Like the emergence of
open health data movement, CTO Susannah Fox sees the maker and inventor
movements as the future of innovation around health care at HHS. .Read more
[FEDSCOOP.COM]

50. For the CTO, CIO & CISO
CISO: Survey Roundup: Feeling Better With a CISO. A survey of around 200
security analysts by ThreatTrack Security found, for those organizations that have
a chief information security officer, 23% said it’s become easier to defend against
malware-based cyberattacks in the past year versus 15% of respondents from
companies without a CISO who said that. Ninety-four percent of those at a
company with a CISO said they also have a dedicated incident response team,
compared with 48% for those at a business without a CISO. And 71% at CISO
companies said they would personally guarantee the safety of customer data in
2016, versus 42% of those at a non-CISO firm who would make that promise.
Read more
[BLOGS.WSJ.COM]

51. For the CTO, CIO & CISO
CIO: How to Conquer Recruiting, Retention and IT Skills Challenges. Experts in the
technology industry look at the year ahead and what it holds for recruitment and
retention. They also identify what tech skills will top the charts. Read the rest
[CIO.COM]
CTO: ‘Corporate’ IT Teams Can Hamper Agile Projects, Warns William Hill CTO.
“Corporate” IT teams who try to use agile within their organisations without
notifying other departments are more likely to hamper “agile” as a concept, than
those organisations that try to carry out too many agile projects, according to
Finnbar Joy, chief technology officer at William Hill. Read more
[COMPUTING.CO.UK]

52. For the CTO, CIO & CISO
CISO: Obama Wants More Cybersecurity Funding and a Federal CISO. In the final
budget of the Obama administration, the White House is looking to boost spending
on security, hire more experts and partner with the private sector. Read more
[CIO.COM]
GOVERNMENT CIO: Senate Passes Permanent Ban on Internet Access Taxes. The
ban on taxes targeting Internet services now heads to Obama. The Permanent
Internet Tax Freedom Act was included in a trade enforcement bill passed by
senators in a 75-20 vote Thursday. The provision, passed by the House of
Representatives last June, would permanently extend a 18-year moratorium on
Internet-targeted taxes that expired in October. Congress had extended the
moratorium several times since 1998, but supporters weren’t able to pass a
permanent ban until now. Read more
[CIO.COM]

53. Incident Response

54. Incident Response
FEDERAL GOVERNMENT CONTRACTING: Feds Prep for Cybersecurity Buying
Spree. The U.S. government’s objectives for improving cybersecurity are taking
shape in updated contracting procedures, contracts and projected increases in
spending. Several recent developments have underscored the federal
commitment to bolstering the protection of IT resources. On the contracting front,
the General Services Administration has asked vendors to respond by Wednesday
to a research survey on what it should do to expedite federal acquisition of
cybersecurity products and services. Read more
[ECOMMERCETIMES.COM]
DATA PRIVACY BREACH: Organizing a Data Breach Incident-Response Team. This
three-part series focuses on how to 1) prepare to handle a data breach, 2)
organize an incident-response team, 3) prepare for a government investigation
and 4) balance law enforcement requests with insurance policies requiring breach
disclosure. Read the rest
[INSIDECOUNSEL.COM]

55. Incident Response
SECURITY: Incident Response Teams Dealing with 3 to 4 Ransomware Incidents
Weekly. In the first quarter of 2016, incident response teams from Stroz Friedberg
addressed 3 to 4 Ransomware incidents per week. The Ransomware cases they’re
seeing are mostly Locky and TeslaCrypt. Read more
[CSOONLINE.COM]
RISK & COMPLIANCE: How to Tailor Your Incident Response to the Value of Your
Data. Organizations need to map their incident response plans against the value
and associated risk of different types of data. Each organization typically has a
‘hierarchy’ of data. A fundamental part of effective security and crisis
management is understanding the relative risk that is associated with the loss or
theft of different types of data. Read more
[INFORMATION-AGE.COM]

56. Programming & Scripting Development
Client & Server-Side

57. Programming & Scripting Development
Client & Server-Side
HTML5: HTML5.1 Begins to Take Shape on GitHub. The next generation of the Web
standard is using a GitHub repo for feedback and suggestions. Early drafts the
HTML5 spec began to surface back in 2008, but it wasn’t until 2014 that HTML5
was considered an endorsed, official standard. Consequently, the W3C wants to
make incremental updates “a reality that is relatively straightforward to
implement,” in order to avoid the years-long lag that hobbled the spec’s last
revision. Read the rest
[INFOWORLD.COM]

58. Programming & Scripting Development
Client & Server-Side
JAVA: Broken IBM Java Patch Prompts Another Disclosure. For the second time in
two weeks, researchers have discovered a three-year-old broken patch for a
vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to
execute code outside the Java sandbox, and still affects current versions of IBM
SDK, 7 and 8, released in January. Read more
[THREATPOST.COM]
PROGRAMMING: Software Bugs? Avoid These 10 Costly Programming Mistakes.
Here’s one reason programs break: Programmers get sloppy, and don’t always use
the best tools or follow best practices. Don’t be that programmer. Read more
[ZDNET.COM]

59. Programming & Scripting Development
Client & Server-Side
JAVASCRIPT: Microsoft Previews New JavaScript Language Service, Salsa. Microsoft
is introducing a new JavaScript language service in Visual Studio 15. The service,
codenamed Salsa, is designed to improve the existing JavaScript language and
provide enhancements to JSX support, module support, and ES6/ES7 syntax
coverage. Read more
[SDTIMES.COM]

60. Cloud Computing

61. Cloud Computing
CLOUD SECURITY SURVEY: Cloud Stampede Is On, But Who’s Watching Security? A
survey by Intel and the Cloud Security Alliance finds that the use of cloud services is
increasing, but more in-depth security measures are needed. The growing number of
cloud services being used here and in Europe reflects a fundamental trend:
Enterprise IT managers still don’t fully trust the cloud, but they trust it more than
they used to. Asked if their organization trusts the cloud more now than it did a year
ago, 3% said no, 20% said they didn’t know, and 77% said yes. Read more
[INFORMATIONWEEK.COM]
GOOGLE: Apologizes for Cloud Service Turbulence. The search giant’s cloud
computing service briefly went offline last week, which led to Google apologizing for
the hiccup, promising to refund customers for the problem. Read the rest
[FORTUNE.COM]

62. Cloud Computing
PRIVACY: Shortened URLs Present Huge Privacy Problem for Cloud Services. A new
research paper has identified flaws in automatic URL shortening, such as bit.ly,
which expose the private data of cloud services users. In the study, titled “Gone in
Six Characters: Short URLs Considered Harmful for Cloud Services,” the team, led by
Martin Georgiev and Vitaly Shmatikov, outlined that for many services it was very
easy to identify the full URL through trial and error, and uncover private information
from cloud storage files and mapping requests. Read more
[THESTACK.COM]
CIOs: Microsoft Azure to Outpace Amazon Web Services as Cloud Market Soars.
Amazon is currently the biggest cloud service vendor with revenue of nearly $8
billion, but many expect Microsoft Azure to outpace its rival as demand for cloud
service soars. Read more
[NEARSHOREAMERICAS.COM]

63. Business Intelligence

64. Business Intelligence
3RD PLATFORM: How Will It Impact State, Local Governments in 2016? (Industry
Perspective). The innovative powerhouse of cloud computing, mobile, big data
and social media has been deemed by IDC as the “3rd Platform.” Here’s a look at
each component and the potential it brings for public sector. Read more
[GOVTECH.COM]
CALIFORNIA: New Digital Innovation Office Aims to Create Apps for Residents. The
Golden State also wants to collaborate with other states using open source data
and technologies. Read more
[STATETECHMAGAZINE.COM]

65. Business Intelligence
CIO: Cybersecurity Startups Face Tougher Path to IPO. The security industry’s largest
annual conference, which started Monday in San Francisco, is held just two blocks
from the former sand dunes where Gold Rush-era prospectors encamped in an area
known as Happy Valley. The mood at the RSA Conference this year may not be quite
as happy as it was in the recent past, as security startups find it more difficult to
realize ambitions for an IPO. Read more
[BLOGS.WSJ.COM]
WINDOWS 10: Security Boost Targets Business PCs. Microsoft launches a new
Windows 10 security feature designed to give IT leaders more insight into
recognizing and addressing cyber-attacks. Read more
[INFORMATIONWEEK.COM]

66. Federal Government

67. Federal Government
BYOD: NIST Updates BYOD Guidance for Teleworking Feds. Most agencies have
some kind of bring-your-own-device policy, ranging from prohibition to qualified
acceptance. However, when federal employees are teleworking, some BYOD creep
can’t be helped – even if an employee is using a government laptop, they’re
connecting over their personal WiFi. At the same time, instances of malware tend
to spike during holidays, snowstorms and any other time people are spending more
time than usual at home. To help agencies cope, the National Institute of Standards
and Technology recently updated its telework BYOD guidance. Read more
[FEDERALTIMES.COM]
IT SECURITY: Federal Government Focuses on Increasing IT Security Spend. Network
defenses tops the list of technologies the U.S. government plans to increase its
spending on in the next 12 months, following by analysis and correlation tools,
according to security vendor Vormetric’s 2016 Federal Data Threat Report.
Read more
[EWEEK.COM]

68. Federal Government
CLOUD: eSignLive Added to FedRAMP-compliant Cloud Offering. The digital
signature offering has long been in use at the Joint Chiefs of Staff and GSA,
among other agencies. Federal agencies looking to use digital signatures in a
secure cloud environment now have an option: eSignLive has partnered with a
FedRAMP compliant provider in order to bring its software to the government.
Read more
[FEDSCOOP.COM]

69. Federal Government
SECURITY: The Changes That Could Be Coming to Federal Cybersecurity R&D.
Officials from the Department of Homeland Security (DHS) have defended the
government’s Einstein cybersecurity system as well as the Obama
Administration’s request for $19 billion in cybersecurity funding for fiscal 2017,
a 35 percent increase from last fiscal year’s $14 billion. But as cybersecurity
research and development (R&D) for federal agencies is being plotted into the
next decade, current and former government officials argue that the
administration needs to rethink those R&D efforts. The federal government
must try and resolve the tension between security and convenience of IT
systems. Read more
[FEDTECHMAGAZINE.COM]

70. IT - State & Local Governments

71. IT - State & Local Governments
CALIFORNIA: Step-by-Step Solution for Its New Child Welfare System. California is
dabbling with innovative ways of procuring technology for its new Child Welfare
System, transitioning from waterfall procurement to an agile and iterative
acquisition that aims to revamp the mammoth system’s services one at a time.
Read more
[GCN.COM]
LOCAL GOVERNMENT DATA: 4 Guidelines for Governments to Ease the Cost and
IT Burden of Housing Data. Connected, always on and fully transparent –
consumer tech trends are hitting state and local governments hard. Many are
moving straight from paper files and other analog solutions to complex
technologies and the systems required to support them. Data demands are
pushing IT limits in cities, so what can these local governments do to support this
deluge of data? Read more
[GOVTECH.COM]

72. IT - State & Local Governments
NEW YORK CITY: What to Expect From the NYC Tech Scene in 2016. Yeah, it ain’t
Silicon Valley. But why does it have to be? Read more
[INC.COM]
LOCAL GOVT: Security, Strategic Planning Top Local Government IT Execs’ 2016
Priorities. The Public Technology Institute released its annual poll of local
government executives’ key concerns for the year ahead. Read more
[STATETECHMAGAZINE.COM]

73. IT Security | Cybersecurity

74. IT Security | Cybersecurity
FIREFOX: NoScript and Other Popular Firefox Add-ons Open Millions to New Attack.
Unlike many browsers, Firefox doesn’t always isolate an add-on’s functions.
NoScript, Firebug, and other popular Firefox add-on extensions are opening millions
of end users to a new type of attack that can surreptitiously execute malicious code
and steal sensitive data, a team of researchers reported. Read more
[ARSTECHNICA.COM]
WORKFORCE: Agencies Struggling to Share Talent Across Government. Federal
hiring managers are happier with the quality of candidates coming through their
doors, but agencies are finding it difficult to share that workforce talent with each
other. In the latest progress report for the cross-agency priority goal of developing
the federal workforce to its full potential, three-quarters of the milestones related to
multi-agency workforce pilot programs are at risk. Read more
[FEDERALNEWSRADIO.COM]

75. IT Security | Cybersecurity
FDA: Cybersecurity Researcher: Recent Device Vulnerabilities Should Be a Wake-Up
Call for FDA. A prominent cybersecurity researcher says the US Food and Drug
Administration (FDA) needs to “buckle down” and regulate medical device
cybersecurity more firmly. The warning comes as last week, the US Department of
Homeland Security (DHS) issued an advisory warning of more than 1,400
cybersecurity vulnerabilities affecting certain versions of an automated supply
cabinet used in hospitals and other health facilities to dispense drugs. Read more
[RAPS.ORG]
IoT: UL Takes on Cybersecurity Testing and Certification. Underwriters Laboratories
(UL) has announced a new Cybersecurity Assurance Program (CAP) that uses a new
set of standards to test network-connected products for software vulnerabilities.
Read more
[COMPUTERWORLD.COM]

76. IT Security | Cybersecurity
ENCRYPTION: Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a
Billion People. WhatsApp is an online messaging service now owned by tech giant
Facebook, that has grown into one of the world’s most important applications. More
than a billion people trade messages, make phone calls, send photos, and swap
videos using the service. This means that only Facebook itself runs a larger self-
contained communications network. The enigmatic founders of WhatsApp, Brian
Acton and Jan Koum, together with a high-minded coder and cryptographer who
goes by the pseudonym Moxie Marlinspike, revealed that the company has added
end-to-end encryption to every form of communication on its service. Read the rest
[WIRED.COM]

77. IT Security | Cybersecurity
NIST: 43% of IT, Security Pros using the NIST Cybersecurity Framework. 84 percent of
U.S.-based IT and security professionals said they use a security framework to guide
their processes for protecting critical assets and systems, and 44 percent said they
use more than one framework, according to a new report. Read more
[FIERCEGOVERNMENTIT.COM]
CYBER SOFT SPOTS: The Soft Spots in IT Security? People and Old Tech. The $3.1
billion IT modernization plan in President Barack Obama’s proposed fiscal 2017
budget, according to federal CIO Tony Scott, is key to closing a big federal security
hole — aging technology. Read more
[FCW.COM]

78. IT Security | Cybersecurity
DATA CENTER: Hyperconverged Infrastructure Requires Policy-based Security. When
adopting HCI, enterprises must look at security through the lens of the application
versus the network. Read more
[NETWORKWORLD.COM]
REPORT: Ransomware Feeds Off Poor Endpoint Security. Poor endpoint security
practices are only helping to propel the great ransomware epidemic of 2016 – and if
allowed to fester, this threat will spread to new vulnerable endpoints including IoT
devices, cars and ICS and SCADA systems, according to a new report from the
Institute for Critical Infrastructure Technology (ICIT). Read more
[SCMAGAZINE.COM]

79. IT Security | Cybersecurity
RISK ASSESSMENT: Billion Dollar Bangladesh Hack: SWIFT Software Hacked, No
Firewalls, $10 Switches. The Bangladesh central bank had no firewall and was using
a second-hand $10 network when it was hacked earlier this year. Investigation by
British defense contractor BAE Systems has also shown that the SWIFT software
used to make payments was compromised, enabling the hackers to send money
around the world without leaving any trace in Bangladesh. Read more
[ARSTECHNICA.COM]
SECURITY SPENDING: Why Most IT Security Suffers From Unbalanced Spending.
Security costs money. Risks are proliferating. More security will be needed, which
means more money will be spent. For these reasons, odds are that security, and
security spending, are on your mind whether you are in the IT trenches or part of
the C-suite. Gartner predicts security spending will reach $101 billion by 2018 and
MarketsandMarkets forsees spending approaching $170 billion by 2020. Read the
rest
[FORBES.COM]

80. IT Security | Cybersecurity
NETWORK SECURITY: Government Agencies Not Doing Enough To Protect IT
Systems. NASA and the U.S. Department of State were among the federal agencies
that received low marks on IT security, according to a recent report card issued by
the New York-based firm Security Scorecard. Also receiving low grades were the
states of Connecticut, Pennsylvania and Washington. Find out more
[CIO-TODAY.COM]

81. IT Security | Cybersecurity
CALL BLUE MOUNTAIN FOR IT SECURITY SUPPORT: Blue Mountain Data Systems is
actively involved in implementing FISMA and NIST standards with Federal Civilian
Agencies. Due to our extensive experience in this area, Blue Mountain has
developed processes and organizational techniques to help ensure security
deliverables are completed on time, and performed in the most efficient manner
possible. We ensure that NIST-800-53 control requirements are treated consistently
during definition, analysis, implementation, auditing, and reporting phases of a
system. Find out more about Blue Mountain Data Systems IT Security Support
Services. Call us at 703-502-3416.

82. From the Blue Mountain Data Systems Blog
Three-Dimensional Governance for the CIO
https://www.bluemt.com/three-dimensional-governance-for-the-cio
7 Reasons to Take Control of IT Incidents
https://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/
Breach Mitigation Response Time Too Long, Survey Says
https://www.bluemt.com/breach-mitigation-response-time-too-long-survey-
says/
Six Tactics for Cyberdefense
https://www.bluemt.com/six-tactics-for-cyberdefense/

83. From the Blue Mountain Data Systems Blog
Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

84. From the Blue Mountain Data Systems Blog
Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

85. From the Blue Mountain Data Systems Blog
Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

86. From the Blue Mountain Data Systems Blog
Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

87. From the Blue Mountain Data Systems Blog
Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

88. From the Blue Mountain Data Systems Blog
Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

89. From the Blue Mountain Data Systems Blog
People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

90. From the Blue Mountain Data Systems Blog
Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

91. From the Blue Mountain Data Systems Blog
Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

92. ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

93. Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

94. MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

95. CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com