NIST offers Continuous Monitoring FAQ

Wednesday - 6/2/2010, 9:23am EDT

Cybersecurity Update - Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and The DorobekInsider with Chris Dorobek (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • The administration is pushing for continuous monitoring of systems and threats, and if you have questions, there's a new tool to help. The National Institute of Standards and Technology has crafted a list of 17 frequently asked questions about continuous monitoring. The document explains what it is and is not. Topics include risk, front-end security and automation. Continuous monitoring is part of the Defense authorization bill winding thru Congress. The White House has also signaled plans to have agencies move in that direction.

  • Based on an experiment done by researchers from VeriSign's iDefense Intelligence Operations Team, it costs around $67 to rent a botnet or a Denial of Service attack for 24 hours, or $9 per hour. The study also found the creators of these botnet "companies" also use extortion to acquire more money, reports BrickhouseSecurity. In addition to renting out their services to launch an attack on a system, they blackmail a target company by warning them that they will be hacked if they don't pay up... and then offer a 30% discount if the target company then hires the attackers to attack a competitor company.

  • Apple's O-S 10 may not be free of security worries after all. A security company called Intego tells InfoWorld that a high-risk spyware application called OSX/OpinionSpy is spreading through "freely distributed Mac applications and screen savers found on a variety of Web sites." The spyware is a variant of a program that's been pestering Windows users since 2008. Using the moniker, market research program, the malware can collect data on local and network volumes, then send it off to its servers. Intego says data collected may include user names, passwords, credit card numbers, Web browser bookmarks, and history.

Check out all of Federal News Radio's coverage of cybersecurity issues here.