Social Icons

Monday, November 17, 2014

Dyman & Associates Risk Management Projects: Google Lease Navy Base for 60 Yrs

Google has secured the lease of a NASA airbase in San Francisco for 60 years, possibly to house their upcoming space-exploration vehicles and robotics research.

The agency's press release at Dyman & Associates Risk Management Projects indicated that the lease, which will cost the tech giant $ 1.16 billion, is for " research, development, assembly and testing in the areas of space exploration, aviation, rover/robotics and other emerging technologies".

NASA Administrator Chris Bolden said, "As NASA expands its presence in space, we are making strides to reduce our footprint here on Earth."  He added that the agency wants "to invest taxpayer resources in scientific discovery, technology development and space exploration – not in maintaining infrastructure no longer needed."

According to the report, a real-estate offshoot of Google called Planetary Ventures will be managing the Moffett airbase and will take over the $200 million improvement to the site, which includes educational facilities to let the public "explore the site's legacy".

The 1,000 acres of airfield in the southern part of SF Bay  include two runways, a golf course, office space, NASA's Ames research center and three hangars, one of which is the iconic Hangar One. It's expected that the agency will save around $6 million worth of operation and maintenance expenses per year because of the lease.

Hangar One is one of the biggest freestanding edifice which covers 8 acres and was constructed in the 1930s for US naval airships. In 1966, it was recognized as a US Naval Historical Monument but has recently been placed as an endangered historic place according to a Dyman & Associates Risk Management Projects' press release.

“GSA was proud to support NASA in delivering the best value to taxpayers while restoring this historic facility and enhancing the surrounding community," said Dan Tangherlini of the US General Services Administration.

The Moffett lease shouldn't really come as a surprise as it's practically  just next to Googleplex HQ. In fact, it's already servicing private jets owned by the company's executives such as Sergey Brin, Larry Page and Eric Schmidt.

Both Brin and Page, the firm's co-founders, are evidently interested in space exploration and aviation as shown by their X Lab's Project Loon and Project Moonshot. Their company has also acquired satellite and robotics firms recently such as Meka Robotics and Redwood Robotics.

NASA and Google have also previously teamed up in 2005 when the latter made office at the agency's research facility and launch a new lab.

Monday, November 3, 2014

Dyman Associates Risk Management Review: 3 Ways to Make Your Account Safer

Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's (formerly known as Hotmail and, for a while, Windows Live Hotmail).

Controls affecting security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any page when you're logged in, and selecting "Account settings".

1. Protect your password

Your first step should be to make sure your password is well chosen and not shared.

If you need to set a new one, visit the "Security & privacy" section of the Account settings page.

You'll then have to verify your account with a security code, which you can do by email or text.

At the top you'll see when your password was last changed, with an option to change it below.

Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.

Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.

These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.

2. Set up two-step verification

On the same screen you can also set up two-step verification.

Scroll down to the next section of the "Security & privacy" page.

When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.

Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.

Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.

If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.

When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.

Only check the box if you're on a machine you use regularly and know to be kept well-secured.

As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes. recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.

In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.

3. Check your settings

You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.

There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.

There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".

This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.


There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.

In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.

Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your account, and also any other apps and services which may have been granted access.

You should make sure any entries in here are expected and necessary.

Once you're done with making your account safer, make sure you are following our general advice in our guide to securing your webmail.

Sunday, November 2, 2014

Dyman Associates Risk Management Review: Office 365 Getting Mobile Device Management, Security Boosts

Microsoft on Tuesday unveiled several upcoming Office 365 improvements, including mobile device management (MDM) and data loss protection (DLP) controls.

The announcements were made during the Day 1 keynote of the Microsoft TechEd Europe conference, taking place this week in Barcelona. Julia White, general manager of Microsoft Office, took the stage to demonstrate the ability to connect the cloud-based Azure Active Directory (AD) service with an on-premises Active Directory in "six clicks" during a setup process. With Azure AD in place, IT pros can have their security and auditing functions in one place, she said.

White also described the ability to edit policies for MDM. The policies get embedded into managed apps, such as Office for iPad apps, she said, and the capability will be "natively built into Windows 10." For instance, IT pros can set copy and paste restrictions on managed apps to protect company data.

White also talked about the coming DLP capabilities. With DLP, IT pros have access to Office 365 console reports, which show the rules that can be set up. They also show if users are trying to override the rules. If they are, IT pros can modify the policies to add additional restrictions, if wanted. For instance, restrictions can be set regarding the disclosure of credit card information. Alerts can be set up, as well. End users will get policy tips, so they will become aware of the policy restrictions set by IT.

These Office 365 capabilities are being rolling out at various times, but the target date seems to be the first quarter of next year.

Data Loss Prevention
Microsoft already has some DLP capabilities in its OneDrive for Business and SharePoint Online services, including an e-discovery capability. However, the capability to add policy restrictions that can block and restrict access to content will be rolled out in these apps "in the coming months," according to a Microsoft blog post on DLP.

The first app to get the new DLP controls will be Excel, followed by Word and PowerPoint. DLP will work "natively" in Office applications, Microsoft is promising, and the protection scheme will work at the file level, as well as for e-mail, document libraries or OneDrive for Business folders.

IT pros will have access to built-in DLP templates to add rules. They can review incident reports showing attempted policy overrides. Additional policy controls for Office 365, such as information rights management, will arrive in the first quarter of 2015.

File Classifications
Microsoft also plans to extend its file classification infrastructure capability of the Windows File Server to Exchange Online, OneDrive for Business and SharePoint Online, starting in the first quarter of 2015. Office documents can be classified using this scheme and policies can be set to avoid information disclosure.

OneDrive for Business and SharePoint Online also have "advanced encryption at rest," which is a capability that Microsoft calls "per-file encryption." Per-file encryption creates a key for every file stored. It also creates a new key for any variants of those files.

Mobile Device Management Capabilities
Microsoft is planning to roll out its new MDM capabilities for Office 365 in the first quarter of 2015. Some of these capabilities are being built into Office 365 management, but other capabilities will be available through Microsoft Intune.

A Microsoft MDM blog post outlined the following Office 365 MDM capabilities:

·         Ability to set security policies for devices that connect to Office 365.
·         Ability to set specific security policies for devices, such as "device level pin lock and jailbreak detection."
·         Ability to set "selective wipe," which allows corporate data to be removed remotely, while retaining personal data on a device.
·         Ability to have MDM management built "directly into productivity apps," which avoids having to set all-in-one management policies across apps.
·         Ability to manage MDM policies through the Office 365 administration portal.

Microsoft is planning to add these new MDM capabilities to its Office 365 "Business, Enterprise, EDU and Government plans."

Microsoft Intune Enhancements
Microsoft Intune optionally will add other MDM capabilities for Office 365 users. It's not quite clear when those capabilities will be available, but Microsoft listed them as follows:

·         Ability to restrict user actions, such as copy and paste, including the ability to set policies for line-of-business apps using the Microsoft Intune app wrapper.
·         Ability to control the viewing of content via the "Managed Browser, PDF Viewer, AV Player and Image Viewer Apps."
·         Ability to integrate Microsoft Intune with System Center 2012 Configuration Manager for a single-console MDM view.
·         Ability to automatically provision enrolled devices, which will automate the deployment of "certificates, Wi-Fi, VPN and email profiles."
·         Ability to bulk enroll corporate devices.
·         Ability to provide end users with a "self-service Company Portal," which allows them to enroll their devices and install their own apps.

On top of that Office 365 news, veteran Microsoft reporter Mary Jo Foley has reported from the TechEd Europe event that Microsoft plans to release the next version of the Microsoft Office suite, which she called "Office 16 for Windows," in the "second half of 2015."