IBM Cloud & SaaS CISO Speaks with Spirent Communications
In part two of the conversation David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application security, discuss managing risk.
In this Spirent sponsored podcast they talk about the need for continuous monitoring and testing to optimize spend to reduce risk. They also touch on the ability to respond quickly to a breach by ensuring strong remediation plans are in place, and discuss the need to diversify technology solutions.
Listen to Part One on the Internet of Things (IoT), Ransomware and Cloud
By David Sheidlower
Global Media and Advertising CISO
Each infrastructure is critical to someone. Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say. In fact, the increasing criticality of all aspects of infrastructure underlies all our assumptions about security and privacy.
This article is the first in a series where I will take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. In challenging and reframing some of the assumptions in the document, I hope I can be forgiven for completely ignoring the idea that there might be “non-critical” infrastructure that would not be in scope.
By Roota Almeida
Delta Dental of NJ Head of Security
More and more devices are being Internet-enabled daily.
To securely drive an organization’s digital strategy, CISOs need to better understand business and new technologies across groups within the enterprise. It is critical to learn how to create value from their data, and understand technical capabilities for the whole business, not just in the IT domain, and how they can be leveraged.
CISOs are in an ideal position to help design the end-to-end innovation process that leads to a more productive and more secure business, and then enable it. Innovation drives efficiencies and offers a competitive advantage; secure technology is one way of capturing both.
By Dr. J.R. Reagan
Deloitte Touche Tohmatsu Limited (DTTL) CISO
Who knows you better than your smart phone? Your family? Maybe. Your colleagues? Perhaps. Your dog? Almost certainly—but that could change very soon.
For many of us, our phones and other devices—smart watches, tablets, laptops—are privy to our deepest secrets.
Our devices may know, via the alarm we set, when we get up in the morning, and, if we have
a sleep-tracking app, when we go to bed at night. They may also store information on nearly everything we do, think, and even feel, from the emails we send and receive to the purchases we make, to the contours of our fingerprints. It’s all faithfully recorded for our eyes only—until our device is lost or stolen.
By James Beeson
GE Capital Amercias CISO
Although information systems logs have been around since the early mainframe days, the concept of collecting and analyzing logs for security purposes is still a relatively new concept.
From my limited research, the term SEM (Security Event Management) was pioneered by a small company called E-Security in 1999. SIM (Security Information Management) or SIEM (Security Information and Event Management) came along about 2005 and appears to have been coined by some folks at Gartner.
The reality is, as security practitioners, we have come to rely more and more on logs from a variety of systems including applications, firewalls, servers, operating systems, identity and access management systems, and data leakage systems, among others, to help understand where systems are in our environment, and who is using them and when. We also use them to help trouble-shoot problems, conduct root-cause analyses, and do forensics investigations, as well as other matters.
One of the obvious challenges is that most of our environments have become more and more complex. More applications, more virtual machine and cloud usage, more mobile devices, more “unmanaged” devices, more complicated global networks and more potential security gaps. We have also tweaked many of the logs from these systems to give us more security related data.
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
By Randy Marchany
Virginia Tech CISO
Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process.
He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.
Analysis of herd data allows farmers to predict the health of a cow, the optimum time for reproduction and milk production. He maintained that cows don’t object to this type of management and therefore, this is why they are well suited to study the effects of intrusive monitoring.