This week Brad Davis of California asks:
Q: “Can I trust my networking gear?”
Well, Mr. Davis – I don’t know about you, but I was not a fan of the Harry Potter books or movies.
All those wizards with all those powers and not one of them had cured the common cold or developed a telephone system so when you reached the wrong extension at a company the person didn’t have to say “I’ll try to transfer you, but if I lose you, here is the correct extension…” – let alone solved any cybersecurity problems.
They seemed too busy playing polo on flying brooms and sending messages via owls, if you ask me.
But, in one of the 754 Harry Potter books there was one great quote by Mr. Weasley, who I believe headed up the Office for the Detection and Confiscation of Counterfeit Defensive Spells and Protective Objects, who surely had information technology in mind when he said: “Never trust anything that can think for itself, if you can't see where it keeps its brain.”
Submit questions to: email@example.com
By John J. Masserini
I’ve been known to say that ‘I’ve been in InfoSec since before it was cool.’
After 20 years of being on the front lines, first as a consultant, then as the one responsible for implementing a strategy and building the programs, I’ve truly lost count of the times I’ve heard others using F.U.D. to further their agenda and get the resources and budget they needed to accomplish their goals.
F.U.D., which stands for Fear. Uncertainty and Doubt, was the mantra of the early security vendors who were trying to sell firewalls and proxies into large enterprises who were just starting to understand this ‘new’ thing called the Internet.
By Mark Rasch
Law enforcement’s response to the announcement by Apple (and later Google’s Android) that it would be encrypting by default the contents of users’ phones was met with predictable outrage by some representatives of the law enforcement community.
This outrage is fundamentally misplaced, and shows just how “out of the loop” the law enforcement and intelligence communities are when it comes to privacy and security.
It reflects the fundamental position that privacy and security are only for those with something to hide, and that if you want privacy, you must be a criminal. This attitude fundamentally inhibits and restricts new privacy enhancing and security enhancing technologies.
securitycurrent's Vic Wheatman talks to leading analysts and CISOs to learn about the latest cyber threats and security trends.
Where is General (Ret) Alexander headed?
Robolawyers acting as lawyer, judge and executioner.
And the Breach Level Index Finds...
By Bob Tarzey
Security products have evolved with the use of the Internet. When web sites were largely static it was enough to tell users which URLs to avoid because the content was undesirable (e.g., porn etc.).
As the web became a means distributing malware and perpetrating fraud, there was a need to identify bad URLs that appeared overnight or good URLs that had gone bad as existing sites were compromised.
Early innovators in this area included Websense (now a sizable broad-base security vendor) and two British companies SurfControl (that ended up as part of Websense) and ScanSafe that was acquired by Cisco. Read More
By Steve Hunt
Security is the pursuit of perfect protection through ongoing tightening of defenses and preemptive activities to cover vulnerabilities.
Risk management, on the other hand, is a discipline that enables organizations to operate and measurably improve their security and compliance environments according to legal standards.
Most companies are not accustomed to thinking of information as a regulated asset. Ingredients and food products, energy, toxic chemicals, infrastructure, and money are among the many assets that have been regulated for decades, or even centuries.
Yet, executives and entrepreneurs are obligated to see information as a regulated asset.