By David Sheidlower
Global Media and Advertising CISO
Is that news? No, of course it isn’t. In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has.
A guard with a gun. That’s deterrence. An armed guard standing next to a metal detector between the thief and the elevators to your office may convince the thief to try the building down the street.
Read Part One All Infrastructure and the NIST Framework. In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity, which NIST first published in February of 2014.
By James Beeson
GE Capital Americas CISO
Although information systems logs have been around since the early mainframe days, the concept of collecting and analyzing logs for security purposes is still a relatively new concept.
From my limited research, the term SEM (Security Event Management) was pioneered by a small company called E-Security in 1999. SIM (Security Information Management) or SIEM (Security Information and Event Management) came along about 2005 and appears to have been coined by some folks at Gartner.
IBM's David Cass and Suffolk County's William Okula, Discuss Threats and Best Practices
In the series brought to you by Security Current and Intersections IT Security ONE2ONE Summit you will hear CISOs discuss today’s most critical issues in IT Security.
This episode features David Cass, IBM Cloud & SaaS Global CISO, and William Okula, Executive Officer Police Technology Bureau at the Suffolk County Police Department, who discuss the most prevalent types of attack in the public sector.
In this podcast you’ll hear in particular about phishing and malware. They also discuss challenges facing security departments in the public sector, staffing and security best practices.
By Dr. J.R. Reagan
Deloitte Touche Tohmatsu Limited (DTTL) CISO
Who knows you better than your smart phone? Your family? Maybe. Your colleagues? Perhaps. Your dog? Almost certainly—but that could change very soon.
For many of us, our phones and other devices—smart watches, tablets, laptops—are privy to our deepest secrets.
Our devices may know, via the alarm we set, when we get up in the morning, and, if we have
a sleep-tracking app, when we go to bed at night. They may also store information on nearly everything we do, think, and even feel, from the emails we send and receive to the purchases we make, to the contours of our fingerprints. It’s all faithfully recorded for our eyes only—until our device is lost or stolen.
By Grace Crickette
San Francisco State University Interim AVP of Business Operations
In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy.
Risk Management and Insurance Basics - Part Three
Insurance and Risk Management Basics
Insurance is just one tool in the Risk Managers belt, but sometimes it is their favorite tool. Why? It is the easiest to wield when all the rest of risk management is quite difficult. The identification, understanding, and management of risk requires people to change their behavior, which is challenging.
Also, people are not very good at understanding or talking about risk. When asked what a risk is, a lawyer might say it is a lawsuit filed against the company – wrong, that is an impact. A CFO might say receiving a downgrade from a rating agency – wrong, that is a long term consequence. A CISO might say that the management cares more about system availability than downtime for security – right, we just identified a risk.
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
By Randy Marchany
Virginia Tech CISO
Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process.
He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.
Analysis of herd data allows farmers to predict the health of a cow, the optimum time for reproduction and milk production. He maintained that cows don’t object to this type of management and therefore, this is why they are well suited to study the effects of intrusive monitoring.