Upcoming Events:

Hackers Are Not Afraid of Frameworks - Part 2

By David Sheidlower
Global Media and Advertising CISO 

Is that news?  No, of course it isn’t. In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has.  

A guard with a gun.  That’s deterrence.  An armed guard standing next to a metal detector between the thief and the elevators to your office may convince the thief to try the building down the street. 

Read Part One All Infrastructure and the NIST Framework. In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity, which NIST first published in February of 2014.

                                                                Read More 

The Evolution of Anaytics

By James Beeson

GE Capital Americas CISO

Although information systems logs have been around since the early mainframe days, the concept of collecting and analyzing logs for security purposes is still a relatively new concept. 

From my limited research, the term SEM (Security Event Management) was pioneered by a small company called E-Security in 1999.  SIM (Security Information Management) or SIEM (Security Information and Event Management) came along about 2005 and appears to have been coined by some folks at Gartner.

                                                                 Read more 

IBM Global CISO Cloud & SaaS Speaks with Suffolk County Police Department Technology Security Officer

IBM's David Cass and Suffolk County's William Okula, Discuss Threats and Best Practices

In the series brought to you by Security Current and Intersections IT Security ONE2ONE Summit you will hear CISOs discuss today’s most critical issues in IT Security.

This episode features David Cass, IBM Cloud & SaaS Global CISO, and William Okula, Executive Officer Police Technology Bureau at the Suffolk County Police Department, who discuss the most prevalent types of attack in the public sector.

In this podcast you’ll hear in particular about phishing and malware. They also discuss challenges facing security departments in the public sector, staffing and security best practices.

                                                                  Listen Now  

Behavioral Authentication: Your New Best Friend

By Dr. J.R. Reagan

Deloitte Touche Tohmatsu Limited (DTTL) CISO

Who knows you better than your smart phone? Your family? Maybe. Your colleagues? Perhaps. Your dog? Almost certainly—but that could change very soon.

For many of us, our phones and other devices—smart watches, tablets, laptops—are privy to our deepest secrets.

Our devices may know, via the alarm we set, when we get up in the morning, and, if we have

a sleep-tracking app, when we go to bed at night. They may also store information on nearly everything we do, think, and even feel, from the emails we send and receive to the purchases we make, to the contours of our fingerprints. It’s all faithfully recorded for our eyes only—until our device is lost or stolen.

                                                                  Read More  

 


Making Insurance Part of Your Enterprise Risk Management Program

 

By Grace Crickette

San Francisco State University Interim AVP of Business Operations

In this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy.

Risk Management and Insurance Basics - Part Three

Insurance and Risk Management Basics

Insurance is just one tool in the Risk Managers belt, but sometimes it is their favorite tool. Why?  It is the easiest to wield when all the rest of risk management is quite difficult. The identification, understanding, and management of risk requires people to change their behavior, which is challenging. 

Also, people are not very good at understanding or talking about risk.  When asked what a risk is, a lawyer might say it is a lawsuit filed against the company – wrong, that is an impact.  A CFO might say receiving a downgrade from a rating agency – wrong, that is a long term consequence.  A CISO might say that the management cares more about system availability than downtime for security – right, we just identified a risk. 

Read More

Read Part One

Read Part Two

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

"The Internet of Cows"

By Randy Marchany 

Virginia Tech CISO

Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process.

He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.  

Analysis of herd data allows farmers to predict the health of a cow, the optimum time for reproduction and milk production. He maintained that cows don’t object to this type of management and therefore, this is why they are well suited to study the effects of intrusive monitoring. 

Read more!

 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter