Top News:

Take the Test: Are You a True Information Security Leader? 

By Farhaad Nero

It is more important than ever to safeguard your business. 

The battlefield is no longer contained and the battle is daily. One fact remains constant: there are those inside and outside of your organization who are looking for ways to pilfer and use your data.

A true information security leader knows who and what they need to protect and have the subsequent strategy, mindset, vision and allies as well as the right tools to survive. But with the field changing almost daily how do you measure true leadership? 

If you are an information security leader, or looking to be one, or need to interview a potential one then I have created a simple (far from perfect) methodology that you can use to test or rank yourself or a candidate. It is a quick yet effective assessment. Give it a shot.

                                                            Take the Test  

 

Amazon Web Services Security: It Takes A Village

By Ben Rothke  

For those contemplating using Amazon Web Services (AWS), their compliance page is quite assuring.

With a who’s who of compliance standards from SSAE-16, ISO 27001, PCI DSS, to CSA, MPAA, FEDRamp, FIPS 140-2, HIPAA and more; it’s more than enough to give an auditor a warm and fuzzy feeling.

While this article focuses on Amazon, the approach is the same for any cloud service, be it from Microsoft, Rackspace, Terremark and the rest.

                   Read More  

Ask Mr. Security Answer Person with John Pescatore

This week Brad Davis of California asks:  

Q: “Can I trust my networking gear?

Well, Mr. Davis – I don’t know about you, but I was not a fan of the Harry Potter books or movies.

All those wizards with all those powers and not one of them had cured the common cold or developed a telephone system so when you reached the wrong extension at a company the person didn’t have to say “I’ll try to transfer you, but if I lose you, here is the correct extension…” – let alone solved any cybersecurity problems.

They seemed too busy playing polo on flying brooms and sending messages via owls, if you ask me.

Got a Question? Write to me at: askme@securitycurrent.com

                                                                   Read More  

Moving to the Cloud: Resistance is Futile

By Joel Rosenblatt 

At some point, I must have drunk the Cloud Kool-Aid.  I find that despite my best efforts, I no longer develop the sinking feeling in the pit of my stomach when someone mentions “Moving to the Cloud.”

This doesn’t mean that I get all warm and fuzzy inside, but I am now able to listen to the conversation without the very loud voice inside my head saying “NOOOO, NOT THE CLOUD.”

I  guess that it is a sign of the maturing of the process (or insanity on my part) that has allowed me to move from “it can’t work” to “how can we make it work.”

Read More 

Security for the Holidays: It's Never too Early


The holiday season is filled with opportunities for the Bad Guys to take advantage of people who are filled with the holiday spirit, out and about having a good time and letting their guard down. 

As Columbia University's head of computer and network security, I sometimes get asked to pass along tips to increase the awareness of how easy it is to be taken advantage of. Here are some of my “Seasons Greetings:” 

                                                                                    Check them out 

 

Cloud Security

How I learned to love a data exfilitration service

The Silver Lining of an Intense Security Week

Adopting to security issues on the fly

 

Putting Breaches in Perspective 

And the Breach Level Index Finds... 

 

The Security and Visibility of  Critical National Infrastructure

By Bob Tarzey

There has been plenty of talk about the threat of cyber-attacks on critical national infrastructure (CNI). So what’s the risk, what’s involved in protecting CNI and why, to date, do attacks seem to have been limited?

CNI is the utility infrastructure that we all rely on day-to-day; national networks such as electricity grids, water supply systems and rail tracks. Others have an international aspect too, for example gas pipelines are often fed by cross-border suppliers.

In the past such infrastructure has been often been owned by governments, but much has now been privatized.

Some CNI has never been in government hands, mobile phone and broadband networks have largely emerged after the Telco monopolies were scrapped in the 1980s.                                                           Read More 

 

Is the FBI Really Going Dark?

By Mark Rasch

FBI Director Comey recently complained about the problem of people, “going dark,” in a speech before the Brookings Institution.

He explained, “the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem.

We call it 'Going Dark,' and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.

We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”  

Read More  

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter