Upcoming Events:

Risk, Remediation, Testing and Technology

IBM Cloud & SaaS CISO Speaks with Spirent Communications 

In part two of the conversation David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application security, discuss managing risk.

In this Spirent sponsored podcast they talk about the need for continuous monitoring and testing to optimize spend to reduce risk. They also touch on the ability to respond quickly to a breach by ensuring strong remediation plans are in place, and discuss the need to diversify technology solutions.

                                                                Listen Now  

           


Listen to Part One on the Internet of Things (IoT), Ransomware and Cloud

                                                                Listen Now  

All Infrastructure and the NIST Framework

By David Sheidlower

Global Media and Advertising CISO

Each infrastructure is critical to someone.  Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say.  In fact, the increasing criticality of all aspects of infrastructure underlies all our assumptions about security and privacy.  

This article is the first in a series where I will take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014.  In challenging and reframing some of the assumptions in the document, I hope I can be forgiven for completely ignoring the idea that there might be “non-critical” infrastructure that would not be in scope.

                                                                 Read more 

The Business of Security

By Roota Almeida 
Delta Dental of NJ Head of Security

More and more devices are being Internet-enabled daily.

To securely drive an organization’s digital strategy, CISOs need to better understand business and new technologies across groups within the enterprise. It is critical to learn how to create value from their data, and understand technical capabilities for the whole business, not just in the IT domain, and how they can be leveraged.

CISOs are in an ideal position to help design the end-to-end innovation process that leads to a more productive and more secure business, and then enable it. Innovation drives efficiencies and offers a competitive advantage; secure technology is one way of capturing both.

                                                                  Read More  

Behavioral Authentication: Your New Best Friend

By Dr. J.R. Reagan

Deloitte Touche Tohmatsu Limited (DTTL) CISO

Who knows you better than your smart phone? Your family? Maybe. Your colleagues? Perhaps. Your dog? Almost certainly—but that could change very soon.

For many of us, our phones and other devices—smart watches, tablets, laptops—are privy to our deepest secrets.

Our devices may know, via the alarm we set, when we get up in the morning, and, if we have

a sleep-tracking app, when we go to bed at night. They may also store information on nearly everything we do, think, and even feel, from the emails we send and receive to the purchases we make, to the contours of our fingerprints. It’s all faithfully recorded for our eyes only—until our device is lost or stolen.

                                                                  Read More  

 



The Evolution of Analytics

 

By James Beeson

GE Capital Amercias CISO

Although information systems logs have been around since the early mainframe days, the concept of collecting and analyzing logs for security purposes is still a relatively new concept. 

From my limited research, the term SEM (Security Event Management) was pioneered by a small company called E-Security in 1999.  SIM (Security Information Management) or SIEM (Security Information and Event Management) came along about 2005 and appears to have been coined by some folks at Gartner.

The reality is, as security practitioners, we have come to rely more and more on logs from a variety of systems including applications, firewalls, servers, operating systems, identity and access management systems, and data leakage systems, among others, to help understand where systems are in our environment, and who is using them and when.  We also use them to help trouble-shoot problems, conduct root-cause analyses, and do forensics investigations, as well as other matters. 

One of the obvious challenges is that most of our environments have become more and more complex.   More applications, more virtual machine and cloud usage, more mobile devices, more “unmanaged” devices, more complicated global networks and more potential security gaps.  We have also tweaked many of the logs from these systems to give us more security related data. 

Read More

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

"The Internet of Cows"

By Randy Marchany 

Virginia Tech CISO

Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process.

He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.  

Analysis of herd data allows farmers to predict the health of a cow, the optimum time for reproduction and milk production. He maintained that cows don’t object to this type of management and therefore, this is why they are well suited to study the effects of intrusive monitoring. 

Read more!

 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter