Listen to our latest podcast, Sex Tapes, Cloud and Security with securitycurrent's Vic Wheatman as he speaks to Trend Micro's JD Sherry on all things cloud.
In this sponsored podcast they examine the importance of security and privacy in the cloud and note real-world instances of just what can happen -- the benefits and dangers -- in a cloud ecosystem.
This week Seth Jones from Milwaukee asks:
Q: “Why should I worry about BYOD? It is great not to have to buy my employees cell phones.”
Shame on you, Mr. Jones – not to get all Biblical on you, but have you never heard the ancient proverb “It is better to give than receive?”
By providing your employees with smart phones, tablets, etc., not only do you get the satisfaction of giving but you also get to maintain the high level of security you had on those corporate Windows PCs and laptops you so lovingly provided employees with over the years.
What’s that, Mr. Jones? You had constant virus problems on those corporate issued PCs – even with the endpoint “protection” platform software you installed?
Oh, and a lot of help desk calls when users couldn’t get their job done because they needed to use told them they had an old version of Internet Explorer installed because of what IT called “app compat” issues? Frequent reimaging? Constant patching? Candy Crush wouldn’t work right??
Submit questions to: firstname.lastname@example.org
By Ed Moyle
You know the illustration The March of Progress? The name itself might not ring a bell for everyone, but more than likely you've seen it:
it's the illustration showing human evolution from the earliest primate ancestors on the far left, throughout various phases of evolutionary development to modern humans ultimately taking their place on the far right.
That illustration -- aside from being iconic in and of itself -- is also almost a perfect metaphor of the way software development paradigms have evolved over the years.
There is no task more difficult for a Chief Information Security Officer than stepping into that role at a large organization that has never had a CISO and has recently experienced a devastating breach that is at least partly responsible for the departure of senior IT management and the CEO.
securitycurrent polled its contributors to compile advice for Brad Maiorino, newly appointed as the first CISO at Target. Check out their advice.
Who is responsible?
Robolawyers acting as lawyer, judge and executioner.
And the Breach Level Index Finds...
By Joel Rosenblatt
That Thursday started out as a normal day (except for all of the Heartbleed hubbub), that was, until we realized that the (Columbia) University had been hit with about 32K of phishing emails.
I have to hand it to the phishers, they did a really nice job.
An email, signed by one of our help desks, went out describing a process that we had just gone through – we consolidated many of our policies. They requested that everyone needed to read and understand the new policies, and that they should click on the link to do that.
By Bob Tarzey
In an ideal world threat intelligence should prevent IT security incidents from occurring in the first place; however, in reality incidents are inevitable, often with associated data breaches.
Post-event clear up requires intelligence gathering as well and the quicker this can be done the better. As incident response capability speeds up the ability to use intelligence in real time is increasing.
As Cisco’s Sourcefire, puts it: the need for security intelligence is “before, during and after.” The more timely the intelligence can be gathered, the more likely it is that it will be put to use for pro-active defence, rather than post-event clear up; this is the area of real time security analytics.