Top News:

GRC Debunker

By David Sheidlower

For security professionals, the most familiar qualitative scale is the CRITICAL-HIGH-MEDIUM-LOW scale that is used for risk assessments. 

With a nod towards Politifact, I’d like to propose a different scale that we can use to rate statements about how effective controls are. 

I’m taking this from the kid’s game where you tell someone how close they are getting by indicating temperature: “you’re getting warmer” for when you are getting close and “you’re getting colder” for when you are moving away from it.

See what controls got a rating of "Absolute Zero"?

                                                                   Read More  

 

Ask Mr. Security Answer Person with John Pescatore

This week David Rosenberg of New York City asks:  

Q: “How concerned should we be about Regin malware?

Well, Mr. Rosenberg, I'll give you a few thoughts specifically on Regin in a bit. Let me first give you some pushback.

Each week I’m sure your local newspaper has a list of robberies in your area, as well as articles containing the names of burglars and bank robbers that were arrested or convicted in your area.

Each week do you wonder if you should be concerned about your house being broken into? I hope you wouldn’t look for different strategies for burglar A one week, Peeping Tom B the next and car thief C after that etc.

                                                                   Read More  

                                                            

By Farhaad Nero

It is more important than ever to safeguard your business. 

The battlefield is no longer contained and the battle is daily. One fact remains constant: there are those inside and outside of your organization who are looking for ways to pilfer and use your data.

A true information security leader knows who and what they need to protect and have the subsequent strategy, mindset, vision and allies as well as the right tools to survive. But with the field changing almost daily how do you measure true leadership? 

If you are an information security leader, or looking to be one, or need to interview a potential one then I have created a simple (far from perfect) methodology that you can use to test or rank yourself or a candidate. It is a quick yet effective assessment. Give it a shot.

                                                            Take the Test  

 

Amazon Web Services Security: It Takes A Village

By Ben Rothke  

For those contemplating using Amazon Web Services (AWS), their compliance page is quite assuring.

With a who’s who of compliance standards from SSAE-16, ISO 27001, PCI DSS, to CSA, MPAA, FEDRamp, FIPS 140-2, HIPAA and more; it’s more than enough to give an auditor a warm and fuzzy feeling.

While this article focuses on Amazon, the approach is the same for any cloud service, be it from Microsoft, Rackspace, Terremark and the rest.

                   Read More  

 

Our Latest Podcast: Where Are Today's Security Professionals Coming From?


There is a shortage of security professionals, with approximately 100,000 open positions seeking technically qualified people.

Supporting education in STEM (science, technology, engineering and mathematics), sourcing ex-military and promoting people from the ranks of general information technology are some of the ways the market is working to fill the gap.

securitycurrent's Vic Wheatman speaks with John Pescatore, securitycurrent's Ask Mr. Security Answer Person and the SANS Institute Director of Emerging Security Trends about the pressing nature of the problem. 

                                                                                              Listen Now 

 

Cloud Security

How I learned to love a data exfilitration service

The Silver Lining of an Intense Security Week

Adopting to security issues on the fly

 

Putting Breaches in Perspective 

And the Breach Level Index Finds... 

 

For Whom the Bell Curve Tolls

By David Sheidlower 

People prefer to choose the groups they are in.  Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated themselves with. 

There are also the groups that people don’t choose but through birth, prejudice, unforeseen circumstances and/or unwanted diagnoses, they find themselves in nonetheless.  Those groups are generally more difficult to leave.

There is a different kind of group that can encompass any of these but does not have to.  These groups overlay a different relationship between the group and the individual and the cohort.

                                                                                                                                     Read More 

 

Is the FBI Really Going Dark?

By Mark Rasch

FBI Director Comey recently complained about the problem of people, “going dark,” in a speech before the Brookings Institution.

He explained, “the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem.

We call it 'Going Dark,' and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.

We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”  

Read More  

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter