By Farhaad Nero
It is more important than ever to safeguard your business.
The battlefield is no longer contained and the battle is daily. One fact remains constant: there are those inside and outside of your organization who are looking for ways to pilfer and use your data.
A true information security leader knows who and what they need to protect and have the subsequent strategy, mindset, vision and allies as well as the right tools to survive. But with the field changing almost daily how do you measure true leadership?
If you are an information security leader, or looking to be one, or need to interview a potential one then I have created a simple (far from perfect) methodology that you can use to test or rank yourself or a candidate. It is a quick yet effective assessment. Give it a shot.
By Ben Rothke
For those contemplating using Amazon Web Services (AWS), their compliance page is quite assuring.
With a who’s who of compliance standards from SSAE-16, ISO 27001, PCI DSS, to CSA, MPAA, FEDRamp, FIPS 140-2, HIPAA and more; it’s more than enough to give an auditor a warm and fuzzy feeling.
While this article focuses on Amazon, the approach is the same for any cloud service, be it from Microsoft, Rackspace, Terremark and the rest.
This week Brad Davis of California asks:
Q: “Can I trust my networking gear?”
Well, Mr. Davis – I don’t know about you, but I was not a fan of the Harry Potter books or movies.
All those wizards with all those powers and not one of them had cured the common cold or developed a telephone system so when you reached the wrong extension at a company the person didn’t have to say “I’ll try to transfer you, but if I lose you, here is the correct extension…” – let alone solved any cybersecurity problems.
They seemed too busy playing polo on flying brooms and sending messages via owls, if you ask me.
Got a Question? Write to me at: firstname.lastname@example.org
By Joel Rosenblatt
At some point, I must have drunk the Cloud Kool-Aid. I find that despite my best efforts, I no longer develop the sinking feeling in the pit of my stomach when someone mentions “Moving to the Cloud.”
This doesn’t mean that I get all warm and fuzzy inside, but I am now able to listen to the conversation without the very loud voice inside my head saying “NOOOO, NOT THE CLOUD.”
I guess that it is a sign of the maturing of the process (or insanity on my part) that has allowed me to move from “it can’t work” to “how can we make it work.”
The holiday season is filled with opportunities for the Bad Guys to take advantage of people who are filled with the holiday spirit, out and about having a good time and letting their guard down.
As Columbia University's head of computer and network security, I sometimes get asked to pass along tips to increase the awareness of how easy it is to be taken advantage of. Here are some of my “Seasons Greetings:”
How I learned to love a data exfilitration service
And the Breach Level Index Finds...
By Bob Tarzey
There has been plenty of talk about the threat of cyber-attacks on critical national infrastructure (CNI). So what’s the risk, what’s involved in protecting CNI and why, to date, do attacks seem to have been limited?
CNI is the utility infrastructure that we all rely on day-to-day; national networks such as electricity grids, water supply systems and rail tracks. Others have an international aspect too, for example gas pipelines are often fed by cross-border suppliers.
In the past such infrastructure has been often been owned by governments, but much has now been privatized.
Some CNI has never been in government hands, mobile phone and broadband networks have largely emerged after the Telco monopolies were scrapped in the 1980s. Read More
By Mark Rasch
FBI Director Comey recently complained about the problem of people, “going dark,” in a speech before the Brookings Institution.
He explained, “the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem.
We call it 'Going Dark,' and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.
We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”