Top News:

What If It Wasn't North Korea?

By Mark Rasch

We all know the headlines. 

The Democratic People’s Republic of Korea, under the personal direction of Supreme Leader (Dear Leader) Kim Jung-Un, launched a sophisticated and devastating attack on Sony Pictures Entertainment (SPE), designed to prevent the release of its motion picture “The Interview” which depicted the assassination of the North Korean leader. 

This attack was the first act of cyberwar by a nation-state, and demands immediate and devastating response by the United States – potentially up to and including a military response.

Unless it doesn’t.

                                                                   Read More  


By David Sheidlower

(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments.  We are also consumers of them.  They come from many sources.  The main four are:

  1. Responses from third parties whose goods and services we are evaluating as part of our due diligence
  2. Assessments provided by entities that are targets of mergers, acquisitions, partnerships and affiliations  (more due diligence)
  3. Those unfortunate statements made by those individuals in the unenviable position of having to make statements about breaches and hacks that have impacted their organizations
  4. People trying to sell us stuff

                                                                   Read More  


Ask Mr. Security Answer Person with John Pescatore

This week David Rosenberg of New York City asks:  

Q: “How concerned should we be about Regin malware?

Well, Mr. Rosenberg, I'll give you a few thoughts specifically on Regin in a bit. Let me first give you some pushback.

Each week I’m sure your local newspaper has a list of robberies in your area, as well as articles containing the names of burglars and bank robbers that were arrested or convicted in your area.

Each week do you wonder if you should be concerned about your house being broken into? I hope you wouldn’t look for different strategies for burglar A one week, Peeping Tom B the next and car thief C after that etc.

                                                                   Read More  


By Farhaad Nero

It is more important than ever to safeguard your business. 

The battlefield is no longer contained and the battle is daily. One fact remains constant: there are those inside and outside of your organization who are looking for ways to pilfer and use your data.

A true information security leader knows who and what they need to protect and have the subsequent strategy, mindset, vision and allies as well as the right tools to survive. But with the field changing almost daily how do you measure true leadership? 

If you are an information security leader, or looking to be one, or need to interview a potential one then I have created a simple (far from perfect) methodology that you can use to test or rank yourself or a candidate. It is a quick yet effective assessment. Give it a shot.

                                                            Take the Test  



Our Latest Podcast: Where Are Today's Security Professionals Coming From?

There is a shortage of security professionals, with approximately 100,000 open positions seeking technically qualified people.

Supporting education in STEM (science, technology, engineering and mathematics), sourcing ex-military and promoting people from the ranks of general information technology are some of the ways the market is working to fill the gap.

securitycurrent's Vic Wheatman speaks with John Pescatore, securitycurrent's Ask Mr. Security Answer Person and the SANS Institute Director of Emerging Security Trends about the pressing nature of the problem. 

                                                                                              Listen Now 


Cloud Security

How I learned to love a data exfilitration service

The Silver Lining of an Intense Security Week

Adopting to security issues on the fly


Putting Breaches in Perspective 

And the Breach Level Index Finds... 


For Whom the Bell Curve Tolls

By David Sheidlower 

People prefer to choose the groups they are in.  Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated themselves with. 

There are also the groups that people don’t choose but through birth, prejudice, unforeseen circumstances and/or unwanted diagnoses, they find themselves in nonetheless.  Those groups are generally more difficult to leave.

There is a different kind of group that can encompass any of these but does not have to.  These groups overlay a different relationship between the group and the individual and the cohort.

                                                                                                                                     Read More 


Is the FBI Really Going Dark?

By Mark Rasch

FBI Director Comey recently complained about the problem of people, “going dark,” in a speech before the Brookings Institution.

He explained, “the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem.

We call it 'Going Dark,' and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.

We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”  

Read More  


About securitycurrent | Privacy Policy | Subscribe to our newsletter