Events:

CISO David Cass Talks Cloud Adoption and Security 

David Cass Speaks with Mike Schurict of Bitglass

Enterprises are increasingly adopting cloud strategies. Despite this, adoption has been impacted in some cases due to cybersecurity concerns.

In this podcast, David Cass, the Global Partner, Cloud Security and FSS CISO at IBM reviews the state of cloud adoption and security with Mike Schuricht, Senior Director of Product Management at Bitglass.

The experts discuss how cloud is taking off and that despite security being a key concern, with the right protections and solutions in place, cloud can be highly secure. 

In this Bitglass sponsored podcast, the two touch on critical control areas and what CISOs should take into account when adopting and maintaining a cloud strategy.

Listen Now!

Webinar: Healthcare Security in a Cloud First World

With Joey Johnson, CISO Premise Health

On Demand

Healthcare security requirements become even more complicated with the move to the cloud. Competing internal priorities, along with numerous cloud apps to control, increase strain on already under-resourced teams. Visibility and control over data can seem almost impossible when it is being stored in locations you do not own or manage.

In this Bitglass-sponsored webinar led by Premise Health CISO Joey Johnson you will learn about how to avoid console overload by consolidating controls with a cloud access security broker platform.

Key topics include:

  • Overcoming security dashboard overload when trying to manage authentication, access controls, devices, threats, compliance, malware, DLP, etc
  • Healthcare security options to control data in the cloud
  • CASB platform and solution overview

                                                          Register Now 

 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Is Your Next Security Failure One Fat Finger Away

By Joel Rosenblatt

Columbia University Director of Computer and Network Security

Last month will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working.

Amazon provided a very complete write up of what happened, which basically boiled down to someone made a mistake, which caused a cascading failure that required several systems to be restarted in order to get the S3 system back up and running.  Amazon is making some changes (read sanity checks) in their systems to prevent this type of problem in the future. 

Within 24 hours, I started receiving advertising emails from companies asking if we suffered from the Amazon outage and would we like to look at them to prevent this from ever happening again. In Yiddish, we would call this chutzpa (audacity). 

                                                                Read More 


 

 


Blockchain Adoption and the Cybersecurity Practitioners Dilemma

By Devon Bryan

"We drive into the future looking into our rear view mirrors" Marshall McLuhan

Notably absent from the dearth of ongoing blockchain conversations, is the cyber defenders perspective. Perhaps the reasoning could simply be that thought-leaders feeding the blockchain hype cycle are opposed to having security types pouring cold water on their "1000 blockchain flowers blooming" conversations.

Or, perhaps the "paid paranoids" across the security community are still wrestling with the decision of which existing security risk management framework applies to this peer-to-peer distributed ledger technology, if any at all.

The very definition and basic characteristics of blockchains challenge many leading security models and in particular leading security risk management frameworks (NIST Risk Management Framework, International Organization for Standardization (ISO)) built on the underlying premise that information systems supporting core business functions and organization missions need to be confined to a virtual "boundary" and with a singularly identified "system owner" to achieve "certification"/"authorization." 

With the widely accepted definition that blockchain is a distributed database with an open ledger implying that data isn't stored on a single computer but rather on many different computers, known as nodes in a peer-to-peer network, renders the legacy consideration of a 'boundary' for an organization's blockchain quite challenging.

It gets even more complicated when we dive deeper into other key characteristics of blockchain summarized as follows:

  • Distributed data ledger used, updated and verified by participants in the blockchain versus centralized database (more on public versus private blockchains shortly)
  • Identity verification and authentication executed by the participants 
  • Logic and rules embedded in the transaction versus in a separate application layer
  • Traceability of changes from the beginning 
  • Documents maintained separate from the ledgers 

                                                                                            Read more

 

10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower

 

The Benefits of Tokenization: A Podcast with Jason Witty, US Bancorp EVP and CISO

Jason Witty, US Bancorp EVP and CISO 

Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.  

He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.

Listen Now!

How to Unlock Cybersecurity Talent

By Daniel Conroy
Synchrony Financial Chief Information Security Officer

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.

There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.

Read more!

 

 

About Security Current | Privacy Policy | Subscribe to our newsletter