Articles by Randy Marchany


July 29, 2016

By Randy Marchany
Virginia Tech CISO

No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in an application-focused paradigm. 


May 4, 2016

By Randy Marchany
Virginia Tech CISO

Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process. 

He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He showed how data from almost every single biological process of a cow (health, reproduction, location, sounds) is monitored by IoT.  


June 11, 2015

By Randy Marchany

In my last article, I talked about using the 20 Critical Controls as a practical security strategy.  I showed how the controls map to a wide variety of international and national standards.  I also mentioned a great www site, www.auditscripts.com, where you can download 3 excellent spreadsheets to help you measure your progress in the controls implementation.


January 20, 2015

By Randy Marchany

Back in the late 1990's, I was fortunate to be part of a team of cyber security experts who were asked to develop a list of the Top 10 Internet Security Threats. "On February 15, 2000, thirty Internet experts met with President Clinton to identify actions needed to defeat the wave of distributed denial of service attacks and to keep the Internet safe for continued growth.


November 7, 2014

By Randy Marchany

When you're on a roll, ride it out. I've been on the "Redux" train for a couple of days. I usually do this when I review our security architecture initiatives at the end of the year. 

Way back in 2000, I said in a USA Today interview that it wouldn't surprise me if there were product liability lawsuits against software vendors because their code had simple well known errors that could cost customers like you and I a lot of money and loss of reputation. 


November 4, 2014

By Randy Marchany

Yep, it's time to use this title again. This time we're talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following:

Christian Rossow has done some great work on DDoS.  The two interesting papers are: "Exit from Hell? Reducing the Impact of Amplification DDoS Attacks," read here and "Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks," read here.


October 2, 2014

By Randy Marchany

Ok, I know the title sounds a little negative. I'm not against cloud services at all. We use cloud services here for a wide variety of business and personal purposes. 

Having said that, there are a couple of issues that bother me about the cloud and while some are philosophical, some are technical as well. One thing that bugs me about the push to the cloud is it's being touted as some "new" technology.  It's not. 


July 24, 2014

By Randy Marchany

Ok, maybe it's not a marriage but more along the lines of living together. 

In a previous article, I spoke about moving to a Continuous Monitoring security model, which focuses on monitoring outbound traffic.


June 26, 2014

By Randy Marchany

One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach.

A data breach starts a chain of events that could eventually result in loss of company reputation, financial expenditures for credit monitoring of affected individuals, and possible regulatory and legal fines.

 

May 8, 2014

By Randy Marchany

You almost have to be on some deserted island with no Internet access to have not heard about the OpenSSL Heartbleed vulnerability. This vulnerability is very serious and pervasive because of a few simple reasons: 


Page 1 of 2 : First   1 2 Last

The Human Factor: Gain new insight into the ways attackers exploit end-users' psychology​​

About Security Current | Privacy Policy | Subscribe to our newsletter