Number 2 on my top 10 list for security executives: Reform

There are a number of reforms that can be used to act as a carrot instead of a stick. Reform need not be regulatory mandates that are operationalized as reports used for placating auditors. Examples of ways the federal government can...

09/29/14

Number 1 on my top 10 list for security executives: History’s lessons

Number 1 on my top 10 list for security executives: History’s lessons

History has given us a wealth of stories from which analogies related to information security can be drawn. Some of these stories significantly predate the digital age but are relevant because they can impress upon us the significance...

09/15/14

Top 10 threats, trends and business priorities for security executives

Top 10 threats, trends and business priorities for security executives

Some of the most critical issues concerning security executives as they relate to internal and external threats, trends in IT such as BYOD and cloud, and the alignment of security strategies with business priorities

09/02/14

Phishing, football and frauds: 15 ways to safeguard yourself during the World Cup

Phishing, football and frauds: 15 ways to safeguard yourself during the World Cup

The 2014 FIFA World Cup in Brazil promises amazing football, frantic fans around the globe, and a playground for fraudsters

06/10/14

Let's say goodbye to passwords

Over the last few years I’ve been conducting unofficial surveys of security analysts and security executives I meet in the field. My goal is always to determine what security solutions have been most detrimental to actually achieving...

06/05/14

Big data security context

Big data security context

Cyber attacks have greater range than a jet fighter or ICBM, regardless of whether they're perpetrated by nation-states, cyber criminals or activists. To address this issue, organizations are trying to optimize their use of big data...

04/15/14

Security analysts evolving from security administrators

Security analysts evolving from security administrators

There seems to be a global evolution in security talent worldwide - partly from want and partly from need. The technology, talent and techniques once necessary to support a sound security posture are changing as threats and business...

03/24/14

A cyber army in formation at South Korea’s hacker school

A cyber army in formation at South Korea’s hacker school

Many countries around the world are making large investments in cyber warfare from both an offensive and a defensive perspective. This is particularly true in emerging markets where finding parity in kinetic strength –- tanks,...

03/05/14

Big security data: What to keep, for how long?

Over the last 10 years investments made by Brazilian banks in cyber security have grown substantially. As has the data. Now, at least two camps are emerging in the debate about what data should be kept for various time intervals.

02/25/14

Security analytics needed in Singapore

Security analytics needed in Singapore

I recently concluded a week in Singapore this January. I’ve been to Singapore many times over the last few years, but this most recent visit was focused squarely on the need for security analytics (SA). More specifically, how critical...

01/28/14

‘More’ meaningful metadata – for network security

‘More’ meaningful metadata – for network security

A couple weeks ago I wrote my first blog about metadata. In that blog I highlighted five of the core requirements of a successful metadata program from privacy concerns to data retrieval. This blog will go deeper into metadata for...

11/12/13

Making metadata meaningful for network security

Making metadata meaningful for network security

Metadata is most simply data about data. From a network security perspective it has multiple uses ranging from real-time incident detection to post-prevention forensic analysis. Before you start exploring the many uses of metadata...

10/30/13

Malaysian security goes mainstream

Malaysian security goes mainstream

What I observed during my time in Malaysia was that because of the rapid economic growth across multiple business verticals within the country there is an “eyes wide open” approach to information security.

10/08/13

5 'more' reasons SCADA security is fragile

5 'more' reasons SCADA security is fragile

Industrial control systems (ICS), like any complex system, are vulnerable to accidents and attacks. These systems that help maintain our way of life are fragile and in many cases are unable to mitigate cyber attacks.

09/23/13

5 reasons SCADA security is fragile

5 reasons SCADA security is fragile

Most of us interact with industrial control systems every day without even knowing it. They support our way of life, and yet they are fragile.

09/16/13

Dude, where’s my security ROI?

Dude, where’s my security ROI?

Much of what's done in IT is measured. How much money will be saved if we provide this service online; or how many more customers will we attract if we offer a smartphone application? Security isn’t always that quantitative. In fact...

09/03/13

6 technical measures to mitigate insider threats

6 technical measures to mitigate insider threats

But we needn’t throw up our hands and surrender. There are technical measures that can be embraced to help mitigate the risks brought upon by malicious insiders. These technical measures work in tandem with non-technical measures...

08/19/13

Maturing information security in Mexico

Maturing information security in Mexico

I’ve visited Mexico many times over the years. Besides great Puerco Pibil and greater Tequila, I’ve found alarming norms. Public and private sector organizations were substantially behind in information security. They were even behind...

08/12/13

4 non-technical measures for mitigating insidious insiders

4 non-technical measures for mitigating insidious insiders

Can threats from insiders be proactively mitigated with non-technical measures?  The short answer is "yes and no." An incident associated with a careless or malicious insider can be mitigated, sometimes, but it is highly dependent on...

07/23/13

Information sharing: Motherhood and apple pie or risky business

Information sharing: Motherhood and apple pie or risky business

Just as the bad guys can use the distributed power of millions of compromised computers within their botnets, the good guys can use collective intelligence to prevent, detect and respond to those attacks.

07/16/13

Load More