Floundering Frameworks: NIST as a Case in Point

Thanks to a directive from President Barak Obama, NIST has released its Preliminary Cybersecurity Framework for critical infrastructure. Like most security frameworks it is fatally flawed. The framework is poisoned with Risk Management thinking, a nebulous concept borrowed from the world of finance and actuarial tables that simply does not work for cyber security. The…

Details

Michigan Cyber Security Summit Opens

Michigan’s Cyber Summit 2013 opens on Wednesday as part of the National Cyber Security Awareness Month. Michigan Governor Rick Snyder is hosting the Summit, held last in 2011. It includes speakers on the state and national level with the acting assistant secretary, Department of Homeland Security Office of Cybersecurity and Communications and the chief security…

Details

Defending Against Custom Malware: The Rise of STAP

How do you defend against something that’s never been seen before?  That’s the key question organizations struggle with.  A decade ago, the first victims of any worm or virus outbreak had difficulty defending against a brand-new threat, leaving resources vulnerable until the attack could be detected and signatures created.  Today the ultimate problem is the…

Details

Skeptical of Biometrics? Have a Backup Plan

So whoopie-do, the new iPhone has a fingerprint reader to unlock the phone as a market differentiator,  and to open new authentication applications and developer opportunities – assuming Apple opens up the appropriate APIs.  This is based on the technology  Apple bought last year when it acquired AuthenTec which has encryption technology, fingerprint sensors and…

Details

CIOs Distracted by Compliance Requirements

CIOs are often distracted by their efforts to keep up with specific regulations according to Gartner, Inc. “CIOs must stop being rule followers who allow compliance to dominate business decision making and become risk leaders who proactively address the most severe threats to their enterprises,” John A. Wheeler, research director at Gartner, was quoted in…

Details

Securing the Internet of Things

A European judge recently blocked a security researcher’s paper describing how to bypass a car’s immobilizer theft-protection system. The Next Generation of airline control systems is designed to efficiently improve air travel, but the new system reportedly uses no encryption on its communications links, and is also missing authentication mechanisms meaning false signals could be…

Details

Securing the Cloud – Coming if You’re Ready or Not

No business can avoid “the cloud.” Some embrace cloud based services with enthusiasm as a formal way of delivering all or part of a given organization’s IT requirements, whilst others grudgingly accept them because it is near impossible to stop individual users or lines of business from building them in to business processes. A recent…

Details

They Spy on Us to Protect Us/How Dare They Spy on Us? The Pendulum Swings On

One of the security-related topics that has the least actual impact on enterprise security has been getting the most attention from the security press and the security Twitterverse: the Edward Snowden NSA surveillance disclosures. If you made a list of the top 100 risks to any company (or any individual) NSA intercepting their communications would…

Details

Skyhigh Networks Brings Discovery, Analysis and Security to Cloud Services

At the start of the year, Wisegate, the networking organization for IT and InfoSec professionals, issued a report on the Top IT Security Threats of 2013. The report opens with what these leaders say is the root cause of this year’s most concerning security threats within their organizations: “Broadly speaking, the main threats that our…

Details

Investing in Training for a Competitive Edge

“What if we train our employees and they leave?” Managers often contemplate the answer to that question. They fear employees will leave to advance their career after obtaining valuable skills. Mark Sanborn, author and leadership consultant, answers simply: “What if you don’t, and they stay?” This is not a discussion about security awareness and education.…

Details