<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Steve Hunt, Author at Security Current</title>
	<atom:link href="/author/steve-hunt/feed/" rel="self" type="application/rss+xml" />
	<link>/author/steve-hunt/</link>
	<description>Security Current improves the way security, privacy and risk executives around the world collaborate to protect their organizations and their information. Its CISO-driven proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.</description>
	<lastBuildDate>Wed, 03 Jan 2018 02:08:55 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>/wp-content/uploads/2020/09/cropped-Security-Current-Round-Logo-32x32.png</url>
	<title>Steve Hunt, Author at Security Current</title>
	<link>/author/steve-hunt/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Alternative Medicine for Security</title>
		<link>/alternative-medicine-for-security/</link>
					<comments>/alternative-medicine-for-security/#respond</comments>
		
		<dc:creator><![CDATA[Steve Hunt]]></dc:creator>
		<pubDate>Wed, 25 Nov 2015 15:28:48 +0000</pubDate>
				<category><![CDATA[Archived Articles]]></category>
		<guid isPermaLink="false">http://184.154.4.181/?p=17193</guid>

					<description><![CDATA[<p>Let&#8217;s make a correlation between medicine and security. Many people rely on Western medicine for health and wellness. We purchase pharmaceuticals from the major producers, and go to doctors when&#8230;</p>
<p>The post <a href="/alternative-medicine-for-security/">Alternative Medicine for Security</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Falternative-medicine-for-security%2F&amp;linkname=Alternative%20Medicine%20for%20Security" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Falternative-medicine-for-security%2F&amp;linkname=Alternative%20Medicine%20for%20Security" title="LinkedIn" rel="nofollow noopener" target="_blank"></a></p><p>Let&#8217;s make a correlation between medicine and security. Many people rely on Western medicine for health and wellness. We purchase pharmaceuticals from the major producers, and go to doctors when we want more medicine. Many of us, though, seek out alternatives to Western drugs.</p>
<p>At El Ateneo bookstore in Buenos Aires this week I found hundreds of books on traditional and non-traditional healing and wellness. These books reminded me that there are time-honored techniques for curing ills that reach far beyond western medicine&#8211;with centuries of practice. Ayurvedic healing, yoga, nutrition, and countless other methods are being used in our own families&#8211;and by many of you, dear readers.</p>
<p>So why not look beyond traditional Western &#8220;medicine&#8221; for security solutions. That was the message I heard, more or less, when I spoke again to the clever startup, Secret Double Octopus. Forget about keys for authentication. Forget about encryption for securing communications.</p>
<p>There are time-honored alternatives that actually are more scalable, especially in light of the mobile banking and Internet of Things transactions, for which traditional keys and public key infrastructure are poorly equipped.</p>
<p>Companies have been hacked again and again, yet critical business communications are still being secured the same way as they’ve been for years. And now with new Mobile Apps, the Cloud, and the Internet of Things businesses are even more at risk.</p>
<p>The alternative is secret sharing, and in theory it is much more reliable (and less breakable) than the traditional medicine of keys and encryption. I&#8217;m enticed by the idea of living more simply, and of communing with the world around me in a more natural way, less encumbered by technology. I even closed my Facebook account! So I love the idea of simplifying a security infrastructure so that it has few moving parts.</p>
<p>Speaking of simplifying, and to draw a different analogy, when I stopped into a Tesla showroom to ogle at the beautiful cars there (I plan to buy one soon), the representative made it a point to explain that there are vastly fewer moving pieces in a Tesla automobile than in a traditional combustion-fuel vehicle. &#8220;Fewer pieces to break, and fewer things to go wrong.&#8221;</p>
<p>I feel I get the same results from my &#8220;holistic living&#8221; choices, like eating right, practicing yoga, and so forth. I spend less money on medicine and have a more resilient, less vulnerable body.</p>
<p>Translate that to security and it is very attractive&#8211;reducing the attack surface and simultaneously reducing the complexity of the security infrastructure. Better security at lower cost. Now that&#8217;s a choice for healthy living!</p>
<p>The post <a href="/alternative-medicine-for-security/">Alternative Medicine for Security</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>/alternative-medicine-for-security/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Security Versus Compliance: What’s the Difference?</title>
		<link>/security-versus-compliance-whats-the-difference/</link>
					<comments>/security-versus-compliance-whats-the-difference/#respond</comments>
		
		<dc:creator><![CDATA[Steve Hunt]]></dc:creator>
		<pubDate>Tue, 23 Sep 2014 23:39:41 +0000</pubDate>
				<category><![CDATA[Archived Articles]]></category>
		<guid isPermaLink="false">http://184.154.4.181/?p=16960</guid>

					<description><![CDATA[<p>Security is the pursuit of perfect protection through ongoing tightening of defenses and preemptive activities to cover vulnerabilities.  Risk management, on the other hand, is a discipline that enables organizations&#8230;</p>
<p>The post <a href="/security-versus-compliance-whats-the-difference/">Security Versus Compliance: What’s the Difference?</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fsecurity-versus-compliance-whats-the-difference%2F&amp;linkname=Security%20Versus%20Compliance%3A%20What%E2%80%99s%20the%20Difference%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fsecurity-versus-compliance-whats-the-difference%2F&amp;linkname=Security%20Versus%20Compliance%3A%20What%E2%80%99s%20the%20Difference%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a></p><p>Security is the pursuit of perfect protection through ongoing tightening of defenses and preemptive activities to cover vulnerabilities.  Risk management, on the other hand, is a discipline that enables organizations to operate and measurably improve their security and compliance environments according to legal standards.</p>
<p>Most companies are not accustomed to thinking of information as a regulated asset.  Ingredients and food products, energy, toxic chemicals, infrastructure, and money are among the many assets that have been regulated for decades, or even centuries.  Yet, executives and entrepreneurs are obligated to see information as a regulated asset.</p>
<p>They have to adjust to the idea that there will be procedures similar to governing other regulated assets – having an internal auditor, quality process engineers, peer review, attorneys, independent reviews, etc. – with regard to information.  There must be controls and certification in a way that makes sense for their own specific businesses.</p>
<p>According to current legal standards, the best means of being in compliance is to have a clearly defined level of reasonable risk, and clear procedures that the company implements on a consistent basis.</p>
<p>In the unlikely event of a breach, this level of risk management should enable the business to demonstrate empirically that it was not negligent.  There must be a quantifiable way to state a company’s acceptable level of risk in terms of impact and likelihood.  Impact is defined according to the company’s mission, objectives, and obligations.  The standard must be applied consistently across all of the company’s information assets that could pose a conceivable risk.</p>
<p>If a company can clearly articulate and calculate its level of acceptable or reasonable risk, and thereby operate in a manner that demonstrates compliance, it may be protected enough to forgo more complicated and expensive security measures, thus freeing up resources that can be invested in the creation of value for the business.</p>
<p>Thus risk management is necessary not only to fulfill regulatory requirements and contractual obligations, but the very essence of the company’s business goals.  Having a clear risk assessment and risk management process ultimately will make running a business easier.</p>
<p>The post <a href="/security-versus-compliance-whats-the-difference/">Security Versus Compliance: What’s the Difference?</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>/security-versus-compliance-whats-the-difference/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Why I&#8217;m Against Net Neutrality</title>
		<link>/why-im-against-net-neutrality/</link>
					<comments>/why-im-against-net-neutrality/#respond</comments>
		
		<dc:creator><![CDATA[Steve Hunt]]></dc:creator>
		<pubDate>Fri, 13 Jun 2014 14:27:38 +0000</pubDate>
				<category><![CDATA[Archived Articles]]></category>
		<guid isPermaLink="false">http://184.154.4.181/?p=16998</guid>

					<description><![CDATA[<p>Net neutrality is an idea referring to a complete lack of discrimination in the traffic on the Internet. In other words, net neutrality would mean that all packets of data&#8230;</p>
<p>The post <a href="/why-im-against-net-neutrality/">Why I&#8217;m Against Net Neutrality</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fwhy-im-against-net-neutrality%2F&amp;linkname=Why%20I%E2%80%99m%20Against%20Net%20Neutrality" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fwhy-im-against-net-neutrality%2F&amp;linkname=Why%20I%E2%80%99m%20Against%20Net%20Neutrality" title="LinkedIn" rel="nofollow noopener" target="_blank"></a></p><p>Net neutrality is an idea referring to a complete lack of discrimination in the traffic on the Internet. In other words, net neutrality would mean that all packets of data are treated the same, with the same priority.</p>
<p>When I watch Netflix, and my show stops while Netflix is buffering, I know some Internet Service Provider is throttling down and restricting Netflix. In those moments I cry for net neutrality.</p>
<p>However, net neutrality doesn&#8217;t seem efficient. The Internet is full of noise and not everything needs to move at the same speed and priority. Spam, for one.</p>
<p>I have two cars. My old car is a beater. I did not pay much money for that car and it costs me very little to operate. It rattles and has a top speed of about 55 miles per hour. Therefore, I usually drive it on the roads where the slow cars and trucks go &#8211; the road with lots of stops. When I drive that car, I&#8217;m not in a hurry.</p>
<p>My other car is a racer. An Audi TT with a big engine and a desire to fly down the road. It cost a lot to purchase and maintenance costs are fairly high, too.  But when I want to get somewhere fast, I just in the TT and zoom.</p>
<p>Why should the Internet have the same choices? Fast roads for fast trips. Slower roads for slower trips. We get to our destination either way.</p>
<p>Throttling traffic for Quality of Service also feels right to me.</p>
<p>Therefore, I support Internet Service Providers handling traffic differently. However, I think there should be two prices. One for slower, QoS-enabled, freight; and a higher price for traffic that flys unencumbered.  For the record, I&#8217;m willing to pay an extra buck or to for Netflix to stay in the fast lane.</p>
<p><em>Steve Hunt, CPP CISSP, is a strategist focusing on cybersecurity, safe cities, safe business, and critical infrastructure protection. He entered the ISSA Hall of Fame. Steve’s career covers the breadth of the industry: cybersecurity, physical &amp; homeland security. He also ran the risk management think tank at Forrester Research.  As a recognized expert on best practices, security trends, and technologies, Steve helps executives at the world’s largest organizations create value in light of physical and cyber threats. Security Magazine named him one of the 25 most influential people in physical security. CSO Magazine gave him the “Industry Visionary” Compass Award.  </em></p>
<p>The post <a href="/why-im-against-net-neutrality/">Why I&#8217;m Against Net Neutrality</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>/why-im-against-net-neutrality/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>The Snowden Conversation We Are All Having in One Way or Another&#8230;</title>
		<link>/the-snowden-conversation-we-are-all-having-in-one-way-or-another/</link>
					<comments>/the-snowden-conversation-we-are-all-having-in-one-way-or-another/#respond</comments>
		
		<dc:creator><![CDATA[Steve Hunt]]></dc:creator>
		<pubDate>Fri, 30 May 2014 14:40:28 +0000</pubDate>
				<category><![CDATA[Archived Articles]]></category>
		<guid isPermaLink="false">http://184.154.4.181/?p=17002</guid>

					<description><![CDATA[<p>Edward Snowden did an important thing: He made an important conversation on security and ethics popular and international. On one hand, he told us something we always knew: Spies spy. That&#8230;</p>
<p>The post <a href="/the-snowden-conversation-we-are-all-having-in-one-way-or-another/">The Snowden Conversation We Are All Having in One Way or Another&#8230;</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fthe-snowden-conversation-we-are-all-having-in-one-way-or-another%2F&amp;linkname=The%20Snowden%20Conversation%20We%20Are%20All%20Having%20in%20One%20Way%20or%20Another%E2%80%A6" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecuritycurrent.com%2Fthe-snowden-conversation-we-are-all-having-in-one-way-or-another%2F&amp;linkname=The%20Snowden%20Conversation%20We%20Are%20All%20Having%20in%20One%20Way%20or%20Another%E2%80%A6" title="LinkedIn" rel="nofollow noopener" target="_blank"></a></p><p>Edward Snowden did an important thing: He made an important conversation on security and ethics popular and international.</p>
<p>On one hand, he told us something we always knew: Spies spy. That is they stealthily gathering secrets. This is usually associated with times of war or matters of national security. I&#8217;d venture to say spying may be the third oldest profession.</p>
<p>Spying on specific national interests is assumed, expected, and probably universal, which is why the feigned indignation of global leaders is somewhat laughable.</p>
<p>However, spying on a populous is extreme. Spying is deemed by many as normal when its targets are decision makers, influencers and information handlers. Regular citizens, though, don&#8217;t qualify for surveillance unless they are associated in some way with a security threat. I would contend:</p>
<ul>
<li>Surveillance of a high crime street corner is appropriate</li>
<li>Surveillance of a shoplifting-prone market is appropriate</li>
<li>Surveillance of military leaders engaged in assault on national interests is expected</li>
<li>Combining private communications, collecting information that may someday be factored as a risk &#8211; destroys the fabric of trust between a people and its government.</li>
</ul>
<p>Therefore, surveillance in itself, in my view, is morally neutral, neither good nor bad. Sometimes it&#8217;s downright necessary for security or loss prevention. It&#8217;s a simple formula: Analyze Meta data, identify risks, manage risks.</p>
<p>This surveillance and spying conversation, however, sends shivers down the backs of security managers and executives.</p>
<p>Recent informal research I conducted found that security executives are the &#8216;Least Aware&#8217; of physical threats to information. Every security executive I&#8217;ve interviewed had an understanding of physical threats to information (unauthorized visitors, dumpster diving, etc.) but almost none had studied or measured the risks associated with physical threats to information, nor did they have in place thorough procedures to protect against it.</p>
<p>&#8230;and Least Prepared for Social engineering and physical penetration.  The security enterprise executives I spoke with confessed that their confidential company information was as risk of social engineering attacks (phony phone conversations, pre-texting, impersonation, spear-phishing, etc.).  Physical penetrations were even more frightening to some executives who were certain that their confidential company information could be collected and conveyed out of the building (in the form of printed documents, photos, memory sticks, etc.) by:</p>
<ul>
<li>an unauthorized visitor tailgating into the building</li>
<li>an attacker bypassing security controls at doors and fences</li>
<li>rogue employees or contractors (a la Snowden)</li>
<li>an internal attacker of any type</li>
</ul>
<p>We are all in this discussion now, public and private organizations, data and physical infrastructures. Now tell me your opinion. Do you think the &#8220;Snowden affair&#8221; is relevant to your organization?  Is it a physical security issue? A cybersecurity issue? Both? Something different?</p>
<p><em>Steve Hunt, CPP CISSP, is a strategist focusing on cybersecurity, safe cities, safe business, and critical infrastructure protection. He entered the ISSA Hall of Fame. Steve’s career covers the breadth of the industry: cybersecurity, physical &amp; homeland security. He also ran the risk management think tank at Forrester Research.  As a recognized expert on best practices, security trends, and technologies, Steve helps executives at the world’s largest organizations create value in light of physical and cyber threats. Security Magazine named him one of the 25 most influential people in physical security. CSO Magazine gave him the “Industry Visionary” Compass Award.  </em></p>
<p>The post <a href="/the-snowden-conversation-we-are-all-having-in-one-way-or-another/">The Snowden Conversation We Are All Having in One Way or Another&#8230;</a> appeared first on <a href="https://securitycurrent.com">Security Current</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>/the-snowden-conversation-we-are-all-having-in-one-way-or-another/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
