When NSA security researchers learned that the methods used by Microsoft Windows 10 machines to examine digitally signed code (like that used to install patches) had a vulnerability which would have allowed the Agency to slip in malware, they had to debate the best method of protecting the nation. On the one hand, they could…
Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. At some point many of these professionals achieve leadership roles. A cybersecurity leader must be able to rely on that technical acumen to enable the business goals…
CISOs Praise Deception Technology Vendor for Importance to the Business and Ease of Use Security Current, the premier CISO knowledge-sharing community, today announced that CISOs from across industries selected TrapX as the winner of the Security Shark Tank® New York City 2019. In the Security Shark Tank, providers come face-to-face with CISOs seeking innovative solutions…
CISOs Laud Fortanix for Innovation, Vision and Importance to the Business Chicago, Illinois – Security Current, the premier CISO knowledge-sharing community, today announced that CISOs from across industries selected Fortanix® Inc. as the winner of the Security Shark Tank® Chicago 2019. In the Security Shark Tank, providers come face-to-face with CISOs seeking innovative solutions for their…
The Federal Government is increasing its oversight of federal contractors who gather and store information on its behalf. This is part of a trend in which data collection and storage regulations are constantly being tightened as cyber security becomes an ever-more important factor. The U.S. Federal Government collects an ever-increasing amount of data and as…
I was recently asked why there has been a spike in incident alerts during the current month. As I gave my answer, I noticed that I was focusing on the reasons behind “why” the numbers had risen and it became apparent to me that when I explain risks, I tend to focus on the motive…
On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…
Your domain is your domain. Your website is your website. You decide who can access your site, who can access your data, and how they can do that. You make those decisions through both technology (e.g., code, access control, userIDs, passwords, multifactor authentication) and contracts (terms of use, terms of service, privacy policies, software license…
Amazon’s Ring video doorbell allows you to see who is at (or near) your doorstep. Under a semi-secret program called “Neighbors” it also allows the police to see the same thing. The program incentivizes police to “sell” the Ring device to consumers (even giving the police free surveillance devices themselves) and creates a network whereby…
Many companies grapple with integrating cybersecurity awareness into the organizational culture. After many years as a CISO and cybersecurity consultant, I believe the answer to this perennial problem is to encourage the organization to “own” security. The first step towards this goal is to establish a cybersecurity council composed of representatives from various business units. Some organizations already have…
