President Obama wants private sector companies to share information about cybersecurity threats with each other – and the government. That sounds like a novel idea – and some industries already are doing this among themselves. However, the federal government doesn’t share their experiences with us (“National Security!”), but presumably they do share with each other. The…
DetailsWhen I started my career in the US Navy, almost three decades ago, I originally went into the field of advanced electronics. It was close to what I wanted to do, which was work on computers. However, in the mid-1990’s, I read a book that changed my life. The book, “Information Warfare,” was written by…
DetailsI watched the latest show in the “CSI” franchise last night – CSI: Cyber (on CBS) and my thoughts were “There goes the neighborhood.” I must say that I’m not a big fan of the CSI series – way too much cutting, spinning, flashing and choppy dialogue. I felt that I needed to watch this…
DetailsA company I know was audited some years ago. One of the findings was that there were no Unix server logs. Over the next year server logging was enabled. The following audit noted that nobody was reviewing the logs. So the company invested in a SIEM solution and reviewed the alerts. (Of course, no one…
DetailsAs a CISO, you will find your job requires you to have experience in many areas. As the leading cyber security executive for your organization you will be expected to manage your organizations cyber security suite and lead your team in protecting its assets. In this position you will also work with your organizations departments…
DetailsIt’s 2 in the morning. You are stopped at a well-lit, completely empty intersection looking up at a red light. If you’re like me, you will wait till that light turns green before taking your foot off the brake, but there is a nagging little part of you that bristles at the thought that the…
DetailsI read an article recently about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to a significant and highly publicized breach. The CISO’s argument was that, by implementing strong passwords, users would end up just writing them down, thereby, weakening…
DetailsAccording to Wikipedia, “The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and cover a variety of protocols, domains, and applications.[1] The interconnection of these embedded devices (including smart objects) is expected to usher…
DetailsThe list of security products and technologies resulting from searches by even the least sophisticated Internet Search Engines across any of the major security product categories can be quite overwhelming. These categories include ‘firewalls,’ ‘IDS/IPS’, ‘SIEM’ and don’t even mention “Threat Intelligence” since, thanks to the associated market hype-cycle, even vulnerability scanners are now being…
DetailsMy biggest security problems all start with authentication. If you look at the major hacks that have taken place in the last year, you can trace most of them back to phishing (or stupid). If I could wave a magic wand and create a system that could verify the identity of the person at the…
DetailsI have always found that information security professionals tend to fall into three categories: SWAT Teams, Power Rangers or Nerds with an edge (see a blog post of that name I wrote earlier by clicking here). We all play all three roles, of course, when the need arises. But we all have our tendencies. When…
DetailsBCP. Three little letters that, unfortunately, strike mind-numbing boredom into most CIOS’s. The truth is, Business Continuity Planning isn’t synonymous with the excitement that is typically found in the Information Security world. There aren’t nation states trying to subvert your controls, or insiders trying to get away with industrial espionage, or some faceless hactivist group…
Details