Encryption is fundamental to business today. But encryption also allows evildoers to plan nefarious criminal or terrorist acts. Law enforcement, intelligence agencies and political interests have proposed "back doors" to enable them to do their jobs. Shades of the cryptographic device, The Clipper Chip and the Skipjack algorithm! Look it up!
CISOs need to work with stakeholders to find the right balance between their responsibilities in protecting sensitive data and cooperation with law enforcement and Homeland Security. These and other issues are discussed in this conversation between Security Current's Vic Wheatman and Greg Schaffer, FirstBank VP and Information Security Officer.
In the push to launch mission critical applications, insecure software often makes it into production. Sometimes hackers find the gaps and exploit vulnerabilities. Now new approaches are leading to continuous vulnerability testing - by ‘hackers.’
Based on crowdsourcing and by offering bug bounties, Secure Systems Development Life Cycle (SDLC) principles are being enhanced and developers' mindsets are being changed.
Code quality improvements resulted and efficiency improved. In this conversation, SANS Institute Director of Emerging Security Trends John Pescatore tells Security Current's Vic Wheatman what some CISOs and application developers have found by moving in this direction.
Each year is a new opportunity to use what we've learned in the past in order to address the future and anticipate what the bad actors may do next to breach our information security.
Here, the head of information security at Delta Dental of New Jersey addresses what we can expect as we enter 2016, discusses the role of cyber insurance, warns about how old source code can be exploited and highlights how Identity and Access Management and Managed Security Service Providers can help plan the future state of our information security.
Listen to Delta Dental of New Jersey's Roota Almeida in conversation with Security Current's Vic Wheatman.
The overall cost of cyber crime in 2015 to the world economy as a whole was estimated at a conservative $575 billion, according to research. Breaches are growing in number and sophistication.
According to Jason Witty, Executive Vice President and CISO at US Bancorp, there are five major sources of information security threats and they are continuing to evolve dramatically.
He identified five high-level classifications that include: insider threats, organized crime, hactivists, terrorists, and nation states.
But as Witty tells Security Current’s Vic Wheatman there is a light at the end of the tunnel. Using security frameworks and taking advantage of new legislation that supports threat information sharing among organizations are some of the most viable approaches to combating the increasingly sophisticated and emerging threats. Hear about these topics, as well as the growth in business email compromise fraud, in this conversation.
Things happen. Staffers click links they shouldn't. Interlopers enter the workplace, gain access to a vacant desk, log in and steal corporate secrets.
Technology helps, but end user security awareness training puts people on the front line of defense. Employees need to recognize that the threats are real. Executives need to see that there is a real return on security training investment, partly due to preventing lost productivity, and that business risks can be significantly reduced.
In this sponsored podcast, Security Current's Vic Wheatman speaks with Amy Baker, Vice President of Marketing of Wombat Security Technologies, a premier provider of security awareness training.
In a world of three letter acronyms comes yet another -- a new specification from the Cloud Security Alliance. SDP or Software Defined Perimeter.
SDP approaches are meant to create a secure micro segment between the user and a host.
But how are SDPs different from other approaches based on firewall appliances or virtual firewalls? Can SDPs eliminate the need for firewalls? Can they save money? Who provides the technology and what are the advantages?
Security Current's Vic Wheatman speaks with Gartner Research Director Lawrence Pingree about this emerging technology.
With the plethora of information security products and services on the market, how can CISOs prioritize what they truly need? And how can they differentiate from what may be a short-term fad brought to market by earnest but oftentimes aggressive solution providers or a long-term solution?
The answer lies in stepping back and carefully examining your organization's overall security program from a predict, prevent, detect, protect and respond context to help plan priorities.
Gartner surveys CISOs bi-annually to determine security buying trends and top of mind concerns. In this podcast, Security Current's Vic Wheatman speaks with Gartner Research Director Perry Carpenter about the results of the survey and the current state of CISOs when it comes to buying trends.
Episode 77: Creating and Managing a Security Aware Culture
In both the public and private sector employees are by and large the weakest link when it comes to information security breaches.
Training needs to be more than simply a checkbox on a compliance list. There are various approaches that combine training and technology to ensure employees are security aware.
As you'll hear from Gartner Research Director Perry Carpenter in this conversation with Security Current's Vic Wheatman, training is not a one-time endeavor but needs to be multifaceted and continuous.
The European Union's (EU) highest court recently found that the "Safe Harbor" provisions allowing data transfers from EU countries to United States' data centers are invalid.
Triggering this finding was a lawsuit motivated, in part, by spy agency access to citizen data in violation of privacy initiatives. Despite this ruling, transatlantic data flows can continue -- assuming other safeguards are in place.
Security Current's Vic Wheatman speaks with Lawrence Dietz, General Counsel for California-based TAL Global to make sense out of this and what it means to CISOs. Dietz is a nationally recognized expert in the areas of cybersecurity, cyber warfare, information security and intellectual property.
What is the optimal structure within an enterprise in terms of CISO reporting? Should a CISO report to the CIO? Or possibly to the CFO?
In some cases, as you'll hear in part two of Vic Wheatman's interview with CISO Brian Lozada, CISO can stand for Chief Information Scapegoat Officer. Avoiding blame for security incidents requires relationships to ensure that both business and technical concerns are properly addressed.