Whatever happened to public key infrastructure (PKI)? Despite rumors of its demise, PKI is not dead! However, it has essentially disappeared into the applications, processes and products it is now protecting.

The current iteration of PKI is being used to protect devices on the IoT. securitycurrent's Vic Wheatman speaks with Johannes Lintzen, a security expert at Utimaco, about the evolution of PKI in a world where IP is everything.

This podcast was recorded at the Internet of Things Expo produced by Sys-Con Events in November in Santa Clara, California.

 

How does a CISO approach the special security and privacy issues involved in a medical setting as the Internet of Things moves forward?

Jeff Misrahi, CISO of AdvantageCare Physicians, a multi-specialty physician practice delivering comprehensive, community-based care throughout the New York metropolitan area, discusses this topic with securitycurrent's Vic Wheatman.

Misrahi also describes best practices on transmitting data,  wireless devices, how security should ideally be approached in a distributed enterprise and where he fits in the organizational structure.

 

Who should the CISO report to in the organization? How can CISOs who are at competing organizations share information security without tension? And what is the relationship between risk, compliance and information security?

In part two of our interview with Steve Katz, recognized as the first CISO, Vic Wheatman discusses these and other issues.

 

Steve Katz, credited with being the first Chief Information Security Officer (CISO), sets the record straight on that honorific. He talks about what it was like being the first CISO, jesting that he slept like a baby, getting up every two hours and crying.

In the first of a two part interview, Katz tells securitycurrent's Vic Wheatman how he sees the role of CISO. He suggests a new title for it and proposes a process whereby business units would be required - in writing - to accept responsibility should they take risks that the CISO advises against.

Katz now advises Deloitte in security and privacy and heads up Security Risk Solutions LLC.

 

Embedded systems, the Internet of Things and security. What do these things have in common?

Once in use industrial, medical, avionics and other systems typically don't get upgraded, but they need to operate in a safe and trusted manner. But in the world of the Internet of Things where new, creative offerings are quickly hitting the market, security often is just an afterthought.

securitycurrent's Vic Wheatman speaks with Senior Technical Marketing Engineer Roman Romaniuk of Winder River, a provider a of secure operating systems that are also in use on the planet Mars, as you'll in hear in this podcast. The podcast was conducted at the Gigaom Structure Connect conference in San Francisco.

 

The drumbeat of breaches -- Home Depot, Target, Jimmy John's and the list goes one -- continues almost daily. Why is this the case? It doesn't appear to be a lack of security investment or governance.

As you'll hear from one former Gartner analyst who has 'gone over to the dark side,' a key problem is that individual security functions largely exist in isolated silos. Eric Ouellet, who is now VP of Strategy at Bay Dynamics, says this approach leads to data overload for security analysts causing fatigue and subsequently inadequate responses to attacks.

Ouellet tells securitycurrent's Vic Wheatman that traditional approaches have flaws and generally lack the correlation of threat information from one silo to the rest, which would support holistic responses.

 

Threat Intelligence is more than just a list of bad actors' IP addresses. The best sources of threat intelligence tend to be the more mature and 'enlightened' providers who employ a substantial number of security analysts who can evaluate the nature of the threats.

In fact, some are able to drill down not only to specific groups of threat actors or countries that may be after an organization but to the specific people who may be out to get them as well. But how do most organizations use this information and what kind of threat intelligence would help you the most?

It is often law enforcement that finds evidence of a security breach first. Being able to respond effectively to breaches can reflect on an organization's reputation.

securitycurrent's Vic Wheatman discusses these topics with Gartner Research Vice President Dr. Anton Chuvakin.

 

Data Loss Prevention (DLP) solutions help keep private data private. Using various rules based on certain policies, sensitive information can be prevented from being exfiltrated.

But CISOs are walking a fine line. They must be careful not to inhibit user and business processes lest there be dire business consequences.

securitycurrent's Vic Wheatman speaks with ex-Gartner analyst Eric Ouellet, who is now Vice President of Strategy at Bay Dynamics, about how DLP actually works and where it can be used.

 

Malware in its various forms has been around since the start of the computing age, but one platform remains more susceptible to evil code than others with more than 1 million new unique virus  signatures discovered each and every day, according to F-Secure.

Also according to F-Secure's Threat Strategist David Perry, it is "primarily a Windows world attribute." However, the concerns are shifting with the proliferation of mobile. And just as the Internet offers little native security, it also does not respect privacy.

In this entertaining and humorous exchanged recorded at Black Hat, securitycurrent's Vic Wheatman and David Perry discuss these and other issues.

 

It is often law enforcement that finds evidence of a security breach first. Being able to respond effectively to breaches can reflect on an organization's reputation.

There is always malware running somewhere. Some enterprises have Security Response Teams, but many do not. If it is a one-man shop should they be a 'doer' or a 'coordinator?' If it is a large team, how should it be structured? What is the role of third parties and can open source tools be used?

securitycurrent's Vic Wheatman speaks with Gartner Research Vice President Dr. Anton Chuvakin on this business critical issue.

 

1 11 12 13 14 15 16