Category Archives: Governance, Risk and Compliance

NSA Director Defends Surveillance Of Phones, Internet

Posted on June 18, 2013 by Anton Ferreira

The director of the National Security Agency, Gen. Keith Alexander, today (Tuesday June 18) defended US spying on phone calls and internet traffic, saying it had prevented some 50 terror attacks around the world In remarks to the House Intelligence Committee, Alexander said: “In recent years, these programs, together with other intelligence, have protected the US and our allies from … Read more

Posted in Governance, Risk and Compliance, Uncategorized | Tagged , , | Leave a comment

Moving from Compliance to Risk-Based Security – Part 2

Posted on June 18, 2013 by Brian Musthaler

In my previous post, Moving from Compliance to Risk-Based Security – Part 1, I mentioned that I would share my discussions with two security executives who feel strongly about this topic. Both of them participated in the Wisegate CSO peer discussion documented in the report Moving From Compliance to Risk-Based Security. These experts clearly confirm the need to embrace risk … Read more

Posted in Governance, Risk and Compliance | Tagged , , , | Leave a comment

PRISM Leaker Stirs US-China Cyber Feud

Posted on June 13, 2013 by Anton Ferreira

Edward Snowden, the source of the leaks about the US government’s PRISM cyber spying program,  claimed this week that the US has been hacking computers in China for at least four years. Snowden, who is now in hiding in Hong Kong – a Chinese-controlled territory – made the claims in an interview with the Hong Kong newspaper South China Morning … Read more

Posted in Governance, Risk and Compliance, Uncategorized | Tagged , , , | Leave a comment

Moving from Compliance to Risk-Based Security, Part 1

Posted on June 12, 2013 by Brian Musthaler

After 10 years of managing an IT audit function for an international energy company, I had the opportunity to head up their IT Strategy group that was charged with creating Organizational IT Security and Risk profiles and plans. The charge of this function was to annually evaluate organization-wide internal and external risk as it relates to IT, and to communicate … Read more

Posted in Governance, Risk and Compliance | Tagged , , , , , | Leave a comment

Storm Over PRISM Leaks Widens

Posted on June 10, 2013 by Anton Ferreira

The saga of one of the most significant leaks of government information in recent US history has taken a new twist with the decision by the whistleblower – former CIA technical staffer  Edward Snowden – to go public. In an interview carried out in Hong Kong with the UK newspaper The Guardian, Snowden said that after leaving the CIA he … Read more

Posted in Governance, Risk and Compliance, Uncategorized | Tagged , , , , , | Leave a comment

US Government Angry Over Internet Spying Leaks

Posted on June 7, 2013 by Anton Ferreira

Director of National Intelligence  James Clapper has denounced leaks to The Washington Post and Guardian newspapers this week which revealed that his agency is spying on e-mails and other internet traffic obtained from nine major companies. In a statement on Thursday, Clapper confirmed the surveillance was taking place but accused the newspapers of making unspecified errors in their reporting. “The … Read more

Posted in Governance, Risk and Compliance, Network Security | Tagged , , | Leave a comment

Hagel Accuses China of Cyber Attacks

Posted on June 1, 2013 by Anton Ferreira

Defense Secretary Chuck Hagel publicly accused the Chinese government and military at the weekend of carrying out cyber attacks and expressed Washington’s determination to work “vigorously” to keep cyberspace safe. The accusation was made in an address on Saturday to the Shangri-La security conference in Singapore, which was attended by government and military representatives from Beijing. Speaking a week before President … Read more

Posted in Governance, Risk and Compliance, Security Management, Security Threats | Tagged , , , | Leave a comment

Privacy Advocates Vs. Legislators: House To Revisit CISPA This Week

Posted on April 10, 2013 by Dan Sher

Call it ‘cybersecurity’ week in our nation’s capital, as Internet privacy advocates clash with legislators on the best way enact quality cybersecurity legislation. The House Intelligence Committee plans to revisit the polarizing Cyber Intelligence Sharing and Protection Act (CISPA) this week, scheduling a “mark up” session today to revamp some of the bill’s amendments. This could eventually lead to a … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Threats, Uncategorized | Tagged , , , | Leave a comment

IBM: Web Application Vulnerabilities Threaten The Enterprise

Posted on April 3, 2013 by Dan Sher

Web application vulnerabilities remained one of enterprises most pressing issues, rising 14% in 2012  over 2011 end of year numbers, according to a recent report. These vulnerabilities were exploited by attackers who, more often then not, injected malicious scripts and executables onto legitimate websites, targeting client side vulnerabilities in the browser core and in plugins such as those in Internet … Read more

Posted in Application Security, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , , | Leave a comment

Survey: The Trouble With SIEM

Posted on March 14, 2013 by Dan Sher

Security Information and Event Management (SIEM) was supposed to make life easier for IT professionals, analyzing the torrent of incoming security data from the network perimeter to provide real-time analysis on security threats. Instead, it seems to have become a bit of an albatross for security pros who have to wrestle with increased complexity and management, according to a survey … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Uncategorized | Tagged , | Leave a comment