Moving from Compliance to Risk-Based Security – Part 2
In my previous post, Moving from Compliance to Risk-Based Security – Part 1, I mentioned that I would share my discussions with two security executives who feel strongly about this topic. Both of them participated in the Wisegate CSO peer discussion documented in the report Moving From Compliance to Risk-Based Security. These experts clearly confirm the need to embrace risk … Read more
Moving from Compliance to Risk-Based Security, Part 1
After 10 years of managing an IT audit function for an international energy company, I had the opportunity to head up their IT Strategy group that was charged with creating Organizational IT Security and Risk profiles and plans. The charge of this function was to annually evaluate organization-wide internal and external risk as it relates to IT, and to communicate … Read more
Posted in Governance, Risk and Compliance
Tagged Compliance, FISMA, HIPPA, IT Security, PCI, Risk-based Security
Leave a comment
ISACA Advanced Persistent Threat Survey Shows Some Eye-opening Findings
Advanced persistent threats (APTs) have been in the headlines over the past couple of years for affecting some high profile enterprise networks. Many thought these attacks were limited to government networks. However, in January 2010, the source code and intellectual property of Google and at least 20 other companies in the high-tech industry and defense industrial base were targeted and … Read more
Posted in Network Security, Security Threats
Tagged Advanced Persistent Threats, APT, cyber attacks
1 Comment
Preparing for the Top IT Security Threats of 2013
Many times in their daily jobs, IT operations and information security (infosec) professionals get so immersed in “the trees” (i.e., the hot issues of the day) that they sometimes lose sight of “the forest” (the broader challenges that impact our businesses as a whole). While every organization has its trees, however different they may be from company to company, they … Read more
NetWars Tournament of Champions Tests the Skills of the Nation’s Top Cyber Security Practitioners
Sometimes, life imitates art, and vice versa. Consider the Tom Clancy’s Net Force series of novels created by Clancy and Steve Pieczenik, and written by Steve Perry. The storyline of these books centers around a special division within the FBI tasked with combating crime on the Internet and protecting the country from untold cyber threats. If the premise sounds familiar, … Read more
Posted in Network Security
Tagged cybersecurity, National Security, NetWars CyberCity, Network Security, SANS Institute
Leave a comment
When it Comes to Controls and Compliance, Fix Once and Comply with Many
Fix once and comply with many! This is the holy grail of both controls and compliance for organizations that need to comply with multiple regulations and standards. For example, a large enterprise might have to assure that it’s fully in compliance with SOX, HIPAA, COBIT, PCI and ISO 27001. Determining and implementing the proper controls and validating compliance for all … Read more
Who let the data out? Careless workers, that’s who
Frequently we see headlines about high profile data breaches where cyber criminals break into corporate computer systems and steal customer lists, credit card numbers or other sensitive information. These high profile breaches are certainly clear and present dangers to both the companies charged with protecting this data and the consumers whose private data has been exposed. However, breaches due to … Read more
Incident response planning: Are you ready for the Big One?
Do you remember the Sony PlayStation Network hacking last spring? An attacker gained access to personal information stored on both the PlayStation Network and the Qriocity online music and video service. The breach affected the accounts of 77 million people worldwide. When the breach was discovered, Sony took both services offline for more than a week to prevent any further … Read more
Heart-stopping research: Hacking from pacemakers to autos
Technology has become so pervasive in our lives today that we are almost completely dependent on it. It makes you wonder, how easily can these technologies that control everything from pacemakers to cars be hacked? The answer to that question is surprising and even scary. Avi Rubin, professor of computer science at Johns Hopkins University and technical director of the … Read more
PwC survey: Preparation, not prediction, is key to weathering security storm
At the beginning of every year, experts feel compelled to make predictions about the kinds of security threats we’ll see in IT in the year ahead. While predictions can be interesting, they typically are little more than an extension of recent security threat trends. As long as the trends continue, the prognosticators look pretty smart.What I find to be more … Read more
