Items Tagged with "Security Strategies"
January 18, 2013 Added by:Joel Harding
I know the Chinese recently held a military exercise under constrained conditions, they even advertised it ex post facto. Why don’t we? I would see that as the perfect opportunity to increase the cross-pollination, knowledge and appreciation between Electronic Warfare and cyber...
December 01, 2012 Added by:Jarno Limnéll
Increasingly, both the armed forces and businesses are practicing the concept of “active defense,” a military term that refers to efforts to thwart an attack by attacking the attackers. However popular it has become, active defense is an alarming trend...
November 15, 2012 Added by:Rafal Los
Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...
October 25, 2012 Added by:Rafal Los
Recently in New York city we hosted a CISO-level event where we discussed various issues experienced during the life of an enterprise security program. CISOs brought up various topics from budgeting to being overwhelmed with constantly evolving threats - but one in particular caught my attention...
October 09, 2012 Added by:Tripwire Inc
In the corporate world, we talk a lot about corporate goals & objectives. In the US Government, you hear a lot about “The Mission,” which is the unifying goal that ties an agency (or multiple agencies) together in a shared sense of purpose. I’m a big believer in connecting our actions as information security professionals to The Mission...
September 20, 2012 Added by:Tripwire Inc
We’re going to use the phrase “Connecting security to the business” with almost annoying frequency because it can change the way the business views security, and vice versa. This begs a primer of sorts: What do we mean by all this “connecting security to the business” talk?
September 12, 2012 Added by:Randall Frietzsche
If we are charged with designing, architecting, implementing, deploying, integrating, training and supporting security technology, processes and policies within our organization, we might discover that this work is really an art more than a science...
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 27, 2012 Added by:Infosec Island Admin
As the complexity of attacks grow at a rate outstripping the pace of Moores Law, defenders have to take up a more nuanced approach to protecting their environments. Reliance on technical solutions alone is not tenable, you have to look at the creature behind the keyboard to get a better picture of the attack...
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
August 23, 2012 Added by:Joel Harding
The Swiss are standing up a cyber command and they say their cyber warriors will be armed. Why wouldn’t this work in the US? First, we don’t trust our people as much as the Swiss. That is the nature of our culture, especially in the US. We are more paranoid, cynical and negative. We tend to micromanage...
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
August 20, 2012 Added by:Rafal Los
In far too many organizations leaders and practitioners tell me that the role of Information Security is to protect the organization. Accepting this thinking got us into the predicament where are today, where security isn't everyone's job and only Infosec is thinking about security. This couldn't be more wrong...
August 20, 2012 Added by:Headlines
"The vulnerabilities inherent in social media, ubiquitous encryption and malicious software that has the ability to change form and target enroute, retaining access and the freedom to maneuver in cyberspace will be essential for us to defend ourselves and influence the nature of future conflict..."
August 13, 2012
We are losing the cyberwar. What we are doing now not won't work and can't work because the net-centric defense approach is fundamentally flawed. This presentation includes a history of the battlefield because it's important to understand how we got in this mess in order for us to craft an effective solution...
August 13, 2012 Added by:Rafal Los
I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...