What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-01 11:33:00 | IDG Contributor Network: Cyber incident response: Who does what? (lien direct) | “Who in the government will help me if we face a significant cyber incident?†It's a question I get asked all the time, and until recently, there hasn't been a clear answer. That changed last month, when President Obama issued a Presidential Policy Directive (PPD) on cyber incident coordination. The PPD identifies federal agencies to lead specific aspects of incident response in the event of a significant cyber incident. (A “significant cyber incident†is defined as a cyber incident likely to result in demonstrable harm to the U.S. economy, national security interests, foreign relations, or to the public confidence, civil liberties, or public health and safety of the American people.) Unfortunately, the federal government has responded to several significant cyber incidents over the past few years. This PPD builds upon lessons learned from responding to those incidents, as well as the federal government's experience in all types of disaster response (hurricanes, bombings, etc.).To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-01 07:23:00 | IDG Contributor Network: How to make mergers and acquistions work (lien direct) | What's in a name?Ever since the end of the Industrial Revolution and into the first part of the 20th Century, companies have been buying, building and partnering with other companies. Economists might even suggest that that period of “First Wave Mergers,†back in the early 1900s, saw monopolies take over what were then the original critical infrastructure sectors of this country (railroads, electricity, shipping, etc.).In the tech space - especially where cyber security is concerned - you can almost time your watch by who's buying who, and how, like in a second marriage, the new “Mom†and the new “Dad†start planning where and how they want to manage their new household.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-31 06:38:00 | IDG Contributor Network: Go for the gold! (lien direct) | This was the most exciting Olympics I have seen in a long time. Two weeks ago, we pulled over to a pizza place on a drive to Purdue University to watch Usain Bolt win the 100 meters. Seeing these remarkable athletes, I couldn't help wondering how they got to the levels of achievement they demonstrate. So I researched it. Almost all of the careers I looked at showed the importance of continuous improvement. This method can also help you achieve excellence in your security program, if not to the Olympic stage.In Simone Biles' first competition in 2011 she place third all-around. In her next she placed 20th all-around. The next year she increased her training regimen and started on the path to gold. How about the aforementioned Bolt? His early sprint career was marked by both spectacular wins and losses. His coach Glen Mills advised him “…to learn to lose, because by doing so you could figure out what you needed to do to win†(Usain Bolt: 9.58, by Usain Bolt). Nastia Liukin, a 2008 gold medal gymnast, recommends that you “…strive to achieve something on a day-to-day basisâ€.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-29 03:20:00 | Are InfoSec vendors \'sowing confusion\' and selling \'useless\' products? (lien direct) | As a journalist, you know the drill at media briefings. Hosted and paid-for by a vendor, and with speakers from the company - as well as (usually) an end-user or an academic, the idea is to bring journalists together with the experts to discuss the prominent matters in the industry. And if those issues and industry challenges can be resolved with one of the vendor's solutions then everyone's a winner. The vendor gets the business, the press coverage and the thought leadership, while the journalist gets the story, the contacts and the free lunch. The speakers get some media air-time. It's no surprise then, that these are usually enjoyable, if tame, affairs.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 07:48:00 | Who needs a bug bounty when you got this? (lien direct) | Does shorting a stock for profit signal a new trend in security research?Bug bounties and programs to find and address security issues are on the rise. The bounty programs offer a way to coordinate efforts. They offer the potential of reward for those who discover and disclose. Bug bounties are an emerging marketplace. Some rewards are generous. Others draw criticism. One group took a different approach.  They partnered with a financial firm to share their research. Then they shorted the stock of the company right before disclosing what they found. They profited when the stock dropped. They set their own payout. It's not clear if they did anything illegal. The ethics of the approach is getting a lot of discussion.  To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 07:17:00 | IDG Contributor Network: Measuring security (lien direct) | Measuring security is sort of like measuring happiness. How do you compare your happiness with someone else's? Are you happy? Are you happier today than you were yesterday? Will the things that make you happy today make you happy tomorrow? More importantly, will you discover that you thought you were happy, but it was only because of ignorance? Measuring security is one of the most difficult tasks a security leader faces. How do you measure something that has no quantifiable definition? There just isn't an accepted metric by which to measure or compare, yet this is exactly what most board members want to know. I always chuckle when I review a new contract for our company that has verbiage that says we must maintain “adequate securityâ€. Do you know what “adequate security†means? I do. It means you haven't been breached yet. By definition, once you are breached, your security wasn't adequate. Agreeing legally to maintain “adequate security†is tantamount to legally agreeing to never be breached.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-26 04:00:00 | NASA CIO allows HPE contract to expire, refuses to sign-off on authority to operate (lien direct) | In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise, which received a $2.5 billion contract in 2011 to address problems with the agency's outdated and insecure information technology infrastructure.In late July, CIO Renee Wynn, who took over the job last fall, took the unprecedented step of not signing off on the contract's "authority to operate," which expired on July 24."I have to applaud Renee for stepping up here," said government security expert Torsten George, vice president at Albuquerque, NM-based RiskSense, Inc. "You can almost call her a whistleblower. It's a bold move. Not a lot of people would have made that move, for career reasons."To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-25 07:41:00 | How to handle the aftermath of being hacked (lien direct) |
After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.It's usually not a pretty scene.It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment."It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand. Inspired eLearning
Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.To read this article in full or to leave a comment, please click here |
Guideline | ||
|
2016-08-24 11:42:00 | IDG Contributor Network: In defense of “Good Enough†security (lien direct) | Given enough time and resources, every security technology is breakable. But for most people, it doesn't take perfect security to become considerably more secure than average. Security wonks like me often give lists of ways to lock your system down against all but the most determined adversaries, but in truth just taking a few big steps towards better protecting our data is enough. As long as they're the right steps. We can all think of some security technology that has been declared “dead†or that is widely proclaimed to be unsafe: AV is “deadâ€. Passwords are “deadâ€. Using text messaging for two-factor authentication should be killed off. Biometric scanners on phones are “brokenâ€. But does this really mean that these technologies should be abandoned? In my opinion, they should not. And by waxing hyperbolic about their demise, we're decreasing security overall.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-18 04:00:00 | Hype and buzzwords lead to confusion, as vendors leverage the halo effect (lien direct) | Vendors serving the InfoSec market are quick to sling buzzwords and jargon, but do the terms used accurately reflect their product's abilities? Sometimes the marketing is correct, but most of the time the pitches are full of FUD and sensationalized with hype.Earlier this month, security vendors from all over the globe flooded Las Vegas to showcase their products and meet with potential buyers during Black Hat. Like the RSA conference, which is held at the start of the year, vendors spend a good deal of money and time getting out to Las Vegas in order to attend the business side of what's affectionately called hacker summer camp.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-08-09 12:54:00 | IDG Contributor Network: Maturity models can compel your leadership to action (lien direct) | The cyber environment is filled with threats. It's virtually impossible to avoid “INFRASTRUCTURE FACES IMMINENT CYBER ATTACK,†or something very similar every time you encounter online or television news. Nobody argues that there's no threat. At the same time few people, much less experts, agree on how to solve the threat. Let's go a step beyond acknowledging our infrastructure is in danger. How do we quantify the threat and our preparation to respond? How do you, our nation's cybersecurity professionals, assess the readiness and agility of an organization, and more importantly how do you describe the threat and defense landscape to people outside the profession? To read this article in full or to leave a comment, please click here | Guideline |
To see everything:
Our RSS (filtrered)
