Can Security and DevOps Coexist?

DevOps is often a culture of rapid development and frequent rollouts—a culture and mentality that make it very easy to ignore security. All of the traditional challenges of trying to apply security after the fact are exacerbated exponentially in an environment where code is constantly being updated and implemented. So, can security and DevOps coexist?…

Power Struggles in the Boardroom: The Changing CISO Role

In order to better align security with the risks that organizations face, the CISO role, or chief information security officer, needs to be made more accountable at the board level to ensure that there is board-level visibility into their activity. However, in many organizations, this is not the case. A recent survey by PwC found…

Why Pay for AV When It’s Free?

I was at my local supermarket the other day, walking down the canned food aisle, and I saw 21 different brands of peas. Yes, peas. They are all grown under essentially the same conditions in the same way, yet there are dozens of brands all of which vary in price. I then turned the corner…

Getting Employees Engaged in Cyber-Security Training

It is no secret that no matter how many layers of security you have, or how great your computer and network defenses are, the user is the weak link in the security chain. This being the case, effective training to make users aware of security concerns and security best practices is often a better investment…

Guardians of the Galaxy?

It is hard not to like the Marvel movies that hit the big screen every year.  Being a pseudo-geek (pseudo because I have no comic book collection or replica light sabers mounted on my wall), I enjoy the world Marvel has created.  Even on the little screen, Agents of S.H.I.E.L.D has become a staple in…

Security in the Digital Age: Evolution or Intelligent Design?

At RSA Conference APJ this year, Art Coviello’s opening keynote stressed the interdependency of the digital world we have created. He articulated the challenges the security industry faces as the norms of behavior for nations, businesses and people in the digital world are still painfully ambiguous. The “rich soil of digital chaos” is being tilled…

The (In)Security of the IoT

Several announcements in July have focused attention on security vulnerabilities and risks in the Internet of Things. Siemens announced an update to fix vulnerabilities in its SIMATIC automation system for energy management. Ponemon Institute, jointly with Unisys, announced its report on security vulnerabilities in critical infrastructure. And HP announced its research on vulnerabilities in IoT…

Getting Revenge: The Ethics of Active Countermeasures

Businesses and individuals are getting fed up with always being one step behind cyber criminals and constantly playing defense. In an attempt to be more proactive and shift the dynamic, some security experts are now advocating active countermeasures—basically attacking the attackers. While getting revenge has a nice ring to it, becoming an attacker raises a…

Caveat Emptor – Buyer Beware

It has become a widely accepted fact that the security landscape of today is so complex that using only traditional, perimeter-based defenses is no longer viable or effective. The increasing presence of mobile- and cloud-based applications, as well as the greater sophistication of the attackers themselves, is placing organizations in an extremely vulnerable state. This,…

Employing Alternative Analysis In IT Security

“If you will begin with certainties, you shall end in doubts, but if you will content to begin with doubts, you shall end in almost certainties.” – Francis Bacon Companies have rules, policies, procedures, systems, and a multitude of other frameworks that support decision making about and responses to different cyber security threats. Seldom do…