Information security:
Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients. This model was adequate in the past, but it is no longer good enough. Why? Malware volume stresses the system and all [...]
A recent Network World article stated that Dell is warning customers that a small number of PowerEdge server motherboards sent out through service dispatches may contain malware. Dell is doing the right thing by alerting potentially impacted customers, but questions remain: How did the malware get there? Were the motherboards assembled in a certain place [...]
As a federal government watcher, I get exposed to some happenings in Washington that few outsiders know about. One such initiative is the Consensus Audit Guidelines (CAG). Simply stated, CAG applies the old 80/20 rule to cybersecurity best practices by focusing on 20 high priority security controls since these controls are specifically designed as countermeasures [...]
Good news: Last Friday, 15 countries including the United States, Russia, and China agreed upon a set of recommendations to the United Nations secretary general that will serve as the basis for negotiating an International computer security treaty. Bad news: Getting this far took far too long. While diplomats debated over wording and process, the [...]
Log management technologies have become a staple for regulatory compliance and security reporting. That said, most log management systems provide little more than triggers and alerts when something happens. What about security forensics? Yes, all the information is there but getting to it is a lot like the early days of the World Wide Web [...]
Earlier this week, I participated in the Symantec Government Symposium, an event dedicated to IT and security professionals in the U.S. Federal government. As part of her kickoff presentation, Symantec Federal GM, Gigi Schaum, asked for audience responses to three questions. Here are the questions and the interesting responses: Has the state of cybersecurity improved [...]
I’m just back from participating in the Symantec Government Symposium held yesterday in Washington DC. The event was extremely informative, with keynote presentations by Cybercoordinator Howard Schmidt and Director of Plans and Policies for the U.S. Cyber Command Major General Suzanne M. Vautrinot. For my part, I sat on a cyber supply chain security panel [...]
While it may seem like cybersecurity issues have taken a back seat in Washington, there is actually a lot of work happening on Capitol Hill. Senate majority leader Harry Reid (D, NV), is pushing all Senate committees with any type of cybersecurity or industry oversight to get on their legislative horses and address the existing [...]
Earlier this week, Cisco announced its intentions to end-of-life the Cisco Security Agent (CSA) at the end of the year. Cisco will continue to support CSA for another 3 years but it won’t enhance the product any longer. Moving forward, Cisco’s endpoint security efforts will center upon AnyConnect, an agent-based offering that unfies endpoint connectivity, [...]
We’ve all read the statistics about the number of publicly-disclosed breaches and the number of public records that were compromised along the way. Think TJX, Heartland Payment Systems, and the U.S. Department of Veteran’s Affairs and you are talking well over 100 million records alone. So how much does a data breach cost an organization? [...]
blogs
