A recap of Kevin Mandia’s “State of the Hack: One Year after the APT1 Report” keynote at RSA 2014 and “Hacking Exposed: PLA Edition” talk by Dmitri Alperovitch and George Kurtz.
Mikko Hypponen’s “Government as Malware Authors” version at TrustyCon. There is a value for security professionals, researchers and leaders in the community to revive the keynotes and continue the discussion.
In thinking about the full security package in the context of cloud security, you should consider aspects such as mobile security, social media implications and the evolution of your role as a security leader. Security monitoring and SIEM are certainly prerequisites in today’s threat landscape. However, without the right amount of expertise and intelligence, today’s security practices can leave gaps that result in front page headlines.
The NIST CSF framework provides guidelines, but it is not prescriptive. It does not tell you how to make the organization’s controls secure. To do that, an organization needs to translate the guidelines into an actionable security program.
As data breaches continue to occur, cyber attackers have demonstrated enhanced technical sophistication in the area of distributed-denial-of-service (DDoS) attacks. DDoS accounted for more than 55% of the overall annual cybercrime costs per organizations.
President Obama released the NIST Cybersecurity Framework, formally known as “Framework for Improving Critical Infrastructure Security.” The development of the Framework was initiated by the Executive Order 13636 with an aggressive timeline of less than one-year to create a framework to reduce cybersecurity risk and improve security of critical infrastructures.
Every organizations wants to reduce risk, prevent incidents, and in the event they do happen, to react with speed. But in IT security the requirements, and failures associated with lack of integration, are often less obvious.
Today’s Chief Information Security Officers (CISOs) are asking themselves, “How can we benefit from mobile and cloud technology – securely?” Risk and Security Officers are often placed in the role of public defender for corporations. They are charged with proactively protecting the enterprise from a variety of cyber threats while the business continues to evolve. This broad responsibility becomes even more challenging when companies adopt new technology without a security strategy.
Cyber attacks, mobility, cloud, and compliance have raised security concerns with CISOs and are now a prominent topic of boardroom conversations. And like it or not, the CISO is accountable to all these stakeholders, with the responsibility of having the right balance of technology and business skills in place. Here are a few strategies that will keep security leaders in good standing with the Board.
IBM is announcing that it is adding nine schools to its more than 200 partnerships with universities around the globe, focusing on collaborating to bring cyber security skills to the classroom. University of Texas at Dallas is applying IBM resources to develop cyber security courses and curriculum in areas such as cloud computing, mobile computing and cyber operations. Furthermore, Dr. Bhavani Thuraisingham, Executive Director of the Cyber Security Research and Education Institute (CSI) at UT Dallas, is recipient of a 2013 IBM Faculty Award for establishing new courses, such as secure cloud computing, data mining for malware detection and cyber operations.