Just as markets do a better job of regulating good and bad business practices in rapidly evolving economies, the self interested protection of the security community may be the best response to the scourge of Internet pestilence. Viruses, worms, spam, spyware, and botnets have all changed the Internet and the way organizations use it for profit.
“First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security issue, but as an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other.” ~ Congressional Testimony
Larry Clinton, president of the Internet Security Alliance (ISA), will testify tomorrow at a U.S. Senate Judiciary Terrorism and Homeland Security Subcommittee hearing titled, Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace.
On October 28th President Obama signed into law the National Defense Authorization Act for Fiscal Year 2010. OK, so more people are needed. Now, let’s talk money. How much money is provided in the 2010 Defense Authorization Act for Cyber Defense? A lot.
The question is not lack of process but whether or not security is being used to help enforce business process in the relevant areas of product safety, customer service, employee workplace security and information protection in business-to-business relationships.
The ISA will release a new cybersecurity report, which proposes frameworks for taking key issues in the Obama Administration’s “Cyberspace Policy Review” document to the next level, in an effort to achieve tangible progress. The report will include frameworks for creating a new, practical model for information sharing; addressing the international nature of cybersecurity issues; developing a market for adopting good security standards and practices; building a highly educated digital workforce; and managing the global IT supply chain.
There are four pillars to the cyber war realm: intelligence, technology, logistics, and command. By understanding these factors IT security practitioners can gauge the threat to their own organization from cyber war and perhaps take steps to prepare for either direct attacks or the fallout from an outbreak of cyber hostilities between nations.
With the threat of aftershocks in the US Stock market, continued bank closings and takeovers by the FDIC, serious consideration needs to be given to changing the current reporting, auditing and oversight regulations, and the public needs to pressure elected officials into action before our entire country is taken off financial life support.
This is the first cogent look at the efficacy of waging strategic cyber war and I hope will serve to slow the rhetoric coming from the US Defense community about acquiring cyber offensive capability: “Can cyberattacks disarm cyberattackers? In a world of cheap computing, ubiquitous networking, and hackers who could be anywhere, the answer is no.”
ISA/AIA webinar - Testing In A Real Environment Leads to Faster Cyber Security Innovation; Electronic Self-Help - White Hats, Black Markets, and Grey Laws; Software Assurance Forum; ICSJWG 2009 Fall Conference; ISA/AIA Webinar - Supply Chain Issues in Cyber Security…
I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…
Oops, I just argued from scenario. Pundits often extrapolate from the current state of vulnerability of systems to predictions of massive power outages, financial collapse, and loss of command and control are falling into the scenario syllogism trap. Posing scenarios to support your anti-cyber war position can be just as dangerous…
Demonoid is one of the largest BitTorrent trackers on the planet and, unfortunately for those interested in the site, also one of the most secretive. With the site currently out of action with little indication when it will return, there are certainly plenty of questions. An interview with Demonoid’s Ukranian host certainly proves to be of great interest.Demonoid is one of the largest BitTorrent trackers on the planet and, unfortunately... more
Internet Security Alliance (ISA) President Larry Clinton will describe the progress being made in the joint ANSI/ISA project to develop an enterprise wide cybersecurity framework Wednesday afternoon at the 8th Plenary of the Homeland Security Standards Panel in Washington DC.Internet Security Alliance (ISA) President Larry Clinton will describe the progress... more
Internet Security Alliance President Larry Clinton will serve as one of three private sector briefers at a unique senior level pan-government briefing on cyber security Friday, October 16 from 10:00am to noon. Although this meeting is closed to the press, ISA members are invited to attend...Internet Security Alliance President Larry Clinton will serve as one of three private... more
When a better way of doing things arises, an analyst who seeks to shed light on the future for their lackadaisical client base would attempt to nudge them towards the light of change: enhanced security, better control, and lower total costs as demonstrated by the Enterprise Class UTM vendors. Never have I seen an analyst firm so adamantly defend the status quo.When a better way of doing things arises, an analyst who seeks to shed light on the... more
The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).The root cause of application security vulnerabilities is usually design bugs, and... more
I’m not arguing for an eggshell model of security - crunchy on the outside, squishy on the inside - but it makes things much easier to be able to address an application server’s security requirements without the need to assume that whatever security you implement on an application level is all you will have.I’m not arguing for an eggshell model of security - crunchy on the outside, squishy... more
In Estonia the State Department has arranged for a series of meetings/lectures and discussions for Mr. Clinton. In addition to visiting the NATO Center Mr. Clinton will meet with representatives of the Estonian government, private sector entities, law enforcement, university and primary education professionals.In Estonia the State Department has arranged for a series of meetings/lectures and... more
Infected users are often spreading additional malware by having infected Web sites posted on their Webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts. Tips on avoiding these tactics…Infected users are often spreading additional malware by having infected Web sites... more