All I Need to Know about Cyber Security, I Learned in an NSA Pamphlet for Securing Home Networks

Do you remember a list called All I Really Need to Know I Learned in Kindergarten? No? It’s a list of basic things that children are taught, which can guide them throughout life. It’s pretty old but was very popular in its day. Thinking about this led me to ask: Would lessons from a pamphlet for securing home networks have prevented some recent mega breaches? No way? Think again. 
Topics: Networking cyber security RSA Security Conference home network security

Somber Message at the 2015 RSA Conference

As the 2015 RSA Conference got underway this week, I attended a dinner hosted by Pacific Crest Securities. Our host began the dinner by asking former cyber czar Richard Clarke to say a few words.

Now this was a rather festive dinner as the cybersecurity industry is in the midst of a robust boom.  Nevertheless, Clarke’s brief talk was a reminder of where we’ve been and the state of cybersecurity today. 

Topics: cyber security rsa conference

Time to Address Basic Organizational Issues that Impact IT Security

In the past, cybersecurity was thought of as an IT problem where CISOs were given meager budgets and told to handle IT security with basic technical safeguards and a small staff of security administrators. Fast forward to 2014 and things have certainly changed now that business mucky-mucks read about data breaches in the Wall Street Journal on a daily basis. 

Topics: IBM Microsoft Oracle cyber security CISO

The Two Cornerstones of Next-Generation Cybersecurity (Part 1)

Every CISO I speak with tells a story fraught with common anxiety about the future of information security. As the world becomes more mobile, consumer-centric, and cloud-based, IT gets more distributed and complex while the IT department has less and less control. This presents a real conundrum for security professionals who’ve been trained to seize control and lock down as much as they can.

So what should CISOs do to address the “shadow IT” dilemma? As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.

Topics: Information and Risk Management Enterprise Software Data Management Security and Privacy cyber security next-generation cybersecurity applications identity