NY State Cybersecurity Regulations: Who Wins?

As you probably know by now, on February 16, the State of New York’s Department of Financial Services (DFS) finalized its new cybersecurity regulations which take effect on March 1, 2017. 

Topics: Cybersecurity CISO IAM encryption SOAPA financial services DFS 23 NYCRR 500

Crypto:  Nominated to the Cybersecurity Canon

If you are a cybersecurity professional or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. Just what is a Canon? There are lots of definitions but that one that applies here is, “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is:

“To identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government, or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”

Topics: Cybersecurity encryption PKI data privacy

Data and Identity: Two New Security Perimeters

CISOs tend to spend the bulk of their cybersecurity technology budgets on endpoint, server, and network security controls. This makes sense from a historical perspective, but these IT assets are in a state of flux today. Endpoints are often mobile devices rather than Windows PCs, while servers are virtual or cloud-based workloads. Meanwhile, networks are also moving to a virtual model composed of public and private network segments.

Topics: Cybersecurity identity data security encryption

Apple vs. DOJ Doesn’t Really Matter

Anyone remember the Crypto wars of the 1990s? Back in the early 1990s, the U.S. placed strict regulations on the exportation of cryptography and even put encryption technologies it on the munitions list as auxiliary military equipment. This restriction was a real burden to software firms like Lotus, Microsoft, and Novell as they wanted to offer data confidentiality and integrity features for PC users. Eventually the NSA offered a compromise by approving a weak 40-bit encryption algorithm for export purposes.

Topics: Cybersecurity encryption crytography

Oracle M7 Enhances CPU-level Security

As summer turned to fall, the IT industry got together at VMworld and then Re:Invent to celebrate cloud computing. This translated to software-defined everything – data centers, networking, storage, etc.

Topics: Cybersecurity Oracle encryption SPARC

Dell’s Most Secure PC Initiative Presents a New Opportunity

When it comes to selling PCs to business organizations, Dell has long held a well-deserved reputation for aggressive pricing, tailored customization services, and strong customer service. Okay, but what about endpoint security? In the past, Dell sales reps would simply open their catalog and let the customer choose from a vast list of partner options. Want AV software, full-disk encryption, or biometric authentication? Dell would simply ask its customers to choose dozen of partner options in each area.

Topics: IBM EMC Cisco Information and Risk Management HP Dell Security and Privacy Security Kaspersky Lab trend micro Symantec Invincea antivirus Sophos Anti-malware encryption

It's Time for an Enterprise Encryption Strategy

A few years ago, I began writing and talking about data encryption management problems on the horizon. I was right about the issues, but a bit aggressive on the timing. Based on what I'm seeing lately, however, the encryption management sky may finally be falling (or at least starting to fall).

Topics: Information and Risk Management Security and Privacy Vormetric Symantec CISO Intel NIST encryption