Like music, photos, TV, and data, once something becomes digital it becomes a consumable and moves from the domain of the specialised expert to a public commodity. As with Blockbuster, Borders, Capital Records, and newspapers, businesses based on non-digital product are the hand-crafted hobbies of the 21st century. Craft markets will exist into the future but they are generally not profitable and rather a labour of love. Continue reading
In an earlier blog post, Ed Perkins, the developer of the Certified Enterprise Risk Manager® – Cyber Security™ certificate, described the current cybersecurity landscape for industry and provided an overview of the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework. In this second half of APQC’s conversation with Perkins, he discusses how organizations can use the Cybersecurity Framework to address risk. Continue reading
APQC recently spoke with Ed Perkins, the developer of the Certified Enterprise Risk Manager® – Cyber Security™ certificate, about the current state of cybersecurity and the introduction of the U.S. National Institute of Standards and Technology (NIST)Cybersecurity Framework. This post presents the first half of the interview, in which Perkins describes the cybersecurity landscape and introduces the NIST framework. Continue reading
Publicly announced breaches of secured information are so common today that they almost seem routine. Last year, in the United States alone, financial companies like JPMorgan Chase and retailers such as Target and Home Depot were victimized by information system hackers that allegedly gained access to the confidential data of millions of businesses and consumers. Continue reading
I wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading
Ebola? Wars? Shootings? Civil unrest? Global warming? Droughts? You name it. The unexpected is happening – all to often. The unexpected has become the expected. Not only in the US – but the world over in government and the private sector. Continue reading
Having lived and worked in countries with military dictatorships, dangerous social, religious and political unrest, I have what I called a “Third World” definition of a friend. My definition of a friend is someone you can trust with your life and the lives of your friends and family.
This kind of friendship includes not doing things that can cause other people to be threatened or harmed to get to you, or who you may harm by revealing or even insinuating a confidence. I have lived in places where people write out a “Statement of Conscience” – which represents what they believe and stand for that can be used to counter anything they may be coerced into saying through threats or torture. Continue reading
Do you have an old Hotmail account lying around? What would you do if:
- Someone took control of an account belonging to you – using public information to answer the security questions that allow you to reset a password.
- Used your compromised account to break into other more sensitive accounts – your business, bank, etc.
- Then blackmailed you for $20,000 with the threat of selling your identity and accounts to ‘fraudsters’ who ‘would ruin your life’? Continue reading
Cyber threats continue to plague governments and businesses around the world. These threats are on the rise as cyber criminals increase their focus and know-how. The problem demands an international solution. ISO/IEC 27001 provides a management framework for assessing and treating risks, whether cyber-oriented or otherwise, that can damage business, governments, and even the fabric of a country’s national infrastructure. Continue reading
Thirty years ago Ford Motor Company had a tag line in all its advertising:
Quality is Job #1!
Great tagline. Now we believe that everyone’s new tagline is:
Cyber Security is Job #1!
President Obama directed NIST to develop a risk management framework to secure infrastructure vital to the US and for that matter’s any country’s critical infrastructure such as banking, electrical power grid, water, and transportation. Continue reading
This paper discusses a number of interesting technical advances that are theoretically already possible in 2014, although in fact not currently available. Hopefully showing the software community what is technically feasible will encourage universities and larger corporations to move more quickly. Continue reading
The title of the proposed 2014 cyber series is: Changing Cyber Landscape
This year is going to be a banner year for cyber security. Take a look at the following events. The number of data breaches will increase. More state actors from China, Russia, and even our allies will attempt to penetrate critical infrastructure. More revelations on cyber intrusion of Federal facilities. Further losses of personal identification information. Heightened cyber warfare. Significant data breaches growing exponentially. Increasing cyber crime with material impacts. Additional NSA revelations. Increased privacy law breaches. More regulatory penalties, shareholder lawsuits, and reputational damage. And, the list goes on. Continue reading