What could go wrong? As an information security manager, I have often been asked that question. But, there are two ways it is asked.
The first is my preferred way. It is a genuine effort to identify and evaluate the risk associated with the item at hand. That is a conversation I want to have. That is a thought process I want to encourage. Continue reading
In The BeginningTo quote Charlie Brown, “Aaaaaaaaaaaargh!” Haven’t we learned anything? The mantra for years has been to build security in at the beginning not the end. Continue reading
In a conversation with Bill Burns, Director of Information Security at Netflix, he told me that he wanted 2500 firewalls. Before you think he wants to make a major networking equipment buy, let me put his comment in context. Continue reading
It used to be said “It’s not a matter of if you will be hacked. It’s when.” But, now it has progressed to “What?”
In other words it was not a question of whether or not you would be hacked, it was given you would be. The real question was just when was it going to happen. But, now that question is no longer operative. The information security community is generally conceding that you have been hacked whether you know it or not. Continue reading
On February 12th 2013, President Obama signed an executive order to promote the sharing of classified information about threats on the nation’s critical infrastructure. One week later, Mandiant (threat detection company) released a report identifying their near certainty that a unit of the Chinese military was “one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.” Continue reading