Infosecurity Opinions
Comment: The Death of the CISO?
At a significant crossroads, the infosec profession must adapt to avoid failure says Mark Brown of Ernst & Young
Comment: Protecting Critical Network Systems and the Information Within
Benga Erinle, president of 3eTI, discusses the shift in focus from securing physical facilities to warding off cyber attacks against critical infrastructures – and why our reliance on control systems makes us more vulnerable than ever to attack
PCI in the Cloud: Ready, Willing and Able?
Andrew Hay discusses what you can expect from the ‘PCI compliant’ cloud provider
Token Debate: Battle Tested, Industry Approved
Their ability to remain nimble is why RSA’s Dan Schiappa believes tokens are the past, present, and future of two-factor authentication
Token Debate: Worthless, Worthless
This sums up the opinion of ISACA’s Richard Hollis when it comes to the value of token-based authentication
Comment: How Decentralized Encryption Can Impair Security
To protect digital assets and meet regulatory requirements, many organizations secure sensitive data with point encryption solutions. Vormetric’s Ashvin Kamaraju explains the risks and challenges associated with decentralized encryption key management, and the role of interoperability standards in establishing a centralized key management infrastructure
The Strange Case of Indian Censorship in Oman
Jean-Loup Richet explains how researchers in Canada have come across a new example of the “upstream filtering” phenomenon, in which internet content is blocked in one country due to censorship imposed by another
Comment: Effective Smart Grids Require Multiple Layers of Security from the Outset
Michelle Lewis, smart grid specialist at Symantec, explores the benefits and challenges of smart grids and outlines the strategies needed to secure and protect them
Comment: Cloud Security is not a Myth
Security is frequently cited as the primary reason why organizations are reluctant to adopt public cloud offerings. But is the public cloud inherently insecure? With the correct approach to security architecture, FireHost’s Chris Hinkley argues that securing the public cloud is possible
Comment: The EU’s Proposed 24-hour Breach Disclosure Rules will Drive Automation
The EU’s proposed revisions to the Data Breach Directive reminds us that it’s about respecting customers, not just ticking boxes, opines Michael Hamelin of Tufin Technologies
Comment: Cybersecurity and Information Sharing Is a Two-way Street
Strengthening cybersecurity cooperation between government and industry is a growing necessity. As threats evolve rapidly, ongoing information sharing will serve a critical role in keeping public and private networks safe. Entrust’s Dave Rockvam explores the current landscape and areas for improvement
Comment: Why You Need a Google Security Policy
Through its many services, Google can track your browsing, scan your emails, read your documents, listen to voicemails, analyze your calendar, and more – all in the name of better connecting sellers to its users. Babak Pasdar of Bat Blue Networks says this feeding of the Google Monster must be monitored and controlled
Comment: Passwords Are the Achilles’ Heel of Cloud Security
To address single sign-on (SSO) at cloud scale, Ping Identity’s Patrick Harding says IT administrators, security architects and developers must focus their energy on solving the problem with secure standards such as SAML, rather than implementing Band-Aid solutions like password vaulting
Comment: Securing SharePoint's Content Blind Spots
Storing sensitive information inside SharePoint doesn’t have to be scary, claims Kurt Mueffelmann of HiSoftware. By implementing governance policies that couple education with compliance and security technologies, he believes organizations can store and share information inside SharePoint with confidence
Comment: Why Amazon Is My #1 Attacker
AlienVault’s Conrad Constantine explains why the need to establish reputation information from cloud instances cannot be underestimated for incident responders
Hacktivism Debate: Security’s Little Awareness Helper
Matthew Pascucci shines a light on a by-product of hacktivism: increased security awareness. Their attacks may be embarassing, but he says hacktivists do serve a functional purpose for the security professional
Hacktivism Debate: Occupy DDoS
There's little room in Ted Swearingen's heart for the exploits of so-called hacktivists. His sympathies lie with those charged with combating them
Comment: Too Much Security May Affect Business Processes
A balance is needed between the protection of information and productivity within a business environment, says David Cowan of Plan-Net
Comment: Don’t Ban Social Media (And What To Do Instead)
Forensic analyst Paul Henry explains why banning social media is hardly the way to deal with the risks it poses
Comment: Building a Risk-aware, Cyber-secure Culture
Using technology solutions to complement your security awareness programs is simply not enough, says IBM’s Chris Nott. You must go further and explain the risks to your employees, and why the technical controls were put in place