Access: Restricted

From the Fall 2014 Issue

Hunting with Cyber Threat Intelligence

Author(s):

Robert S. Johnston, ,

Do the current techniques to conduct incident management and response constitute an effective counter threat operation?  In today’s threat landscape, chasing down alerts from your SEIM may not be enough to catch the most advanced threats.  Today’s Advanced Persistent Threats (APT) link sociological, psychological, and technical tradecraft together to infiltrate the  most secure networks, and … Read more

From the Fall 2014 Issue

Corporate America is Being Attacked and the Entry Vector May Be Surprising

Author(s):

Rick Mellendick, Chief Security Officer, Process Improvement Achievers, LLC

“Corporate America is under attack” has become a more regular headline with media outlets. Such reports often describe the attack and loss, but few explain why it happened and even fewer take the time to describe how not to let it happen. Even organizations focus on the attack, loss, and why the attack happened when … Read more

From the Fall 2014 Issue

Cloud Vulnerability – Scanning Options for Enterprises

Author(s):

Kellep A. Charles, Information Security Analyst/Researcher, SecurityOrb, LLC

Many enterprises wisely consider regular security vulnerability scans on information processing systems to be a vital component of their security programs. They allow the administrator to locate security weaknesses, assist in asset management and, most importantly, comply with regulatory compliance. In a traditional environment, the process is not difficult to carry out, but with the … Read more

From the Fall 2014 Issue

Cybersecurity Culture and Compliance

Author(s):

Dr. Mansur Hasib, CISSP, PMP, CPHIMS, Public Speaker and Cybersecurity Leader,

CYBERSECURITY DEFINED While attending several cybersecurity conferences recently I noticed a lack of a common understanding of what cybersecurity is. I also noticed some confusion between cybersecurity and information assurance. I observed that many cybersecurity professionals and even NIST documents were advocating cybersecurity policy based on the 1991 McCumber model of information security (McCumber, 1991) … Read more

From the Fall 2014 Issue

CyberMaryland: Creating The Right Adaptive Framework For Cybersecurity

Author(s):

George Berkheimer, Staff Reporter, United States Cybersecurity Magazine

With its collection of high-tech commercial assets, academic institutions with expanding cybersecurity programs and its proximity to federal government, Maryland has become the nation’s cybersecurity epicenter. Maryland is home to 50 federal agencies and research facilities, including the National Security Agency (NSA), Cyber Command, the Defense Information Systems Agency (DISA), the National Institute of Standards … Read more

From the Fall 2014 Issue

INTERNATIONAL COOPERATION IN COMBATING CYBERTHREATS: THE U.S. – ISRAEL EXAMPLE

Author(s):

Ira E. Hoffman, Esq., Of Counsel, Butzel Long

In recent years, two significant developments — (1) the sabotage of centrifuges and Programmable Logic Controllers at Iran’s secret Natanz nuclear fuel-enrichment facility by the Stuxnet worm, and (2) the accelerating growth in the tremendous investment by American information technology (“IT”) giants in Israel — have come to epitomize the close cooperation between the U.S. … Read more

From the Fall 2014 Issue

Their Own Worst Enemies-DoD Responds to Insider Threats

Author(s):

Chris LaPoint, Group Vice President of Product Management, SolarWinds

The Department of Defense (DoD) has as part of its mission to prevent and deter national security threats and attacks on the American people – but what if the DoD can’t prevent its own employees and service members from contributing to or causing security breaches? A recent survey1 conducted by SolarWinds and Market Connections found … Read more