Issue: Fall 2017

From the Fall 2017 Issue

WHAT THE HASH? Data Integrity and Authenticity in American Jurisprudence

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

Legal battles over compulsory data decryption are making headlines. The publicity will likely continue as encryption technology proliferates in both consumer and enterprise markets. The arguments on both sides of this issue merit careful consideration and discourse before any comprehensive policy decision is made or legal precedent is set. One side argues that alternate decryption … Read more

From the Fall 2017 Issue

BUILDING FOR SUCCESS: The Importance of Cloud Security

Author(s):

Vijaya Varma, Co-Founder and CTO, AxiomIO, Inc.

As organizations adopt Cloud technologies and capabilities, it’s important to discuss how secure (or insecure!) Cloud really is. Security concerns with respect to Cloud computing are similar to those of a traditional information technology (IT) setup. Even though Cloud providers such as Amazon Web Services (AWS), Microsoft Azure and the Google Cloud Platform (GCP) make … Read more

From the Fall 2017 Issue

Security by Design

Author(s):

Jeff Spivey, CRISC, CPP, PSP, Ret. CEO, Security Risk Management, Inc.

A holistic “life cycle” perspective is to prioritize security risk levels of security for the proper governance and management of all security. The future is already here — It’s just not evenly distributed yet.  William Gibson, Neuromancer The complexity of protecting our personal and organizational value is increasingly difficult to navigate.  Similarly, threats come from … Read more

From the Fall 2017 Issue

Legacy Modernization as a Cybersecurity Enabler

Author(s):

Henry J. Sienkiewicz, Faculty, Georgetown University

Dependencies on information technology began logically enough. In a technology-driven and dependent marketplace, enterprises seek to leverage information technology to improve their market position. Industries adopted COBOL-based software and mainframe computers for statistical reporting, accounting, claims, policy administration, billing and various information-processing activities.1 Many mainframe and legacy applications are older and require significant upgrades in … Read more

From the Fall 2017 Issue

16 Tons of Technical Debt: An Operational Perspective on Security Automation

Author(s):

J.C. Herz, COO, Ion Channel

In September of 2017, Equifax announced that extremely sensitive data, including social security numbers and driver’s license information, had been exfiltrated by hackers via the Apache Struts framework used to develop the credit rater’s website – a framework that powers thousands of large enterprises’ websites as well. Given the scope of the damage enabled by … Read more

From the Fall 2017 Issue

Cyber Deterrence and Active Cyber Defense

Author(s):

Colby Proffitt, Cybersecurity Strategist, Netskope

A necessary combination in a continuously evolving cyberspace The Roman Empire ruled the ancient world because it built and maintained roads1. Britain ruled the world for most of the 19th century because it had the largest and most powerful navy2, and the U.S. became recognized as a military superpower3 because of the atomic bomb. Each … Read more

From the Fall 2017 Issue

Opting in to Cyber Vulnerablity Part 2: Technical Education in America

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

In the previous article in the United States Cybersecurity Magazine, Volume 5, Number 16 titled “Opting in to Cyber Vulnerability”, we examined the broad, “opt-in” nature of information insecurity in the United States. This article continues with an examination of the American educational enterprise with respect to preparing American students to safely and securely navigate … Read more

From the Fall 2017 Issue

LMI Practical Government Management For An Increasingly Complex World

Author(s):

George Berkheimer, Staff Reporter, United States Cybersecurity Magazine

Establishing a robust cybersecurity defense is no simple task for even the smallest of enterprises. The problems and challenges grow ever more difficult as the size and scope of systems requiring protection increases. The federal government, by comparison, represents perhaps the ultimate challenge with its complex structure of agencies. Each of these in turn has … Read more

From the Fall 2017 Issue

Q&A Interview with Zane Lackey of Signal Sciences

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Signal Sciences develops a web protection platform that provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform. To answer some pertinent questions for our readers about emerging trends in security and DevOps, United States Cybersecurity Magazine conducted a Question & Answer interview with Zane Lackey, Signal Science’s co-founder … Read more

From the Fall 2017 Issue

Your Web Applications are Under Attack: Are You Ready?

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

John M. Holt, Founder & CTO, Waratek

On a day in June, the year 2017 became another year r the record books – six months early. According the non-profit Identity Theft Resource Center C), publically reported data breaches exceed ’s record pace by as much as 80 percent in sectors s Financial Services. As of September 1st, only vernment/Military category was behind … Read more