From the Winter 2021 Issue

Security-In-Motion, Complacency at Rest

Author(s):

-Larry Letow, President, U.S. Region, CyberCX

Justin Petitt, Director of Cybersecurity, Systems Engineering Solutions Corporation

Security-in-motion

2020 introduced a slew of new conversation topics for most people, few more so than among IT security professionals. While there are new technical challenges to consider for most in the business world, we cyber-minded folks find ourselves continuing to address the age-old question in data security – how can we provide more of EVERYTHING … Read more

From the Winter 2021 Issue

Are Smart Cities the Next Principal Step in the Loss of Privacy?

Author(s):

Alan S. Tilles, Esquire, Attorney, Shulman Rogers

Ian R. McAndrew PhD, University Dean, Capitol Technology University

Smart Cities

There are many advantages and opportunities to integrate transport, work, shopping, and the control of all interconnecting aspects. Architects, town planners, environmental groups, and many others believe smart cities are a feasible step in the creation of a zero-carbon footprint way of living. There are many advantages and opportunities to integrate transport, work, shopping, and … Read more

From the Winter 2021 Issue

What You Don’t Know About Ransomware Can be a Risk

Author(s):

-Dr. Michael C. Redmond, Director of Information Security and Risk Management, Redmond Worldwide (Author)

Bradford P. Meisel, Esq., Associate, McElroy, Deutsch, Mulvaney & Carpenter, LLP (Co-author)

Diane D. Reynolds, Partner, McElroy, Deutsch, Mulvaney & Carpenter, LLP (Co-author)

Dr. Bernard A. Jones, CBCP, Assistant Professor, St. John’s University (Co-author)

Syed Taha Ahmed Jafri, Information Security Specialist, First Women Bank (Co-author)

Ransomware

Unfortunately, organizations continue to suffer debilitating impacts on operations due to both natural and human-made threats. One human-made threat, which continues to top the list of risks that organizations fear the most, is cybercrime. Cybercrime comes in many different forms, with ransomware specifically cited as the preeminent threat that impacts organizations worldwide. The severe ransomware … Read more

From the Winter 2021 Issue

Top 5 Characteristics of Successful Insider Risk Management Programs

Author(s):

Shawn M. Thompson, Founder and CEO, ITMG

Top 5 Characteristics

Corporations are increasingly focusing their efforts on preventing, detecting, and mitigating threats from insiders. As a result, many are mandating the creation of formal insider threat or insider risk management programs. With a dearth of standards on the topic, corporations are largely relegated to a trial-and-error approach. Unfortunately, too many companies forget about the “program” … Read more

From the Winter 2021 Issue

The Quantum Security Risk to your Organization

Author(s):

Jeff Spivey, CRISC, CPP, PSP, Ret. CEO, Security Risk Management, Inc.

Jonathan D. Wright, Captain, USAF (Co-author)

Quantum Security Risk

Overall Security Principles Regarding security, it is important to discuss our approach to risk mitigation. To mitigate risk, we need to focus on building our overall situational awareness. To build situational awareness, we should look at what we know. Building comprehensive knowledge of current and future events provides agile spatial orientation. This, in turn, improves individual … Read more

From the Winter 2021 Issue

Reinventing Web Application Security

Author(s):

Malcolm Harkins, Chief Security and Trust Officer, Epiphany Systems

web-application-security

In the simplest terms, risk connotes the possibility of harm. How we account for risk and manage it is the result of understanding and quantifying the consequences. What are the effects likely to occur in the event of a cyber-attack or breach on a business ? Who will be harmed? In what way? To what … Read more

From the Winter 2021 Issue

The Next Generation of Pentesting

Author(s):

Paul Kubler, Head of Red Team Operations, CYBRI

Next Generation Pentesting

Pentesting is an ever-evolving field, just like all fields in technology. Traditional pentesting revolved around networks and endpoints, the old basis for technology infrastructure in a company. Now, as COVID-19 pushed technology to change even faster in many companies, pentesting must adapt. In the last few years, cloud, mobile, and application pentesting have begun to … Read more

From the Winter 2021 Issue

Automated Pentesting – Can it Replace Humans?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

Automated Pentesting

In the past few years, cybersecurity automation in many spheres of Cybersecurity increased dramatically. However, pentesting remains stubbornly immune to this. While crowdsourced security has evolved as an alternative to pentesting in the past 10 years, it’s not based on automation. Rather, the alternative simply throws more humans at a problem and in the process, … Read more

From the Winter 2021 Issue

Zero-Knowledge Proofs, D-Day, and the Promise of Trustable Software

Author(s):

David W. Archer, PhD, Principal Scientist, Galois, Inc.

ZKP image

An old proverb tells us, “You know nothing until another knows you know it.” Sometimes, though, you don’t want that someone to know sensitive details – just the “fact of.” For example, take April 1942. In two months’, Operation Overlord would invade Germany’s “Fortress Europe.” The Allies’ deception operation, Fortitude South – following a strategy … Read more

From the Winter 2021 Issue

Cybercriminals Don’t Need to Steal Mass Amounts of Personal Data Anymore and That’s a Big Challenge for Cybersecurity Teams

Author(s):

James Everett Lee, Chief Operating Officer, The Identity Theft Resource Center

stealing Data

For at least the past 15 years, a primary goal of cybersecurity teams was to block threat actors from gaining access to the growing amount of personal information collected about consumers. Meanwhile, threat actors focused on a never-ending quest to hoover-up as much consumer personal information as possible to convert to cash. Over time, technology … Read more