From the Winter 2020 Issue

Threat Modeling: Methodologies, Myths, and Missing Perspectives

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

Threat Modeling

On April 10, 2014, citizens of Ghaziabad, a city near Delhi, India, cast their ballots for parliamentary elections using electronic voting machines. The machines – and the votes they held – had to be stored in a secure location for a month, until vote counting was set to begin.  When planning, election officials accounted for … Read more

From the Winter 2020 Issue

Outsourcing Your Security Operations Center and Why It Makes Good Sense

Author(s):

John Price, Chief Executive Officer, SubRosa Cyber Solutions

SOCaaS Outsourcing

2019 saw more than its fair share of data breaches, including numerous mega breaches that were considered newsworthy. These breaches were costing organizations hundreds of millions of dollars and affecting billions of consumers across the globe. 2019 also saw many smaller, but just as damaging breaches. The breaches affected retail companies like Macy’s and Saks … Read more

From the Fall 2019 Issue

Practical Advice for DoD Contractor Cybersecurity Compliance

Author(s):

Glyn Cashwell, Esq., JD, CISSP, CSEP, PMP, PE, ProObject/Cashwell Legal, LLC

Compliance

There are a number of questions that small businesses frequently ask about cybersecurity compliance within their organization. It is important for the DoD small business community to better understand Controlled but Unclassified Information (CUI), DFARS 252.204-7012, and Cybersecurity Maturity Model Certification (CMMC). What Exactly is Controlled but Unclassified Information (CUI)? CUI must be clearly marked … Read more

From the Fall 2019 Issue

Data Subject Access Requests (DSAR) Under CCPA (California Consumer Privacy Act): Challenges and Solutions

Author(s):

Sameer Ahirrao, Founder and CEO, Ardent Security

CCPA Header

Background Privacy laws are coming in effect worldwide and GDPR (General Data Protection Regulation), the most comprehensive data protection law, came in effect in May 2018 in Europe. Here in the U.S., CCPA (California Consumer Privacy Act) will be a landmark law for protecting consumer data privacy. This act will go into effect in January … Read more

From the Spring 2019 Issue

Evolution of National Cyber Strategy in the United States

Author(s):

Eric Hipkins, Founder and Chief Executive Officer, R9B

“Everything in war is simple, but the simplest thing is difficult.” -Carl von Clausewitz What would the old Prussian general have to say about warfare in the 21st century? The wars of today, and certainly of tomorrow, may be readily understood as anything but simple. At least in comparison to the days of armies meeting … Read more

From the Spring 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency Part 2

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

critical infrastructure sp19

Part II – Responding Faster to Threats Part II of this article will discuss mechanisms that can increase the speed with which responses to critical infrastructure threats can be executed. So what are some specific options and what can be done to implement a faster, more aggressive response to such cyber threats? One security approach … Read more

From the Winter 2019 Issue

Designing Compliance: To Cloud or Not to Cloud?

Author(s):

Ryan Brady, Cybersecurity Analyst, ProObject

RyanBrady-feature-image-wn19

Organizations implementing a new corporate network may find it more practical to not deploy and manage an on-premises network infrastructure (e.g., a network with local internally managed servers). The cloud provides an attractive alternative. Data storage, virtualization, software development, and system management are all managed offsite by cloud service providers. These offerings collectively comprise software … Read more

From the Winter 2019 Issue

Increasing the Operational Readiness and Performance of Department of Defense Cybersecurity Service Providers

Author(s):

Cesar Pie, President and CEO, CSIOS Corporation

Clinton Hackney, Chief Technology Officer, CSIOS Corporation

CSIOS

Introduction Since its establishment in 2001, the Department of Defense (DOD) Cybersecurity Service Provider (CSSP) Program has progressively and systematically matured to become one of the most critical components of the Department’s Defense — In-Depth strategy. Today, 24 DOD CSSPs are responsible for provisioning 24x7x365 cybersecurity services (e.g., protect, detect, respond, and sustain) to implement … Read more

CAA Record: A Small Step Towards a Safer Internet

Author(s):

Paul Baka, ,

CAA Records Metadata

A Case of Misplaced Trust A lot of trust is placed in certificate authorities. SSL/TLS on its’ own protects against a malicious actors. It does this by intercepting communications. However, certificate authorities do nothing to prevent sending data to someone who has found a way to route client traffic to a copycat website. Certificate Authorities … Read more

From the Fall 2018 Issue

The Next Generation of Defensive Cyberspace Operators

Author(s):

Cesar Pie, President and CEO, CSIOS Corporation

Clinton Hackney, Chief Technology Officer, CSIOS Corporation

Defensive Cyberspace Operations

Introduction Whether internal or external to the Department of Defense Information Network (DODIN), passive and active Defense Cyberspace Operations (DCO) are Cyberspace Operations (CO) intended to protect and defend the Department of Defense (DOD) or other friendly cyberspace from adversary actions. A key characteristic of DOD’s DCO is the construct of active cyberspace defense. Active … Read more