Topic: Engineering and Vulnerability Management

From the Spring 2019 Issue

An Information Security Triality: Balancing Security, Surveillance, and Convenience

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Information Triality

Information security cultural iconography focuses on heroic and demonic archetypes, resulting in a pageant of evocative, emotional imagery that influences reportage, regulation, acquisition, enterprise governance, and the choices made by individuals with respect to their digital personae. The angels (in the epic struggle in the wires between good and evil) are the network defenders. They … Read more

From the Spring 2019 Issue

The Role of Voice Authentication in Cybersecurity

Author(s):

Justin Petitt, Director, Cybersecurity Center of Excellence, Edgewater Federal Solutions

Larry Letow, CEO, U.S., CyberCX

Voice Authentication

Everyone loves to talk about the future of cybersecurity. However, most do not realize that in doing so, they’re using one of the most secure tools available to facilitate that conversation, the human voice. The voice connects us person-to-person, and when used as a component in enterprise, can securely connect us to our data around … Read more

From the Spring 2019 Issue

Programmable Networking: Solving the Security Challenges facing SD-WAN

Author(s):

Edward J. Wood, ,

programmable-network-header

Enterprises are moving their communications to the internet. Private networks are costly, inflexible, and do not easily enable the digital transformation of their businesses. However, over the last couple of years, we have seen a plethora of SD-WAN technologies come to market. Safe to say, SD-WAN adoption has accelerated. Unfortunately, SD-WAN has a number of … Read more

From the Winter 2019 Issue

Free Isn’t Always Best– It should come with a Big Caution Sign

Author(s):

MG (Ret) Quantock, , United States Army (Ret)

Quantock-feature-image-wn19

The free mapping in your phone is a powerful tool. And while it’s not designed to fire an artillery shell on a precision target, the app has all the basic features you need. So, why doesn’t the U.S. military ditch its expensive firing systems for free solutions? Because, while free products often have the features … Read more

From the Winter 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency – Part 1

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

AudieHittle-feature-image-wn19

This two-part article examines risks and implications related to securing American critical infrastructure. Part I examines the historical framework and the current state of critical infrastructure protection. Part II discusses ways threat responses can be improved. What happens if one day you awake and discover the power had gone off during the night? You may … Read more

From the Winter 2019 Issue

Evaluating the Operational Technology Environment: Improving DHSs Cybersecurity Evaluation Tool (CSET)

Author(s):

Henry J. Sienkiewicz, Faculty, Georgetown University

HenrySienkiewicz-feature-image-wn19

Servers, laptops, mobile devices, routers, industrial control systems, fire control systems, elevator operations, are the connected technology components of modern life that perform particular functions, offer ease of use, and that represent risks and vulnerabilities to an organization’s cyber environment. The cyber environment is tied to physical devices, including networking equipment, intrusion detection systems, data … Read more

Blockchain Meets Cybersecurity

Author(s):

Zehra Ali, ,

Blockchain abstract, blue chain links

Where Blockchain Meets Cybersecurity Blockchain technology is a powerful public ledger that records every “block” of data as it moves across many computers. Businesses of all types and sizes have to deal with a lot of information on a daily basis. Data is usually an extremely valuable asset for their operations. But keeping it safe … Read more

Microsegmentation and a Zero-Trust Network

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Server room, Microsegmentation in a zero-trust system

We are currently in an unfortunate situation where universally, every business model predicates itself around connectivity. In fact, to be on the edge of innovation is to connect, to everything, before anyone else connects. With each new development, security suffers immediately. The incredulity that is always met with a new Facebook data breach is going … Read more

From the Fall 2018 Issue

40% Of Breaches are Related to Credit Card Data: Is Payment Software Secure?

Author(s):

Kelvin O. Medina, Principal Security Consultant, Trustwave

credit-card-data-security-86491586

Forty percent of the data breaches for 2017 were reported as involving credit card data, according to the 2018 Trustwave Global Security Report.1 The data breaches analyzed used attacks such as phishing/social engineering, malicious insiders, and misconfigurations. This is illustrated below in Figure 1: Methods of Compromise2. Those numbers likely do not include hundreds of … Read more

From the Fall 2018 Issue

Zero Days and Zero Trust: Microsegmentation and Security in a World of Many

Author(s):

Jack Koons, Author,

koons-article-header

In a world where the business model is racing to connect everything, security is failing to keep pace. This sets up a dynamic tension within the organization between the network/infrastructure teams and the security teams. We are placing the current crop of CIO, CISO, and CTOs in an almost untenable position, and levying unrealistic requirements … Read more