From the Summer 2017 Issue

The Human Factor: Users as Security Sensors

Author(s):

Phillip R. Hasse, President/CEO, Contextual IT Solutions

If there is any consensus within IT security, it is that the security provided is often ineffective in preventing or detecting unauthorized activity. Attackers’ agility often exceeds the defenders’ ability to adapt to changing tactics and technologies. Typically, the response is to provide faster machines and more capable software. It’s like a high-stakes chess game … Read more

From the Summer 2017 Issue

SOFTWARE DEFINED NETWORKING’S (SDN) IMPACT ON CYBERSECURITY

Author(s):

Henry J. Sienkiewicz, Author,

Our connected world has changed expectations and requirements. Only a short time ago, a mobile phone connected to an enterprise application would have been unimaginable. The network could not support it. Security would not allow it. Both have evolved. The network has dramatically increased in bandwidth while becoming much more agile. Static, fixed IP addresses … Read more

From the Summer 2017 Issue

Web Application Security: Integration or Extinction

Author(s):

Helen Korobko, Vice President of Technology Solutions, Svitla Systems

Web applications have become a primary vulnerability for modern business  Today, almost every enterprise produces, leverages, transacts business or depends upon web or Cloud enabled software. As a result, web applications have become the number one target for malicious attacks. According to Gartner, 80% of attacks target web applications.1 Often, these attacks exploited easily mitigated … Read more

From the Summer 2017 Issue

Building Resilience in an End-to-End Encryption World

Author(s):

Ed Alcantara, Chief Cyber Intelligence Officer, BLACKOPS Cyber

It can be argued that strong end-to-end encryption has been responsible for the trust that enables the internet economy that has revolutionized the way commerce is conducted, created tremendous wealth and enabled the spontaneous generation of knowledge economies across the world. Unfortunately, the same encryption technologies have created great difficulties for the law enforcement and … Read more

From the Summer 2017 Issue

REVOLUTION and EVOLUTION: Fully Homomorphic Encryption

Author(s):

Dr. David Archer, PhD, Principal Research Scientist, Galois, Inc.

More and more computation is being outsourced to public clouds. Cloud computers can be just as vulnerable as any other computer, putting the privacy of sensitive data at risk. As nation-state cyber weapons become increasingly available to amateur and low-level professional cyber criminals, the external threats against those cloud-based systems continue to grow. In addition, … Read more

Network Integrity

Author(s):

Gary Merry, CEO, Deep Run Security Services, LLC

Cloud connecting to people in tech circles, network integrity

Network integrity starts with a network diagram. Actually, most things regarding technology risk should start with a network diagram. Your network is the circulatory, nervous and endocrine systems of your company. As such, it…

From the Spring 2017 Issue

EDUCATE or TRAIN for CYBERSECURITY?

Author(s):

Dr. Jane A. LeClair, President, Washington Center for Cybersecurity Research & Development

Those with a vested interest in cybersecurity have long recognized the vulnerabilities that are inherent to our digital systems, demonstrated by countless breaches over the years. From big box stores to government agencies, celebrities to the nation’s critical infrastructure, no system has been safe. With so much at stake, we must, as a nation, protect … Read more

From the Spring 2017 Issue

10 Steps to Risk Management: Compliance and Risk Mitigation in a Sea of Data Security Risk

Author(s):

Keith Moulsdale, Co-Chair, Cybersecurity, Data Management & Privacy Group, Whiteford, Taylor & Preston LLP

If you’re drowning in a sea of fast-changing, complex information about data security, you are in good company. It seems that every day new and modified threat methods and vectors appear; another vendor knocks on your door pitching a product or solution as the latest digital security panacea; a customer or vendor (or both) tries … Read more

From the Spring 2017 Issue

It’s Not the Breach, It’s the Data: A Case for Deterrence by Denial

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

In his 1935 book, War is a Racket1, retired Marine Corps Major General (and two-time Medal of Honor recipient) Smedley Butler2 discussed the financial incentives and commercial benefits that lead nations to engage in armed conflict. Modern day motivations are no different. Verizon reported that, in 2016, “89% of breaches had a financial or espionage … Read more