From the Spring 2017 Issue

10 Steps to Risk Management: Compliance and Risk Mitigation in a Sea of Data Security Risk

Author(s):

Keith Moulsdale, Co-Chair, Cybersecurity, Data Management & Privacy Group, Whiteford, Taylor & Preston LLP

If you’re drowning in a sea of fast-changing, complex information about data security, you are in good company. It seems that every day new and modified threat methods and vectors appear; another vendor knocks on your door pitching a product or solution as the latest digital security panacea; a customer or vendor (or both) tries … Read more

From the Spring 2017 Issue

It’s Not the Breach, It’s the Data: A Case for Deterrence by Denial

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

In his 1935 book, War is a Racket1, retired Marine Corps Major General (and two-time Medal of Honor recipient) Smedley Butler2 discussed the financial incentives and commercial benefits that lead nations to engage in armed conflict. Modern day motivations are no different. Verizon reported that, in 2016, “89% of breaches had a financial or espionage … Read more

From the Winter 2017 Issue

The Changing Dynamics of Cyber Assessments

Author(s):

John Williams, CEO, CyVision Technologies, Inc.

Cybersecurity is a lot like meteorology. For example, hurricane tracking systems fuse disparate weather data into a common model that supports situational awareness, decision making and response planning. A single datum, such as wind speed or barometric pressure is not sufficient to determine the hurricane’s path. The model’s accuracy is dependent on the integration of … Read more

From the Winter 2017 Issue

The Move to Standardization and Open Architectures Enable Cybersecurity Automation for Government Sector

Author(s):

Steve Kirk, Vice President, Fortinet Federal

As networks become increasingly complex, with wireless connectivity, the move to the cloud, BYOD, and the Internet of Things, they present ever-growing opportunities for compromise. Most organizations have deployed several security devices as part of their overall security infrastructure, usually from different vendors. Often, those devices don’t talk to one another. These interoperability challenges can … Read more

From the Winter 2017 Issue

Security through Planned Destruction— Using the Cloud to Reduce APT Risk 

Author(s):

Chris Rutherford, CISSP, CAP, Senior Strategic Cyber Consultant, LMI

David K. Shepherd, CISSP, PMP, Senior Consultant, LMI

Many network attacks gaining attention today are advanced persistent threats (APT) that aim to maintain access for long-term data exfiltration. The advent of cloud infrastructure provides a new avenue of defense against persistent network attacks. The ability to plan the destruction and re-creation of virtual machines in the cloud environment can dramatically reduce the time … Read more

From the Winter 2017 Issue

Achilles Heel: The Vulnerability of Embedded Firmware

Author(s):

Terry Dunlap, Founder and CEO, Tactical Network Solutions

Embedded firmware “is the flash memory chip that stores specialized software running in a chip in an embedded device to control its functions.”1 It’s everywhere – in computers, large and small electronic devices, Internet of Things (IoT) devices, medical devices, phones, tablets, cars and a host of other places. The vast majority resides in vulnerable … Read more