Topic: Engineering and Vulnerability Management

From the Summer 2017 Issue

Web Application Security: Integration or Extinction

Author(s):

Helen Korobko, Vice President of Technology Solutions, Svitla Systems

Web applications have become a primary vulnerability for modern business  Today, almost every enterprise produces, leverages, transacts business or depends upon web or Cloud enabled software. As a result, web applications have become the number one target for malicious attacks. According to Gartner, 80% of attacks target web applications.1 Often, these attacks exploited easily mitigated … Read more

From the Summer 2017 Issue

Building Resilience in an End-to-End Encryption World

Author(s):

Ed Alcantara, Chief Cyber Intelligence Officer, BLACKOPS Cyber

It can be argued that strong end-to-end encryption has been responsible for the trust that enables the internet economy that has revolutionized the way commerce is conducted, created tremendous wealth and enabled the spontaneous generation of knowledge economies across the world. Unfortunately, the same encryption technologies have created great difficulties for the law enforcement and … Read more

From the Summer 2017 Issue

REVOLUTION and EVOLUTION: Fully Homomorphic Encryption

Author(s):

David W. Archer, PhD, Principal Scientist, Niobium Microsystems and Galois, Inc.

More and more computation is being outsourced to public clouds. Cloud computers can be just as vulnerable as any other computer, putting the privacy of sensitive data at risk. As nation-state cyber weapons become increasingly available to amateur and low-level professional cyber criminals, the external threats against those cloud-based systems continue to grow. In addition, … Read more

Network Integrity

Author(s):

Gary Merry, CEO, Deep Run Security Services, LLC

Cloud connecting to people in tech circles, network integrity

Network integrity starts with a network diagram. Actually, most things regarding technology risk should start with a network diagram. Your network is the circulatory, nervous and endocrine systems of your company. As such, it…

From the Spring 2017 Issue

EDUCATE or TRAIN for CYBERSECURITY?

Author(s):

Dr. Jane A. LeClair, President, Washington Center for Cybersecurity Research & Development

Those with a vested interest in cybersecurity have long recognized the vulnerabilities that are inherent to our digital systems, demonstrated by countless breaches over the years. From big box stores to government agencies, celebrities to the nation’s critical infrastructure, no system has been safe. With so much at stake, we must, as a nation, protect … Read more

From the Spring 2017 Issue

10 Steps to Risk Management: Compliance and Risk Mitigation in a Sea of Data Security Risk

Author(s):

Keith Moulsdale, Co-Chair, Cybersecurity, Data Management & Privacy Group, Whiteford, Taylor & Preston LLP

If you’re drowning in a sea of fast-changing, complex information about data security, you are in good company. It seems that every day new and modified threat methods and vectors appear; another vendor knocks on your door pitching a product or solution as the latest digital security panacea; a customer or vendor (or both) tries … Read more

From the Spring 2017 Issue

It’s Not the Breach, It’s the Data: A Case for Deterrence by Denial

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

In his 1935 book, War is a Racket1, retired Marine Corps Major General (and two-time Medal of Honor recipient) Smedley Butler2 discussed the financial incentives and commercial benefits that lead nations to engage in armed conflict. Modern day motivations are no different. Verizon reported that, in 2016, “89% of breaches had a financial or espionage … Read more

From the Winter 2017 Issue

The Changing Dynamics of Cyber Assessments

Author(s):

John Williams, CEO, CyVision Technologies, Inc.

Cybersecurity is a lot like meteorology. For example, hurricane tracking systems fuse disparate weather data into a common model that supports situational awareness, decision making and response planning. A single datum, such as wind speed or barometric pressure is not sufficient to determine the hurricane’s path. The model’s accuracy is dependent on the integration of … Read more

From the Winter 2017 Issue

The Move to Standardization and Open Architectures Enable Cybersecurity Automation for Government Sector

Author(s):

Steve Kirk, Vice President, Fortinet Federal

As networks become increasingly complex, with wireless connectivity, the move to the cloud, BYOD, and the Internet of Things, they present ever-growing opportunities for compromise. Most organizations have deployed several security devices as part of their overall security infrastructure, usually from different vendors. Often, those devices don’t talk to one another. These interoperability challenges can … Read more