From the Winter 2015 Issue

Seeing the Entire Elephant: Or,You’re Not Secure if You’re Not Completely Secure

Author(s):

Anne Kohnke, Assistant Professor of IT, Lawrence Technological University

Dan Shoemaker, Professor - Center for Cyber Security, University of Detroit Mercy

Almost everybody thinks, or would like to think, that the systems that power our society are secure. That would be a seriously incorrect assumption. The fact is that America’s electronic infrastructure is riddled with the type of vulnerabilities that have allowed computer crime to officially surpass the drug trade in the past decade. To illustrate … Read more

From the Winter 2015 Issue

What You Don’t See Can Hurt You

Author(s):

Peter Velikin, Vice President of Marketing, Pwnie Express

Protecting enterprises from hacks and other malicious activity is a challenge for organizations, both in the public and private sectors. The drumbeat of breaches continues and there are no signs of it slowing. The stakes have never been higher. The types and frequency of attacks are increasing and securing your organization has never been more … Read more

From the Winter 2015 Issue

Debunking the Big Bad “Cloud”

Author(s):

Kris Martel, EVP of Operations, Chief Information Security Officer, Emagine IT

There are some topics that seem to be shrouded with uncertainty and confusion and the “Cloud” is one of those topics. I was talking with a fellow CISO of a Federal Agency a few weeks back and the topic of “cloud migration” came up. Not unexpectedly, my CISO friend expressed that the biggest obstacles to … Read more

From the Fall 2014 Issue

Cloud Vulnerability – Scanning Options for Enterprises

Author(s):

Kellep A. Charles, Information Security Analyst/Researcher, SecurityOrb, LLC

Many enterprises wisely consider regular security vulnerability scans on information processing systems to be a vital component of their security programs. They allow the administrator to locate security weaknesses, assist in asset management and, most importantly, comply with regulatory compliance. In a traditional environment, the process is not difficult to carry out, but with the … Read more

From the Summer 2014 Issue

Stalking Prey: An RF Hacker’s Perspective

Author(s):

Rick Mellendick, Chief Security Officer, PIAchievers

Nearly everyone has an RF signature, and it is becoming as common as your fingerprint. This signature is the culmination of device and device usage such as: Your cell phone’s frequency Names of the networks you connect to with yourdevices Bluetooth devices and the connections to andfrom them Your device or devices (e.g., laptop, phone, … Read more

From the Summer 2014 Issue

Cybersecurity in the Supply Chain

Author(s):

Taylor Wilkerson, Program Manager, Supply Chain Management Program, LMI

For most of us, cybersecurity means network and data protection. We think of intrusion detection, firewalls, secure network design, secure and trained workforce, social engineering, and other security activities. Essentially, we view cybersecurity as the tools and activities that keep our networks and the data that they handle secured. But what if one of the … Read more

From the Spring 2014 Issue

Near-Term Vision of IT Security Threat Monitors

Author(s):

Benjamin Shelton, , Nangwik Services

Don Tobin, ,

Continuously updating, learning and optimizing in an ever-changing “threatscape”   As most information security professionals are aware, breaches go from initial point of entry to data extraction in a matter of hours or seconds, yet their detection, analysis, and remediation is usually measured in weeks. New techniques and approaches are needed to shrink this time difference. There … Read more

From the Spring 2014 Issue

Preventing Friends and Foes from CyberSpying on YOU

Author(s):

Dr. Christopher V. Feudo, President, University of Fairfax

We all are well aware that cyber attacks continue to increase in complexity, frequency and severity. These malicious cyber activities continue to grow at an unprecedented rate, severely threatening the nation’s public and private information infrastructure, as well as our very essence – our identities, our data, our personal conversations, our finances, and all aspects … Read more