The deadline for compliance with the European Union General Data Protection Regulation (GDPR) is May 25, 2018. Many organizations have spent countless hours already in their preparation for the deadline, while other organizations are just getting around to reading up on it. GDPR, like Y2K of a couple decades ago, has international implications that for some organizations HAS to be addressed as GDPR will impact the lifeblood of their operations, whereas for most organizations, some due diligence needs to be done to ensure they are within the compliance of the regulation.GDPR is Today’s Y2KI reference Y2K as I was one of the advisors to the United States White House on Y2K and spent the latter part of the decade before the Millennium switchover traveling around the globe helping organizations prepare for 1/1/2000. Today with GDPR as I did then with Y2K believe there are fundamental things every organization needs to do to be prepared for the deadline, but to NOT get caught up in the hype and over speculation to the Nth degree detail that’ll drive you crazy. To read this article in full or to leave a comment, please click here
The deadline for compliance with the European Union General Data Protection Regulation (GDPR) is May 25, 2018. Many organizations have spent countless hours already in their preparation for the deadline, while other organizations are just getting around to reading up on it.GDPR, like Y2K of a couple decades ago, has international implications that for some organizations HAS to be addressed as GDPR will impact the lifeblood of their operations, whereas for most organizations, some due diligence needs to be done to ensure they are within the compliance of the regulation.GDPR is today’s Y2K
I reference Y2K because I was one of the advisors to the United States White House on Y2K and spent the latter part of the decade before the millennium switchover traveling around the globe helping organizations prepare for 1/1/2000. Today with GDPR, as I did then with Y2K, believe there are fundamental things every organization needs to do to be prepared for the deadline, but to NOT get caught up in the hype and over speculation to the Nth degree detail that’ll drive you crazy. To read this article in full or to leave a comment, please click here
The deadline for compliance with the European Union General Data Protection Regulation (GDPR) is May 25, 2018. Many organizations have spent countless hours already in their preparation for the deadline, while other organizations are just getting around to reading up on it.GDPR, like Y2K of a couple decades ago, has international implications that for some organizations HAS to be addressed as GDPR will impact the lifeblood of their operations, whereas for most organizations, some due diligence needs to be done to ensure they are within the compliance of the regulation.GDPR is today’s Y2K
I reference Y2K because I was one of the advisors to the United States White House on Y2K and spent the latter part of the decade before the millennium switchover traveling around the globe helping organizations prepare for 1/1/2000. Today with GDPR, as I did then with Y2K, believe there are fundamental things every organization needs to do to be prepared for the deadline, but to NOT get caught up in the hype and over speculation to the Nth degree detail that’ll drive you crazy. To read this article in full or to leave a comment, please click here
This 1080p Dash Camera captures video or stills, and is equipped with a motion detector and continuous loop recording. An emergency recording mode can be activated by sharp turns or sudden stops, and automatically captures unexpected driving incidents. The Dash Camera can also record whenever it sees motion in front or create a time-lapse video of your trip. Features Full HD 1080P, 170° Wide Angle Lens, 2“ LCD and Night Vision. Its typical list price has been reduced 44% to just $58.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here
This 1080p Dash Camera captures video or stills, and is equipped with a motion detector and continuous loop recording. An emergency recording mode can be activated by sharp turns or sudden stops, and automatically captures unexpected driving incidents. The Dash Camera can also record whenever it sees motion in front or create a time-lapse video of your trip. Features Full HD 1080P, 170° Wide Angle Lens, 2“ LCD and Night Vision. Its typical list price has been reduced 22% to just $69.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here
This 1080p Dash Camera captures video or stills, and is equipped with a motion detector and continuous loop recording. An emergency recording mode can be activated by sharp turns or sudden stops, and automatically captures unexpected driving incidents. The Dash Camera can also record whenever it sees motion in front or create a time-lapse video of your trip. Features Full HD 1080P, 170° Wide Angle Lens, 2“ LCD and Night Vision. Its typical list price has been reduced 22% to just $69.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here
Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here
Lately, I have been spending a lot of time on integrating security systems together, and specifically focusing a lot of my energy on Cisco’s Advanced Threat Security product family. (Disclosure: I am employed by Cisco.)Which is what brings me to Cisco’s Advanced Malware Protection (AMP), which is a solution to enable malware detection, blocking, continuous analysis and retrospective actions and alerting.In fact, when the Talos cyber-vigilantes parachute into an environment and performs their forensics analysis and active defense against attacks—AMP is one of the primary tools that they use.To read this article in full or to leave a comment, please click here
They certainly do, according to Sarah Gibson, application security consultant at Veracode, who talks with CSO senior writer Fahmida Rashid about the issues around application security, and how having a collaborative security team is key to writing good code.
Tony Gauda, CEO of ThinAir, talks with CSO senior writer Steve Ragan about how the ThinAir system tracks which users within an organization have seen each piece of data, spotting anomalous information and quickly finding the source of a leak.
Tony Gauda, CEO of ThinAir, talks with CSO senior writer Steve Ragan about how the ThinAir system tracks which users within an organization have seen each piece of data, spotting anomalous information and quickly finding the source of a leak.
They certainly do, according to Sarah Gibson, application security consultant at Veracode, who talks with CSO senior writer Fahmida Rashid about the issues around application security, and how having a collaborative security team is key to writing good code.
For many decades, the term “random numbers” meant “pseudo-random numbers” to anyone who thought much about the issue and understood that computers simply were not equipped to produce anything that was truly random.Manufacturers did what they could, grabbing some signals from the likes of mouse movement, keyboard activity, system interrupts, and packet collisions just to get a modest sampling of random data to improve the security of their cryptographic processes.And the bad guys worked at breaking the encryption.We used longer keys and better algorithms.And the bad guys kept at it. And life went on.But something recently changed all that. No, not yesterday or last week. But it was only back in November of last year that something called the Entropy Engine won an Oscar of Innovation award for collaborators Los Alamos National Laboratory and Whitewood Security. This Entropy Engine is capable of delivering as much as 350 Mbps of true random numbers—sufficient to feed an entire data center with enough random data to dramatically improve all cryptographic processes.To read this article in full or to leave a comment, please click here
For many decades, the term “random numbers” meant “pseudo-random numbers” to anyone who thought much about the issue and understood that computers simply were not equipped to produce anything that was truly random.Manufacturers did what they could, grabbing some signals from the likes of mouse movement, keyboard activity, system interrupts, and packet collisions just to get a modest sampling of random data to improve the security of their cryptographic processes.And the bad guys worked at breaking the encryption.We used longer keys and better algorithms.And the bad guys kept at it. And life went on.But something recently changed all that. No, not yesterday or last week. But it was only back in November of last year that something called the Entropy Engine won an Oscar of Innovation award for collaborators Los Alamos National Laboratory and Whitewood Security. This Entropy Engine is capable of delivering as much as 350 Mbps of true random numbers—sufficient to feed an entire data center with enough random data to dramatically improve all cryptographic processes.To read this article in full or to leave a comment, please click here
Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either thinking ahead to figure out how people may act in a given situation, or by learning over time by observing what people are doing. Since attackers learn over time by collecting feedback, obfuscating what they get can really mess up what the attackers are able to learn.
CSO senior writer Steve Ragan talks with cybersecurity experts Krypt3ia and Kodor about how the pair seek out passwords, schematics and other sensitive documents on SCADA control system architectures that shouldn't be available online, passing along tips to federal authorities to combat real-world threats.
Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either thinking ahead to figure out how people may act in a given situation, or by learning over time by observing what people are doing. Since attackers learn over time by collecting feedback, obfuscating what they get can really mess up what the attackers are able to learn.
CSO senior writer Steve Ragan talks with cybersecurity experts Krypt3ia and Kodor about how the pair seek out passwords, schematics and other sensitive documents on SCADA control system architectures that shouldn't be available online, passing along tips to federal authorities to combat real-world threats.
Any innovative technology faces a battle of doubt. When Amazon first rolled out AWS, few could imagine servers running in the cloud. Before Salesforce, many thought CRM to be too critical to run as SaaS. I find SD-WANs to be facing a similar battle. It’s inconceivable to many that an SD-WAN could replace MPLS. This is particularly true for security teams.At one recent client, a chemical company, the team was looking to transition from MPLS to SD-WAN. The security group, though, could not accept the fact that SD-WANs met the requirements stipulated by CFATS (Chemical Facility Anti-Terrorism Standards) guiding the chemical industry.It was a classic example of professionals getting hooked into the implementation and failing to consider alternative approaches to addressing the same need. CFATS professionals assume MPLS and firewalls to be mandated by the standard. MPLS being the de facto transport. As for firewalls, “Organizations understand and feel safe with firewalls,” says Nirvik Nandy, my partner and the president and CEO, of Red Lantern, a security and compliance consultancy.To read this article in full or to leave a comment, please click here
Any innovative technology faces a battle of doubt. When Amazon first rolled out AWS, few could imagine servers running in the cloud. Before Salesforce, many thought CRM to be too critical to run as SaaS. I find SD-WANs to be facing a similar battle. It’s inconceivable to many that an SD-WAN could replace MPLS. This is particularly true for security teams.At one recent client, a chemical company, the team was looking to transition from MPLS to SD-WAN. The security group, though, could not accept the fact that SD-WANs met the requirements stipulated by CFATS (Chemical Facility Anti-Terrorism Standards) guiding the chemical industry.It was a classic example of professionals getting hooked into the implementation and failing to consider alternative approaches to addressing the same need. CFATS professionals assume MPLS and firewalls to be mandated by the standard. MPLS being the de facto transport. As for firewalls, “Organizations understand and feel safe with firewalls,” says Nirvik Nandy, my partner and the president and CEO, of Red Lantern, a security and compliance consultancy.To read this article in full or to leave a comment, please click here