Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
 This year InformationWeek asked SecurityCurve to help them with their annual Federal Cybersecurity Survey. It was a great research project and we learned a lot. If you’re interested in the findings there’s a brief article at InfoWeek:
What are the most dangerous cyberthreats? And how are agencies responding? InformationWeek launched our 2012 Federal Government Cybersecurity Survey to find out. Our poll of 106 federal IT pros involved in IT security for their organizations was conducted in March. We asked respondents to rank the threats they face and their readiness to deal with them. We inquired about cybersecurity spending… Continue reading: 2012 Federal Government Cybersecurity Survey
Firewall management vendor, Tufin, asked me to do a guest blog post for their site. I decided to address the topic of shadow rules:
As firewall admins and installers (for history buffs, I was a firewall admin and also a TIS Gauntlet firewall installer back in the 90s), we know how much time it can take to write a truly effective list of firewall rules – and to confirm that no previous rule overshadows, contradicts, or renders ineffective a rule further down the list. But if you’re trying to explain to a manager or executive why the process is so tricky – and if done improperly can lead to large, unexpected exposures – you… Continue reading: Are your Firewalls Burning Money?
New realities in data security
“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”
Making matters worse, nearly every step along the payment chain is outsourced from the time a card is swiped to the time a monthly statement arrives, leaving plenty of openings for enterprising thieves. Security is further hampered by a patchwork of data protection laws and regulatory agencies, each with… Continue reading: Citi Data Theft Points Up a Nagging Problem – NYTimes.com
 In his monthly TechNews World column for March, Ed takes a look at the difficulties practitioners face when trying to accurately measure risk success and failure in IT projects.
There’s no end-state where we can call ourselves “secure” and move on to something else. It’s not that security doesn’t have the same challenges and complexities that other projects have — like resource availability, competing priorities, and implementation complexity. It’s just that it’s so very easy to assume we are doing well when we’re really not.
For the rest of the article, please continue reading here.
Continue reading: The Never-Ending Quest for IT Security
 So, I realize this came out a while back, but I was re-reading the interesting read today over at the NY Times about the hidden costs of extra airport security.
Basically the point of the article is that the TSA backscatter imaging scanners, when they create a backlash, have a hidden cost in terms of overall airport traffic. That, in turn, has an impact on the aviation industry’s economics. And that, in turn, impacts the economy as a whole. Most folks are familiar with this line of thinking already, but what struck me was the way that they systematically studied the decreased traffic effect to see whether there was a… Continue reading: Half-baked idea #222: Risk Management, RoI, and Hidden Costs
|
|
