Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
Firewall management vendor, Tufin, asked me to do a guest blog post for their site. I decided to address the topic of shadow rules:
As firewall admins and installers (for history buffs, I was a firewall admin and also a TIS Gauntlet firewall installer back in the 90s), we know how much time it can take to write a truly effective list of firewall rules – and to confirm that no previous rule overshadows, contradicts, or renders ineffective a rule further down the list. But if you’re trying to explain to a manager or executive why the process is so tricky – and if done improperly can lead to large, unexpected exposures – you… Continue reading: Are your Firewalls Burning Money?
New realities in data security
“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”
Making matters worse, nearly every step along the payment chain is outsourced from the time a card is swiped to the time a monthly statement arrives, leaving plenty of openings for enterprising thieves. Security is further hampered by a patchwork of data protection laws and regulatory agencies, each with… Continue reading: Citi Data Theft Points Up a Nagging Problem – NYTimes.com
 In his monthly TechNews World column for March, Ed takes a look at the difficulties practitioners face when trying to accurately measure risk success and failure in IT projects.
There’s no end-state where we can call ourselves “secure” and move on to something else. It’s not that security doesn’t have the same challenges and complexities that other projects have — like resource availability, competing priorities, and implementation complexity. It’s just that it’s so very easy to assume we are doing well when we’re really not.
For the rest of the article, please continue reading here.
Continue reading: The Never-Ending Quest for IT Security
 So, I realize this came out a while back, but I was re-reading the interesting read today over at the NY Times about the hidden costs of extra airport security.
Basically the point of the article is that the TSA backscatter imaging scanners, when they create a backlash, have a hidden cost in terms of overall airport traffic. That, in turn, has an impact on the aviation industry’s economics. And that, in turn, impacts the economy as a whole. Most folks are familiar with this line of thinking already, but what struck me was the way that they systematically studied the decreased traffic effect to see whether there was a… Continue reading: Half-baked idea #222: Risk Management, RoI, and Hidden Costs
My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article.
SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage on the grid and ensure customers have energy during times of high use. It’s also what manufacturing plants use to manage the shop floor to make sure production can continue without interruption. If you’re like most network and application security professionals, you’ve never worked with a SCADA system. SCADA knowledge is specialized and often not covered in traditional security training and certifications like… Continue reading: Why SCADA Security Matters–And What You Should Know About It
|
|
