Monthly Archives: December 2014

2014: The Year Our Trust in Information Protection Collapsed

Published December 31, 2014 | By Dan Blum

Between setting up Security Architects Partners as a new consulting business and working two big contracts, I wasn’t sure I’d have time for a New Year’s review. Happily, my colleague Dr. Fred Cohen has made it easy for me by… Continue reading →

Posted in Dan Blum | Tagged sharing, standard of practice

Sony Hack: Just Another Privilege Escalation?

Published December 29, 2014 | By Dan Blum

Concerning Sony, Sanjay Tandon writes that, “in all likelihood, what happened here is that malicious perpetrators gained administrative access within Sony’s network, and used it to obtain access to whatever they wished to obtain access.” In his Cyber… Continue reading →

Posted in Dan Blum | Tagged Active Directory, breach, identity management, PAM

Turkish Pipeline Attack – The Hour is Later Than You Think

Published December 25, 2014 | By Dan Blum

The alleged attack on the Baku-Tbilisi-Ceyhan (BTC) pipeline has it all: geopolitical and ethnic conflict, potential nation state or terrorist involvement, environmental and economic disaster potential. Is is said to be comparable in destructive effect to Shamoon… Continue reading →

Posted in Dan Blum | Tagged breach, critical infrastructure, cybersecurity, cyberwar

The Sandbox Wars, They Have Begun

Published December 20, 2014 | By Dan Blum

Since writing “What’s in the Sandbox?” I’ve been waiting for the sandbox shootout: “Zscaler vs FireEye – Insights from the experts at Miercom Labs.” Now its here: According to Miercom Zscaler is… Continue reading →

Posted in Dan Blum | Tagged APT, cybersecurity, FireEye, sandbox, SWGs, zscaler

Security Governance (Part 2): Operating the Matrix

Published December 16, 2014 | By Dan Blum

At the root of many consulting engagements we find a security governance problem. Last week, in Part 1 of this series, I described the centralized, decentralized and matrixed primitives of security governance. I published the matrixed security governance… Continue reading →

Posted in Dan Blum | Tagged governance

The Internet of (Vulnerable) Things

Published December 10, 2014 | By Dan Blum

Internet of Things (IoT) is all the hype these days. But Fearless Security – writing about “stupid security” – casts a whole new light on the subject.

What is it about IoT? I keep coming up with new acronyms:

IOPT:… Continue reading →

Posted in Dan Blum | Tagged Internet of Things, IoT

Security Governance Models and Structures