Defending the Digital Election Infrastructure
Someday we’ll conduct elections fully online, but to do that we’ll require a more secure digital election infrastructure. As the U.S. 2020 election process ramps up, technology plays an increasing role. Organizations engaged in the political process must strengthen cybersecurity… Continue reading
Is Threat Intelligence a Misnomer?
The bulk of what passes for “threat intelligence” is just ephemeral data, frequently changed by hackers, and only useful on short-lived blacklists. To improve their cybersecurity, organizations need to raise their “threat IQ”. The security ecosystem of vendors and… Continue reading
Speaking at the Threat Intelligence Summit 2015
MISTI’s Threat Intelligence Summit 2015 is coming to Orlando September 29-30, and I’ll be speaking there on:
Separating Threat Intelligence from FUD: An Enterprise Approach
A breach here, an NSA expose there – cybersecurity’s constantly in the news. Fear,… Continue reading
How Mature are your Enterprise Security Data Sharing Practices?
Last month I wrote about attending a Department of Homeland Security (DHS) conference on its effort to create a new wave of Information Sharing Analysis Organizations (ISAOs). Along with many in the industry, I believe the future of cybersecurity… Continue reading
Attending DHS Information Sharing and Analysis Organization (ISAO) Workshop
Tomorrow (June 9), I’m attending the Department of Homeland Security (DHS) Information Sharing and Analysis Organization (ISAO) Workshop. Federally-encouraged “ISAOs”are intended to augment or replace the existing “ISACs”. ISACs are “centers” organized by industry sectors (e.g. finance, research… Continue reading
Regaining the Defensive Advantage in Cybersecurity
Disease may be the best metaphor for our cybersecurity status, and Security Architects Partners has recorded a webinar diagnosing possible cures. With some special guests, we covered core prevention mechanisms, smart deception techniques to turn the tables… Continue reading
Questions to Ask Your Cyber-Insurance Provider
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading
Was the Sense of Defeatism at RSA 2015 a Good Thing?
As the RSA 2015 conference (#RSAC2015) was winding down last week, someone commented on what he perceived as a “sense of defeatism.” In sessions and on the show floor “Every vendor is saying “you’re already penetrated.” There… Continue reading
It Takes a Network to Fight Networks
At the RSA pre-conference Cloud Security Alliance (CSA) Summit both Philippe Courtot (CEO, Qualys) and Marc Goodman (Author, “Future Crimes”) highlighted the need for a paradigm shift in how enterprises and societies address cloud security.
Courtot finds… Continue reading
Pressures and Pitfalls for Early Disclosure in the Wake of the Anthem Breach
As the investigation continues into yesterday’s announcement of the #AnthemHack, Security Architects Partners will be monitoring to see what it portends for early breach notification. By disclosing early, Anthem broke the typical mold of companies waiting to complete a full… Continue reading