Select the directory option from the above "Directory" header!

Security: Opinions

Opinions

  • The OPM lawsuit will only make the lawyers rich

    Sensitive data pertaining to millions of people was compromised in the data breach at the U.S. Office of Personnel Management. I suspect that millions of those people smiled when they heard about the <a href="http://www.computerworld.com/article/2942038/security/opm-hit-by-classaction-suit-over-breach-of-federal-employee-data.html">filing of a class-action lawsuit filed against the OPM</a>. They would like some recompense for the incredible hassle that data breach caused them. And they probably want to see the OPM pay for its mistakes. Unfortunately, those smiles are probably about all they will get out of the lawsuit.

  • What defines a mature IT security operation?

    RSA recently published its inaugural and aptly named <a href="http://www.emc.com/collateral/ebook/rsa-cybersecurity-poverty-index-ebook.pdf">Cybersecurity Poverty Index</a>. This study is based on self-assessments by organizations who compared their current security implementations against the <a href="http://www.nist.gov/cyberframework/cybersecurity-framework-faqs.cfm">NIST Cybersecurity Framework</a>. According to the report, almost 66 percent rated themselves as inadequate in every category. With all of the recent breaches in the news, part of me is astounded at this finding. The other part is not surprised, given that this matches what I see in the field every day.

  • Who's flying the plane? The latest reason to never ignore security holes

    Some things are just so predictable. A retailer is told about a mobile security hole and dismisses it, saying it could never happen in real life -- and then it happens. A manufacturer of passenger jets ridicules the risk posed by a wireless security hole in its aircraft, saying defensive mechanisms wouldn't let it happen -- and then it happens.

  • Taking our breach response plan for a test-drive

    One thing that we security managers can be sure of is this: There is no guarantee that our company will not suffer a security breach. In fact, the odds are increasing all the time, helped along by the proliferation of mobile devices, companies' heavy use of software as a service and the <a href="http://www.computerworld.com/category/consumerization/?nsdr=true">consumerization of IT</a>. And let's face it: Creating a culture that fosters innovation and attracts talent exacts a cost in defensibility.

  • Sony reminds us all what a pathetically weak link email is

    Sony is reliving the nightmare that <a href="http://www.computerworld.com/article/2858358/fbi-calls-sony-hack-organized-but-declines-to-name-source-or-finger-north-korea.html">its hacked databases</a> gave rise to late last year, now that <a href="http://www.computerworld.com/article/2910891/wikileaks-publishes-searchable-database-of-hacked-sony-docs.html">Wikileaks has thoughtfully published all of the leaked documents in a searchable database</a>. Really, they are the most courteous hoodlums ever.

  • Discovering a blind eye to vulnerabilities

    Last week, I was horrified to discover a problem with my <a href="http://www.computerworld.com/article/2569669/security0/two-sides-of-vulnerability-scanning.html">vulnerability scanner</a>. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.

  • With greater visibility comes increased response

    I mentioned in a previous article that we are using <a href="http://www.computerworld.com/article/2894450/making-the-case-for-security.html">a "loaner" Palo Alto Networks firewall</a>, with all the bells and whistles. Our testing led to all sorts of interesting discoveries, and I certainly hope that the executive staff will agree that the increased visibility makes this sort of new-generation firewall well worth the investment.

  • BYOD and Cloud are top data breaches and malware risks, survey shows

    With the influx of personal devices in the workplace and the unprecedented risk of data breach and malware, tightening IT security at a company can seem like a daunting task. Just how difficult of a task is it? What are the biggest security risks and what are the top minds in IT considering to combat them?

  • The signs of spring: Birds, flowers and new tech

    Back in the dark ages, when the only way to get onscreen entertainment was by tuning in a television set at a specific time (get home late? miss your favorite show? too bad for you!), networks had a habit of scheduling similar shows opposite each other. The notion was presumably, that the competition would cause one show to win out over the other, which would eventually drop in the ratings and get cancelled. The idea that viewers might be interested in seeing both apparently was not in the networks' psychology.

  • Where's the data?

    It's a time-honored tradition: U.S. businesses find ways to skirt inconvenient or expensive laws by moving operations to other countries. Thus we have had U.S. corporations operating overseas to exploit child labor, run sweatshops or avoid taxes and rigorous health and safety inspections. Now the U.S. government says something similar is happening in regards to email.

  • Don't get into an email mess

    Though she may have broken no laws, Hillary Clinton acted irresponsibly in using a personal email account to conduct official U.S. government business in her capacity as secretary of State.

  • Making the case for security

    Having been at my new company for several months now, this week I was invited to inform executive management about the state of our security. I had half an hour to formally introduce myself and talk about my philosophy, my initial findings and the priorities I think we need to have.

  • Web browsers are also to blame for Lenovo's Superfish fiasco

    Lenovo pre-installing Superfish software was a security disaster. Whether Lenovo was evil, or, as they eventually claimed, merely incompetent, it's hard to trust them going forward. If nothing else, their initial denials that anything was wrong, leave a lasting impression. Of course, Superfish, along with the software that they bundled from Komodia, also deserve plenty of blame for breaking the security of HTTPS and SSL/TLS.

  • yARN: Taking back the Hack

    Hackers tend to get a bad rap. When I find myself talking to people outside of the coding community and mention the word hacker, I invariably get the same response.

  • The ‘sophisticated attack' myth

    Sometimes I wonder whether any company will ever fall victim to an unsophisticated cyberattack. Because after every attack that comes to light, we hear that same excuse: It was a sophisticated attack.

  • Protect yourself from hackers and the NSA

    The downside of email, chat, text and messaging apps is that they make you feel like you're communicating privately, with only the intended recipients. And that your messages are private. Until they're not.