Information Security, InfoSec, Internet and Risk

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. 2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Infosec policy development

Notice Bored

APRIL 10, 2021

We're currently preparing some new information risk and security policies for SecAware.com. but we're working on these four additions: Capacity and performance management : usually, an organization's capacity for information processing is managed by specialists in IT and HR. Lots of questions to get our teeth into!

InfoSec

InfoSec Penetration Testing Information Security Risk

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? In theory, clients and providers should proactively identify, evaluate and address information risks relating to or arising from professional services in order to avoid, reduce or limit the damage arising from such incidents.

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Everything is Insecure: What Matters is What You’re Getting vs. Giving Up

Daniel Miessler

APRIL 16, 2020

This got me thinking more about the implicit tradeoffs we make in life with regard to functionality vs. risk—tradeoffs that we’re really bad at capturing and articulating. We accept this risk because driving is a requirement for our society to function. The internet is a tire fire of horrible software.

Internet

Internet Internet Risk InfoSec

Importance of Cybersecurity Profession Highlights SecureWorld Chicago

SecureWorld News

JUNE 13, 2023

It was fitting that the opening keynote panel for SecureWorld Chicago on June 8th was titled " Making the Cybersecurity Music: Navigating Challenges and Opportunities in Today's InfoSec Landscape. Well, information security, cybersecurity happens to be a critical part of the business, being able to achieve strategic objectives.

Cybersecurity

Cybersecurity CISO InfoSec Risk

Domotics - a can-o-worms

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable. Security monitoring and management (e.g.

IoT

IoT InfoSec Risk Security Awareness

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT

IoT InfoSec Data collection Encryption

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

Moss also said that all hacking is not infosec and that all infosec is not hacking. Where with infosec the goal is to produce income. ” This set up a basic dichotomy throughout his talk in that hacking doesn’t require professionalism just curiosity and Infosec does require professionalism but not always curiosity.

Hacking

Hacking InfoSec Internet Internet

ISO/IEC 27002 update

Notice Bored

FEBRUARY 20, 2022

The newly-published third edition of ISO/IEC 27002 is a welcome update to the primary ISO27k controls catalogue (officially, a 'reference set of generic information security controls'). Monitoring activities (8.16) - 'anomalies' on IT networks, systems and apps should be detected and responded to, to mitigate the associated risks.

IoT

IoT Risk Information Security Technology

Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side

The Security Ledger

NOVEMBER 15, 2019

In this Spotlight Edition of the podcast we're speaking with RSA Chief Technology Officer Zulfikar Ramzan about how his company is adapting to help its customers confront the dark side of digital transformation initiatives: increased digital risk, including from cloud, artificial intelligence and the Internet of Things.

Digital transformation

Digital transformation Artificial Intelligence Internet Internet

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Achieving PCI DSS Compliant Firewalls within a Small Business

Security Boulevard

MAY 6, 2021

Firewalls are used to segment or isolate networks and are an essential component to limit cyber threats and protect internal networks from the internet and untrusted networks. Establish firewalls at each Internet connection between the DMZ and the local network. What is a PCI DSS Compliant Firewall?

Small Business

Small Business Firewall Wireless Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Antivirus Internet

Quantum Computing: A Looming Threat to Organizations and Nation States

SecureWorld News

SEPTEMBER 7, 2023

Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr. The panel will tackle topics and questions, including: The potential risks quantum computing poses to current cryptographic methods. Demand and Delivery Director, Optiv.

Encryption

Encryption Technology Risk Architecture

ISO/IEC 27400 IoT security and privacy standard published

Notice Bored

JUNE 13, 2022

IoT policy is the first of the basic security controls shown on the 'risk-control spectrum' diagram above, and is Control-01 in the new standard. Do you have a security policy on IoT? The spectrum diagram shows quite a variety of risks and controls, but it is merely a summary, selected highlights.

IoT

IoT Manufacturing Risk Information Security

Spotlight on Cybersecurity Leaders: Randy Raw

SecureWorld News

MARCH 31, 2022

He is the Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. In this installment, we introduce you to Randy Raw.

Cybersecurity

Cybersecurity InfoSec Authentication DDOS

Weaving strategies with policies

Notice Bored

NOVEMBER 26, 2021

From the information risk and security perspective, virtual working is both a nightmare and, again, an opportunity. so, how things going with your security strategy development, dear CISO? What can be done to facilitate secure virtual working? How can virtual working benefit information risk and security?

Risk

Risk Artificial Intelligence Technology InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Y2k + 20: risk, COVID and "the Internet issue"

Notice Bored

JANUARY 9, 2021

In risk terms, the probability of Y2k incidents approached 100% certain and the personal or societal impacts could have been catastrophic under various credible scenarios - if (again) the Y2k monster wasn't slain before the new year's fireworks went off. Go ahead, show me the associated risk profiles and documented security architectures.

Internet

Internet Internet Risk InfoSec

Water utility CISO offers tips to stay secure as IT and OT converge

SC Magazine

APRIL 26, 2021

As critical infrastructure facilities increasingly converge their IT and OT systems, visibility into traditionally isolated operational systems is turning into a key security challenge. However, such modernization is not without risk. Recognizing that the ABCWUA is “ahead of a lot of the water authorities” across the U.S.

CISO

CISO IoT VPN InfoSec

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. For sanity, manage to a written information security policy. CREST provides accreditation of vendors.)

CISO

CISO InfoSec Risk Cybersecurity

Responsible disclosure - another new policy

Notice Bored

MAY 20, 2022

We have just completed and released another topic-specific information security policy template, covering responsible disclosure (of vulnerabilities, mostly). The policy encourages people to report any vulnerabilities or other information security issues they discover with the organisation's IT systems, networks, processes and people.

Information Security

Information Security Marketing Risk Hacking

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent

SC Magazine

MARCH 18, 2021

military and serving as deputy chief information security officer at Globe Life and global information security risk director at GM Financial. As an infosec leader, Vaughn witnessed first-hand the dearth of available IT talent that’s available to hire. The average salary among graduates is $80,000.).

Education

Education Media InfoSec Engineering

Comparing Offensive Security Tooling and Gun Control

Daniel Miessler

DECEMBER 24, 2019

OFFSEC as a discipline serves the interests of security. Offensive Security Tools (OSTs) aid OFFSEC in serving the interests of security. OST release on the public internet is not the best way to do it. Twitter infosec is the top 10%, at best, arguing with each other. Probably also zero.

Penetration Testing

Penetration Testing InfoSec Government Ransomware

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. How did he get started and what’s next?

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. How did he get started and what’s next?

Media

Media Hacking InfoSec Marketing

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

Mukkavilli “ChargePoint is committed to the security of all customer data, and through this collaboration, we’ve implemented critical enhancements to Home Flex,” said Teza Mukkavilli, Chief Information Security Officer of ChargePoint. For more information, please email the InfoSec team at: infosec@chargepoint.com.

IoT

IoT InfoSec Firmware Manufacturing

Charlotte Conference Kicks Off Season with Thought Leaders' Expertise

SecureWorld News

MARCH 8, 2023

Some other female speakers that highlighted the day included: Tamika Bass, Cybersecurity Director, Gannett Fleming Tamika Bass drove up from her home base in Atlanta to deliver her session on " Risk Management: Understanding How to Assess and Communicate Cybersecurity Risks " to more than 70 attendees.

Cybersecurity

Cybersecurity Risk InfoSec Data privacy

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs. Sampling No Longer Works.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

The Matrix, policy edition

Notice Bored

JUNE 18, 2022

Anyway, having adjusted the terminology and tweaked the SecAware materials, I took the opportunity to prepare two new 'bulk deal' packages - a comprehensive suite of information security policy templates , and a full set of ISO27k ISMS materials. Years back I developed an 'Information security policy manual' as a single document.

Information Security

Information Security Architecture Government Risk

What actually drives information security?

Notice Bored

MAY 14, 2022

The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? What does management want/expect out of information security?

Information Security

Information Security Risk Healthcare Government

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. And plans to improve information security and introduce new protection tools and measures are predicated, in some way, on the chosen adversary model. Cybercriminals will protect themselves better and hedge the risks. Current attack vectors.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

Cyber CEO: Cybersecurity in 2021 – What We’ve Learned So Far

Herjavec Group

JULY 29, 2021

Operating with a team of individuals who are cybersecurity savvy is one of the best tools for cyber risk management. Cybersecurity programs that educate your entire team on general information security tactics – including recognizing and addressing phishing scams – are essential. Ransomeware-as-a-Service.

Cybersecurity

Cybersecurity Digital transformation Cyber Attacks Ransomware

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences. It's not a risk.

Hacking

Hacking Energy and Utilities Manufacturing Firmware

Top 5 Cybersecurity and Computer Threats of 2017

NopSec

FEBRUARY 9, 2017

As we look forward into 2017 cyber attacks , information security teams have to think like hackers in order to stay ahead of the challenges to come. For more information on preventing damage from ransomware, see our white paper.) The attack may have approached a volume of 1.2 2017 will see major advancements in technology.

Cybersecurity

Cybersecurity DDOS IoT Social Engineering

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the infosec landscape better. Adam has more than 20 years in the infosec world, and he even helped create the CVE system that we all use today. Consider your homes, you know there's the risk from flooding fire, etc, etc.

Engineering

Engineering Technology Authentication InfoSec

Cisco’s CISO of the Month – Esmond Kane

Cisco Security

JUNE 25, 2021

First of all, while I am honoured and deeply thankful for the recognition, I believe strongly that Security is a team effort and I must acknowledge the superb InfoSec team in Steward but also the Steward workforce. I thank you all for keeping our patients safe and secure! My story is the same as millions of emigrants to the US.

CISO

CISO Healthcare InfoSec Computers and Electronics

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. intelligence community, and to designate the current wave of digital extortion as a national security threat.

Hacking

Hacking Ransomware Cryptocurrency Engineering

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. intelligence community, and to designate the current wave of digital extortion as a national security threat.

Hacking

Hacking Ransomware Cryptocurrency Engineering

Complexity, simplified

Notice Bored

JULY 9, 2022

Despite not clearly expressing the risk, the bill specifies mitigating controls - well, sort of. As to the actual controls, well the bill takes a classical risk-management approach involving impact assessments and responses such as taking down unsafe content and banning users who published it. A veritable cost-cascade. Fair comment!

Mobile

Mobile InfoSec Media Risk

Death by 1000 Lies

IT Security Guru

DECEMBER 21, 2022

What I did observe was an aftershock with striking relationships to my chosen profession of information security and the society that we enjoy or endure – depending on your perspective and experience. We built the largest most complex machine in the history of the world – the internet.

InfoSec

InfoSec Internet Internet Media

The Hacker Mind Podcast: Tib3rius

ForAllSecure

JANUARY 11, 2023

Tib3rius from White Oak Security discusses his experience as a web application security pen tester, his OSCP certification, and how he’s giving back to the community with his Twitch , Youtube , and tools he's made available on GitHub. So honestly, every single kind of web app is just a portal to information. VAMOSI: Yeah.

DNS

DNS Hacking Penetration Testing Education

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Infosec policy development

Trending Sources

Information risk and security for professional services

Everything is Insecure: What Matters is What You’re Getting vs. Giving Up

Importance of Cybersecurity Profession Highlights SecureWorld Chicago

Domotics - a can-o-worms

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Jeff Moss on the Evolution of Hacking at SecTor 2021

ISO/IEC 27002 update

Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side

Meet the 2021 SC Awards judges

Achieving PCI DSS Compliant Firewalls within a Small Business

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Quantum Computing: A Looming Threat to Organizations and Nation States

ISO/IEC 27400 IoT security and privacy standard published

Spotlight on Cybersecurity Leaders: Randy Raw

Weaving strategies with policies

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Y2k + 20: risk, COVID and "the Internet issue"

Water utility CISO offers tips to stay secure as IT and OT converge

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

Responsible disclosure - another new policy

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent

Comparing Offensive Security Tooling and Gun Control

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Charlotte Conference Kicks Off Season with Thought Leaders' Expertise

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

The Matrix, policy edition

What actually drives information security?

Threats to ICS and industrial enterprises in 2022

Cyber CEO: Cybersecurity in 2021 – What We’ve Learned So Far

The Hacker Mind Podcast: Hacking Industrial Control Systems

Top 5 Cybersecurity and Computer Threats of 2017

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

Cisco’s CISO of the Month – Esmond Kane

The Hacker Mind Podcast: Hacking Ransomware

The Hacker Mind Podcast: Hacking Ransomware

Complexity, simplified

Death by 1000 Lies

The Hacker Mind Podcast: Tib3rius

Stay Connected