ITsecurity
twitter facebook rss

Integrity

Posted by Rob Slade on March 23, 2017

Regardless of any personal political preference, I have found recent political discourse, particularly in the United States, profoundly disturbing on a professional level. I am currently a security professional. Absent discussion of the Parkerian Hexad, integrity of information is one of our three pillars. I have been a teacher, researcher, and reviewer of technical literature. […]

Business Continuity Planning and quantum computing

Posted by Rob Slade on November 28, 2016

I must admit that this topic is one that really gets me excited. Yes, other aspects of security can benefit from quantum computing, and the job can be eased or made more cost-effective. But in emergency planning, you can actually save lives, and reduce suffering. As with risk analysis and management, so business impact analysis […]

Physical security and quantum computing

Posted by Rob Slade on October 3, 2016

There is probably not a great deal that quantum computing can do to benefit physical security. As previously noted, biometrics may be improved, and these are being increasingly used for physical access control. Control of certain alarm systems might benefit from pattern recognition capabilities: for example, fire alarm systems with a complex set of different […]

Cryptography and quantum computing

Posted by Rob Slade on September 29, 2016

Yes, I know I complained about it at the beginning, and I’ve dealt with it elsewhere, but I suppose I really have to address it. (There actually are a number of issues about cryptography and quantum computing that the popular media never touches on.) A good deal of confusion exists about the possibility and capability […]

Quantum computing and security management

Posted by Rob Slade on September 21, 2016

Having looked at the basics of quantum computing, and the fundamental problems they can address, let’s turn to applying some of that to security itself, starting with security management. In security, we are all well familiar with the importance of risk assessment, analysis, and management. Assessment and analysis are difficult and time consuming, but we […]

What do the simple folk do for security?

Posted by Rob Slade on July 28, 2016

I don’t mean to offend anybody with that title: it’s just a joke on the song from “Camelot.” But it does raise an issue. I’ve never been an uber geek. It’s been decades since I was a network maven. But I do know network basics, and something about internals, and the difference between an app […]

The Juniper backdoor and its implications

Posted by Kevin on March 14, 2016

In December 2015 Juniper disclosed that it had found two backdoors in its firewalls – one of which allows encrypted traffic passing through to be decrypted. Since then there has been considerable debate over what it is and where it came from; but very little debate over the implications. A Chatham House discussion among CISO […]

Professionalization: should infoSec professionalize?

Posted by Kevin on January 25, 2016

In the context of this discussion, ‘professionalization’ is the creation of a governing body for cyber security practitioners, much like the American Medical Association (AMA) was created to oversee medical professionals. For the sake of argument, we’ll call this putative professional security body the Cyber Security Association (CSA). The question – should infosec professionalize? – […]

Responding to Incidents and Preventing Crises

Posted by Kevin on October 28, 2015

The gradual realization that we cannot keep hackers out of our networks has led to the evolution of a new security concept: incident response. This states that equal emphasis should be placed on the response to a breach (or incident) as is currently placed on trying to prevent that breach. Part of this response can […]

The CISO and the thin ice syndrome

Posted by Kevin on October 16, 2015

FierceHealthIT magazine recently ran an article that commented, Almost half of C-level executives throughout all industries lack confidence in their chief information security officer (CISO), often viewing him or her as a scapegoat when data breaches occur, according to a recent survey. C-suite execs often see CISOs as cybersecurity scapegoats That resonates. Insights first came […]