Archive for category Security
Regardless of organization vertical or size, security has been and will continue to be an incredibly important part of the risk management portfolio. It’s how security is handled that will determine the overall effectiveness of chief security office position, though.
The security spectrum
Security is generally seen as a spectrum. At one end of the spectrum is the wild west kind of environment. In the wild west, anything goes and security is an afterthought. In such environments, there is generally no security officer and every employee just does what they want when they want it. If there is any security, it’s left up to the individual. In these environments, employees can always get their job done thanks to the lack of red tape, but there is a high risk of downtime and data compromise.
Security services and security products are critical to helping organizations identify security issues and mitigate risks through the years. One of the critical challenges in today’s IT environments however is a bit more fundamental and it starts with getting a handle on securing sensitive information.
Every environment has their own mix of technologies. Some shops have some obvious deficiencies, while others are armed to the max. The right mix of technology, policies and practices around security can be hard to attain, it takes time. And sometimes unfortunately you have to work with what you have. The one thing that can be counted on for consistency are fortunately fundamental. If you isolate those top priorities that little bit of help can go a long way and get you to the best security posture possible.
A Massachusetts company called Prelert released a new application yesterday that combines machine learning and predictive analytics to detect and report anomalous behavior emanating from IT infrastructure. If that sounds a lot like what Splunk does, you’re right.
The mobile transformation is at the intersection of every large IT trend including cloud, big data and application modernization. Think about the major changes IT will face over the next five to ten years.
As more people become comfortable with technology, new strains will be placed on the IT group, which will have to adapt to meet evolving business demands. Tablets and smart phones will continue to be white-hot technologies that spans between the consumer and business worlds.
CIOs needs to tackle issues such as BYOD and the consumerization of IT so they can build a stronger partnership with the workforce in order to tackle future transformational projects.
Virtual Desktop Infrastructure or VDI has long been kind of the lesser flashy sidekick to server virtualization and the cloud. We often hear so much about virtualization, and especially the cloud, because they are flashy, they do have that element of consumerization of IT. VDI however has been making consistent increased presence in the enterprise for a number of years now. For some organizations, it can be complicated to ingest the kind of changes that VDI introduces and the advantages it brings about. VDI products typically build on virtualization platforms, and that is one sure advantage. It also delivers improvements and efficiencies to the enterprise environment that is changing the ways a lot of environments are conducting business.
Network security forensics is often overlooked or lightly regarded when composing an overall security strategy. Be it forecasting a budget for forensic tools, or planning of an all-new green-field environment, the protection that proper forensics strategy provides in an environment can save countless resources when it comes to restoring a stable state, ensuring integrity, analyzing an intrusion or outage event, and learning information that can be used in the future. Forensic concepts also aid in reinforcing that secure data remains confidential. Forensic tools buttress the elements of a network that ensure integrity and availability. Sometimes this means a secure chain of custody or access, touching on the administrative model, it is often affected or in compliance with legal assertions or mandate.
As we continue this journey into the age of big data, cloud, mobility, social media and so forth, vast amounts of data are being generated daily. The volume of digital information continues to grow with no end in sight. More and more, personal and company information are becoming more and more digitized, both in storage and transfer. Securing this information is a growing challenge, and is becoming more complex by the day. Protecting digital assets means utilizing the best of available technologies and methodologies to achieve security goals. Not only must they ensure that the quality and performance of the solution is maintained, they must also assure undoubtedly that the information they seek to protect stays uncompromised.
With an abundant array of ways to hack and numerous reasons to do so, it’s no wonder that hacking has come such a long way since the old school hackers of yesterday. While a good number of today’s hackers are untouchable geniuses, some of them have yet to overcome the first rule of hacking– don’t get caught! Here is a list of the greatest Hacker #FAILS:
Busted by Boasting
Hacktivism was intended to refer to the development and use of technology to foster human rights and the open exchange of information (via Wired). Hacktivism could also be defined as “the nonviolent use of legal and/or illegal digital tools in pursuit of political ends.”
The tools used in Hacktivism include web site defacement, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, typo-squatting, and virtual sabotage.
The team at SiliconANGLE and Wikibon have been following and reporting on the rise of several significant hacktivist groups over the past year plus. Here is a visual representation of the most recent Hacktivist Timeline, with links and additional references below.