Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital "armageddon," US intelligence director James Clapper said.
Industry professionals applauded the steps by the White House to promote cyber threat information sharing, but an executive order can only go so far and more is needed than just information sharing to combat sophisticated cyber attacks, experts said.
UK-based Semiconductor technology firm ARM Ltd. announced on Monday that PolarSSL, the open source Transport Layer Security (TLS) solution for software and embedded devices, has been rebranded as “ARM mbed TLS”.
The global Industrial Control System (ICS) Security Market is estimated to reach $8.73 billion in 2019, according to a market research report.
According to a study conducted by EMC, enterprises employing more than 250 people lost a total of $1.7 trillion in the past year due to downtime and data loss.
Two independent research groups have already managed to bypass the protection mechanisms provided by the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
Version of the 5.1 of Microsoft's Enhanced Mitigation Experience Toolkit (EMET) brings improved protection and addresses several application compatibility issues.
The 2014 ICS Cyber Security Conference will address real world problems and discuss actual ICS cyber incidents, many of which have never been told before.
In a two-year study of information about critical control systems directly connected to the Internet, researchers found mining equipment, a surprising number of wind farms, a crematorium, water utilities, and several substations.
The 2014 ICS Cyber Security Conference will address real world problems and discuss actual ICS cyber incidents, many of which have never been told before.

FEATURES, INSIGHTS // Security Architecture

rss icon

Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
Avi Chesla's picture
In order to be effective, security solutions must become more directly associated, in real-time, to cyber defense planning models.
Joshua Goldfarb's picture
Is budget a good metric for security? In other words, if an organization wishes to improve its security posture, is spending more money an appropriate response?
Rebecca Lawson's picture
There is a common misconception that in order to move to virtual security solutions, companies can, or should, replace physical security technologies they rely on to keep their networks safe today.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Marcus Ranum's picture
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
Marcus Ranum's picture
There are many important and useful tools related to the metrics landscape; let's take a look at some of them and how they fit together.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Danelle Au's picture
Zero Trust advocates for a segmented network, and security built into the architecture rather than an afterthought. It also advocates for some key principles built around the concept of “never trust, always verify”.