An architectural risk assessment is not a penetration test or merely a vulnerability scan. It is an engineering process with the aim of understanding, defining, and defending all the functional output from customers, line workers, corporate staff, and client-server interactions. Architectural risk assessments include ethical hacking, source code review, and the formation of a new network design. As Fred Donovan wrote in the Cutter Consortium Executive Update, Architectural Risk Assessment: Matching Security Goals to Business Goals, “Performed correctly, [an architectural risk assessment] will empower the technology staff and enable the business to focus less on security and more on customers.” According to Donovan, the first step of an architectural risk assessment is to conduct interviews Read more
Insight into the information security and privacy issues enterprises grapple with.
Data-centric protection and security focuses on the organization’s sensitive data (as opposed to its overall computer networks and applications). This is accomplished by locating, identifying, and cataloging sensitive data as well as by applying encryption, data masking, and policy-based data access controls (and end-user monitoring) to protect data residing across multiple enterprise environments. To what extent are organizations adopting, or planning to adopt, data-centric protection and security practices? In a recent Cutter Consortium survey, Senior Consultant Curt Hall asked 50 organizations about their data protection practices to shed some light on this important question. As shown in the figure below, more than a third (37%) of surveyed organizations currently have data-centric protection and security practices in place. Read more
Last week’s DDoS attack against Dyn Inc. had an impact on many organizations beyond the reported hits to PayPal, Twitter, Amazon, Spotify, and others. Even Cutter’s website search function was out of commission for a short while! Experts have warned that at some point, smart versions of devices such as refrigerators, televisions and thermostats could be manipulated to alter their basic functions, but did anyone foresee that these devices would be used to launch a third-party attack? This isn’t the first time it’s happened, and it’s not likely to be the last. In the July 2016 Cutter article Securing the IoT: It Takes the Global Village, author David Tayouri discusses the threats Internet of Things Read more
Cutter’s Curt Hall is conducting research on the measures organizations are taking to safeguard their data in light of the persistent breaches that have become commonplace in our world. This confidential survey seeks to gauge the various trends impacting organizations’ data security protection practices, and the extent to which organizations are using data-centric practices and technologies. Survey results will be revealed in upcoming Cutter Consortium research. Those who complete the survey will receive a $50 Cutter Bookstore credit. Thanks in advance for your participation! Take the survey.
This upcoming issue of Cutter IT Journal seeks articles on new approaches, strategies, and solutions to help IT professionals address and prevent the possibility of cyber attacks stemming from IoT related devices. Cyber threats have been on the rise, and more so with the advent of the Internet of Everything (IoE). Common appliances are now featuring intelligent processing and real-time connections to the Internet. Health measurements are now collected in real-time by smart wearables, including general purpose smart watches. The latest models from automobile manufacturers feature cloud connectivity for enabling remote software updates, tracking fuel consumption, and streaming dashcam activity. On a larger scale, the smart grid ensures seamless and dynamic allocation of energy where Read more
At the recent RSA Security Conference in San Francisco, data-centric security and protection received a lot of attention. Several trends account for this. The main one, of course, is the large number of high-profile data breaches and other cyber attacks continually making the news — a trend that shows no sign of subsiding. In addition to this constantly lurking threat, we can add growing compliance and regulatory requirements as well as the advent of new (difficult to protect) technologies, applications, and architectures. Throw in all the revelations about hacking by various government intelligence services, and it’s easy to see why organizations and security solutions providers have made data-centric security and protection a top priority. The Read more
In 2015, almost every CIO will be tasked with assessing their organizations and technology to ensure data and confidential information is protected. Current Situation Target, Home Depot, Staples, who’s next? These are just the most recent retail outlets that made the news. What is not making the headlines are the multitude of private- and public-sector organizations that have been hacked and lost data and information — many times totally unaware until after the fact. Pain Why is security so important for IT leaders in 2015? Because it cost a LOT of money once you have your network and systems breached! South Carolina recently lost large and significant quantities of data from its Department of Revenue Read more