Category

Security+Privacy

Insight into the information security and privacy issues enterprises grapple with.

 
Ensuring Data is Protected will be Demanded in 2015

In 2015, almost every CIO will be tasked with assessing their organizations and technology to ensure data and confidential information is protected. Current Situation Target, Home Depot, Staples, who’s next? These are just the most recent retail outlets that made the news. What is not making the headlines are the multitude of private- and public-sector organizations that have been hacked and lost data and information — many times totally unaware until after the fact. Pain Why is security so important for IT leaders in 2015? Because it cost a LOT of money once you have your network and systems breached! South Carolina recently lost large and significant quantities of data from its Department of Revenue …

Read more

 
It’s 2015 – Do You Know Where Your Data Is?

The “Internet of Things” will take further hold and become more fully embedded as a reality in our society. However, a tipping point is likely to be reached in 2015 as public awareness of the potential for these technologies to violate personal privacy increases. This will lead to an associated public outcry for stricter controls and government legislation regarding how people, organizations and government collect and use this information. The public will no longer be satisfied to leave technology companies and users to self-police their uses of their personal data. Surveillance and other technologies that permit the collection of data about people will continue to proliferate. Analytical tools are emerging to interpret this information, and …

Read more

Dec 082014
 
Major IoT Hack to Come

I predict there will be a major hack to a connected devices, causing havoc and putting a temporary damper on the stampede towards the Internet of Things. It will be widespread, as the hackers will want to show just how vulnerable we are. This will be a temporary setback, and the precise impact will depend on the severity of the damage done — but the Internet of Things development will continue. In a related note, it will be revealed that the government has experimenting with novel ways to conduct surveillance using these connected devices. My biggest bet is that LEDs used to light public areas will be the first discovered, but there may be even …

Read more

 
avatar

It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses. Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. …

Read more

 
From Information Risk Management to BI for Software Organizations to Agile Transitions, We’ve Got You Covered.

We’ve been rounding up Dennises lately: Dennis Adams and Dennis Hogarth have joined our team of expert consultants. But along with the Dennises, we welcome Nancy Williams, Murray Cantor and Don MacIntyre. Dennis Adams is a long time Cutter contributor. He’s frequently presented the academic viewpoint for Cutter Benchmark Review. (If you’re not familiar with CBR, it partners academics and practitioners who co-write a survey, analyze the data, and then write opinion pieces — influenced by their academic/practitioner perspective — that are based on the findings. Looking at an issue or technology from both an academic and practical perspective gives CBR readers the 360 view they won’t otherwise see.) Now Dennis will add his expertise …

Read more

 
avatar

It took home improvement retailing giant Home Depot about a week before it finally confirmed it had suffered a data breach. Home Depot first reported the possibility of a breach on 2 September 2014, but did not actually confirm the hacking until 8 September. During that time, the company made somewhat vague statements that it was still carrying out an investigation to determine whether or not its systems had actually been compromised. Based on the company’s recent press release confirming the breach (see “The Home Depot Provides Update on Breach Investigation“), it appears that Home Depot’s internal IT security team was unaware that its payment data systems had been compromised. Instead, it looks as if …

Read more

Oct 072014
 
avatar

There are very few more pressing issues in management today than cyber security. Notice that I didn’t say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice. Organizations worldwide depend increasingly on information and communications technology to operate and manage 24/7/365, and wireless devices, BYOD, social media, and the like all combine to make the jobs of those responsible for cyber security exponentially more difficult. Like the Dutch boy and the dike, security people worldwide have …

Read more

 
avatar

As mobile computing has made sophisticated, digitally-mediated interactions possible in both personal/consumer and business-like capacities (BYOD) – the market and the challenges associated with it have exploded. Taking a step back to when the technologies that underpin mobile computing and networking were developed, it was assumed that each user had some level of expertise, that the use cases were quite limited in scope, and that the overall numbers of users were constrained. Fast-forward to present day, the massive scale of mobile computing adoption, the broad scope of supported use cases, and the “naive” user base has created a number of serious issues that the IT industry must grapple with now. Chief among these problems is …

Read more

 
avatar

If one listed the top technology concerns for CIOs and CEOs around the world, cybersecurity has to be right at the top. Over the last year, serious data breaches have been increasingly common. Perhaps the most publicized was the one that occurred at Target during the Christmas season last winter. Millions of customers’ credit information was disclosed and Target did not discover/acknowledge the breach for nearly three weeks. The ensuing scandal cost the CSO, CIO and eventually the CEO their jobs and the company hundreds of millions of dollars in lost sales and in falling stock prices. Recently, EBay’s PayPal subsidiary disclosed that it had been broken into in February 2014 and the breach was …

Read more

 
Politics, Profiling, and Big Data

The ongoing IRS scandal, in which various groups were targeted according to keywords such as “tea party” in the search for infractions, has important lessons for emerging big data techniques. Because analytics based on huge amounts of streaming social data linked with demographics provide the possibility of creating social profiles, a door has been opened for new types of abuse that may create invisible legal issues. Profiling has always been problematic, but it has generally been overt, and the result of a conscious decision. Invisible social profiles, on the other hand, might not even be fully understood by the analyst. The IRS example is fairly primitive, and is actually at least partly a response to …

Read more