DDOSCoverArt

Preparing for the next DDOS Wave

This week I was helping with a top 10 list to prepare for DDOS attacks. I did it without reviewing the industry to see the marketing overload of “prepare for DDOS steps.” These all seem to lead the one conclusion … “buy my product.” Steve Zurier (Dark Reading) and I pulled together these ten steps to Read More

Reporting a DoS Attack

Reporting DoS Attacks & Fighting Back Against DOS Attacks

Are you prepared for the next DoS Extortion attack? Armada Collective “like” DoS extrusion attacks are picking up. It is time to review those “DoS” preparation checklist. This white paper explore the data that would need to be collected to successfully push back on DoS attacks. It includes information your “DoS Defense Allies” will need to help you mitigate, remediate, and potentially whack down the DoS attack.

Checklist-Vendor-Security

Demand Security from your Vendors

Demande Security from your Vendors. Ask the right “Security Questions.” This provides a list of questions that anyone can use with their vendors to get a better understanding of their security capabilities. Start meaningful “Security Conversations.”

DSC00428

5 Principles to Vulnerability Disclosure

What is the best time for a vendor to Disclose a Vulnerability? Vulnerability disclosure is the most painful activity for any software/hardware company. Conversely, receiving vulnerability notifications from any vendor is one of the most disruptive events any organization can encounter. Rapid and unexpected vulnerability patches are a massive operational disruption. What follows are some Read More

checklist-721x407

The “Practical Security Checklist” – Part 2.1

This is part “2.1” of a multipart post to help organizations take security action. Stay tuned for next week’s practical security checklist item. Board members, CxOs, and professionals are saturated with security advice. This security advice is often confusing, contradictory, and always biased toward “buying something.” “Good security advice saturation” results in paralysis of action. Read More

Title 1

Are you ready for the next attack? (Part 1)

As many of my colleagues know, I’m constantly on the look out for tools that would help my peers in all networks find ways to mitigate the security risk in their operations. At MYNOG 5 (www.mynog.org) I reviewed the latest tool, a checklist operators can use to prepare their network for before the next security Read More

null

Private-to-Private Collaboration with Public Participation

The Cybersecurity Act of 2012 has now been posted. The dialog of representative government as started with enlightenment on what is important to different interest. Coincidentally, this act is directly applicable to the principle of aggressive private-to-private collaboration with public participation. The act ‘could’ significantly help our cyber-security capabilities OR it could dramatically hurt the Read More

null

2012 – A year of Cyber-Security Optimism

The wave of annual cyber-security predictions of doom are coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything on-line, and the next Cyber “Perl Harbor” is just around the corner. Many people just ignore Read More

null

If I say it over an over again, it must be true …

“Keeping to your message, repeat it many many time, and ignore the criticism” are key principles of success in Washington DC policy work. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion. The point is the “message” is a tool to support the Read More

I2Cyber

New Intelligence Squared debate – The “Cyber-War” threat has been Grossly Exaggerated

Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York  and second for setting up a Oxford style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the over hype, exaggeration, and fiction expounded by “individuals” who call themselves “experts” stirring up Read More