What is the best time for a vendor to Disclose a Vulnerability? Vulnerability disclosure is the most painful activity for any software/hardware company. Conversely, receiving vulnerability notifications from any vendor is one of the most disruptive events any organization can encounter. Rapid and unexpected vulnerability patches are a massive operational disruption. What follows are some
This is part “2.1” of a multipart post to help organizations take security action. Stay tuned for next week’s practical security checklist item. Board members, CxOs, and professionals are saturated with security advice. This security advice is often confusing, contradictory, and always biased toward “buying something.” “Good security advice saturation” results in paralysis of action.
Are you ready for the next attack? As many of my colleagues know, I’m constantly on the look out for tools that would help my peers in all networks find ways to mitigate the security risk in their operations. At MYNOG 5 (www.mynog.org) I reviewed the latest tool, a checklist operators can use to prepare
The Cybersecurity Act of 2012 has now been posted. The dialog of representative government as started with enlightenment on what is important to a different interest. Coincidentally, this act is directly applicable to the principle of aggressive private-to-private collaboration with public participation. The act ‘could’ significantly help our cyber-security capabilities OR it could dramatically hurt
2012 can be a year of Cyber-Security Optimism. The wave of annual cyber-security predictions of doom is coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything online, and the next Cyber “Perl Harbor” is
“Keeping to your message, repeat it many times, and ignore the criticism” are key principles of success in Washington DC policy work. If you say something over and over again, it must be true. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion.
Has the Cyber-War threat has been Grossly Exaggerated? Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York and second for setting up an Oxford-style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the overhype, exaggeration, and fiction expounded by “individuals”
NSP-SEC Top 10 SP Security Techniques is one of the core foundation tutorials for ALL Telcos, ISPs, Cloud Operators, Mobile Companies, and other large ASNs (including Enterprises). This is the foundation for network security. If you are being stupid if not doing these basics and trusting your “firewall.” Note though this that all the recommendations
We need to expect more out the press, policymakers, and the pontificating “Cyberwarfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a story
Watching discussions about cyberwar is a humorous diversion in the day. Take this New York Times article, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk.” It starts interesting, talking about a battle plan that was considered as a lead into the 2003 attack on Iraq. Good News! War planning is good. Evaluating collateral