Security » Opinions »

  • The RMS Titanic and cybersecurity

    Famous shipwreck holds many lessons for the cybersecurity community

  • Of Black Hat and security awareness

    The annual security conference was a chance to go deep. But back in the office, how do you get 100% of the company’s employees to complete the security awareness training?

  • Inside the head of your company’s cyber traitor

    Employers misjudge how potential insider cyberattackers will judge the risks and payoffs from their crimes.

  • Adobe Flash: Kill it now

    It’s time to put Flash out of our misery once and for all. And, thanks to Google, it may finally happen.

  • Advanced pedestrian detection is here. It is very useful and makes me nervous

    Google has made a big leap forward with real-time image recognition that can be applied to pedestrian detection. This is good news for potential accident victims out there. But the privacy implications!

  • Why we love last-millennium password policies

    IT pilot fish goes to work at a large retailer's distribution center, where the policy is that passwords must be changed every 90 days -- which turns out to have unexpected consequences.

  • Oracle, still clueless about security

    Oracle Chief Security Officer Mary Ann Davidson let loose a long rant about people who dare to look into the security of the company’s products. Oracle quickly backed away from those remarks, but has it faced up to the fact that its CSO has some wrongheaded notions about her own area of expertise?

  • The security and risk management of shadow IT

    Shadow IT brings many security issues, but since these systems are not on IT's radar, they do not get factored into overall risk management strategy. Here are some practical suggestions.

  • Facebook’s Threat Intelligence Sharing Potential

    Data management, scale, and algorithmic strengths may give Facebook an advantage in the threat intelligence platform sharing platforms market

  • Wi-Fi at DEF CON - dealing with the worlds most dangerous network

    Wi-Fi can be done securely, even at a hacker conference like DEF CON. Just avoid open networks and Android.

  • Milling with the hackers at Black Hat and Def Con

    Attending both for the first time was a chance to compare and contrast.

  • Why every business needs a WISP

    Non-compliance is a risk, and the Attorney General's office carries a big stick for those who don't follow the rules.

  • Forgot your password? Good luck, chum

    This retired pilot fish notices that nothing has shown up in his email in-box in almost 12 hours, which almost never happens. And when he tries his broadband provider's web mail access, he's got another problem.

  • Selling IT on getting the most out of a new firewall

    We bought a next-generation firewall, as I had hoped we would. The real trick, though, was getting the IT department to take full advantage of all of its advanced functionality.

  • A serious take on silly-sounding cybersecurity terms

    Critical data breaches and hacking incidents have entered the mainstream consciousness. In one way this is good, as people are becoming more aware of the types of things that can happen and taking a closer look at how they use technology.

  • Selling IT on getting the most out of a new firewall

    The IT department was reluctant to take full advantage of the advanced functionality. So our manager annoyed them into compliance.

  • A serious take on silly-sounding cybersecurity terms

    Don’t laugh. Names like 'cyber hygiene' and 'cyber palette' describe some very serious concepts.

  • Global privacy advisory market topping $3B

    How much do companies around the world spend each year on data privacy services to fix the problems we read about in the headlines every day? Nobody as far as I can tell has published an answer to this question. So this month I set out to pull together the best available data points on the market.

  • The Bot That Cried Wolf: Battery tracking poses no real privacy threat

    IT's relationship with privacy is delicate. Corporate IT needs to take privacy fears very seriously, but if IT jumps and shouts at every tiny possible privacy invasion, we'll have the Bot That Cried Wolf. Put another way, the best way to weaken privacy protections is to embrace so many privacy problems that none have any significance.

  • How infosec can really shine

    There's so much fear, uncertainty and doubt in the information security world today that many people have become pessimistic about the possibility of keeping all of the bad stuff that's out there out of our systems and networks, or at least detecting it in time to eradicate it before any great harm is done. I'm not one of them. I believe that with the right mix of attitude and aptitude, building a secure enterprise is within anyone's grasp. Will the security be perfect? Of course not. But I think it will be capable of meeting the challenges faced in today's threat environment.