Tag Archives: Information Security

Migrating Your Legacy Firewall to a Next Generation Firewall

Every organization today needs a multi-layer security strategy to protect its enterprise from the multitude of cyber security threats that exist today;  While one cannot underestimate the importance of an email security gateway, web filtering solution, or endpoint protection system, there is no question as to the prominence of an enterprise firewall.

ENDPOINT DETECTION AND RESPONSE: FIRE FOR EFFECT

The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are […]

The Information Security Agent

If you work in the information security industry go ahead and give yourself a pat on the back. In 2012 information security professionals enjoyed one of the lowest unemployment rates in the country according to the United States Bureau of Labor Statistics. In my line of work I often come across IT and various other […]

2014 Information Security Hiring Trends: Defense!

Yes, it’s another information security predictions article – security hiring trends. No, I won’t be discussing APT, China, or anything involving our favorite prefix, “cyber.” Instead, here’s a brief glimpse at what we infosec recruiters are seeing in terms of enterprise demands for cyber security roles. While all infosec positions, from firewall jockey to CISO, […]

Common Hazards in Risk Management: The Selfish Risk Assessment

Information security laws and regulations are telling us to conduct cyber security risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and […]

Your Policies Can Hurt You, Part 2: Overzealous Policies Can Create Breach-Prone Environments

Early on in my information security career I was auditing a firm that conducted complex economic analyses for their clients. They processed a lot of personal information and they wanted to be sure they were applying appropriate controls to safeguard that information. Part of their business model was to charge their clients per hour for […]

Why are Hackers Heckling the Director of the NSA?

The Hackers Heckling. The Black Hat convention is under way today in Las Vegas, and there, before a group of information-security-minded individuals, stood General Keith Alexander, Director of the NSA, getting heckled by conference attendees. Their complaints were targeted at the NSA’s surveillance activities and Director Alexander’s dubious testimony to Congress about those activities.

Risk Acceptance Levels: Managing the Lower Limits of Security Costs

Last week I presented a topic here at Halock’s blog site on the Hand Rule, also known as the “Calculus of Negligence.” The basic message of the post was that we can use information risk assessments to help us keep our security costs to a reasonable level, but only by describing how we would arrive […]

We Need a Risk Management Tipping Point

While preparing for a keynote talk at CAMP IT that is rapidly coming up I was struggling to find the main point of my talk. I had been puzzling for several weeks, asking myself what single message I wanted to leave my audience with. I’ve been speaking for some time now about information security and […]