Securing an Evolving Cloud Environment

Securing an Evolving Cloud Environment

The chief information officer (CIO) of a large utility provider had decided to move email, file shares, video sharing and the company’s internal web site to the cloud and needed to know the security requirements for this project within two weeks. The organization already had security requirements in place for traditional third-party vendors; however, these [...]

The Cybersecurity Canon: Secrets and Lies

The Cybersecurity Canon: Secrets and Lies

For the past decade, I have held the notion that the security industry needs a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education. If you’d like to hear [...]

CVE-2014-1776: How Easy It Is To Attack These Days

CVE-2014-1776: How Easy It Is To Attack These Days

This post originally appeared on Cyvera.com. Just about a week ago, everyone was alarmed due to a new zero-day vulnerability affecting Internet Explorer 6 through 11. The vulnerability was used in attacks in the wild, which targeted IE 8 to IE 11. The impact was so severe that Microsoft hurried to issue an out-of-band patch. Today, I [...]

Best Practices for Defending Against APTs

Best Practices for Defending Against APTs

Advanced persistent threats (APTs) have changed the world of enterprise security and how networks and organizations are attacked. In a new Palo Alto Networks eBook, Cybersecurity for Dummies, we explore: The cybersecurity landscape and why traditional security solutions fail What next-generation security brings to the fight Ten best practices for controlling APTs Head to our Cybersecurity for [...]

Highlights from the NIST Privacy Engineering Workshop

Highlights from the NIST Privacy Engineering Workshop

In April, I presented at and attended the NIST Privacy Engineering Workshop on behalf of ISACA. Throughout two days of sessions, attendees explored the Fair Information Practice Principles, privacy/technology research efforts, and the need to address privacy risks—to consider privacy from the planning stage of projects and close the longstanding communications gap between legal and engineering areas. We [...]