Collaborate Disseminate
The problem with cybersecurity is the metrics that are used to assess and manage security risks. In November 2008, I published an article “Accounting for Value and Uncertainty in Security Metrics,” in ISACA Journal, which subsequently won the 2009 Michael P. Cangemi Best Book/Best Article Award. My thesis was that commonly used security metrics, while […]
Continue reading Cybersecurity Risk Metrics … Why Don’t They Get It?
If you recall, in my BlogInfoSec column of May 2, 2016 “Lip Reading Computers … Here Comes HAL,” I described an article about how computers were being trained to lip read and immediately related it to the treacherous lip-reading computer named HAL from the movie “2001: A Space Odyssey.” Less than a year later, Eric […]
Continue reading HAL as Your Car’s Co-Pilot
John Markoff wrote a column “Shhh! That Helpful Robot May Pose a Security Risk” on page B6 of the March 2, 2017 New York Times, in which he warned that the security firm, IOActive, had uncovered “[s]ignificant security flaws … in an examination of six home and industrial robots,” immediately conjuring up battalions of rogue […]
Continue reading IoTR, IoTA, Cybersecurity and Safety
Although you may want to admit it, it is true that your automobile is becoming a “thing” as far as the Internet is concerned. Self-driving vehicles are placed firmly within the Internet of Things (IoT), so why not create a subcategory, IoTA, the Internet of Things Automotive? After all, the amount of computer technology incorporated […]
Continue reading Do You Care One IoTA? You Should!
As children, we were frequently admonished by irate adults to “Do as I say, not as I do!” whenever we questioned why we couldn’t do what they themselves did. It was often difficult to reconcile in our own minds why there should be this dichotomy. Well, examining the results of the recent presidential campaign’s polls […]
Continue reading Campaign Lessons Learned—Part 2: Big Data vs Polls
“When you come to a fork in the road, take it” is a saying made famous by the late, great Yogi Berra. It came to mind when I saw an article “Self-driving cars reach a fork in the road, and automakers take different routes” by Ashley Halsey III and Michael Laris in the August 24, […]
Continue reading Auto Autos—Take the Fork
Author’s note: This is the first of several columns about lessons that should have been learned from cybersecurity mistakes and nefarious activities that dominated, and likely changed the outcome of the 2016 presidential campaign. If there is one outstanding cybersecurity lesson that the U.S. presidential campaign should have taught everyone it is that you cannot […]
Continue reading Campaign Lessons Learned—Part 1: Email Security
The Washington Post, in a December 9, 2016 article “Secret CIA assessment says Russia was trying to help Trump win White House” by Adam Entous, Ellen Nakashima and Greg Miller, leaked a CIA report claiming that the Russians had manipulated the U.S. election by hacking into both Democratic and Republican databases and choosing to leak […]
Continue reading Alleged Russian Hacks … Is This Cybersecurity’s Tipping Point?
Two strikes against BAH (Booz Allen Hamilton)! First, Edward Joseph Snowden. Second, Harold Thomas Martin III. Both BAH contractors working for the NSA (National Security Agency). Will another strike against BAH mean that they are out … out of the cybersecurity contracting business, that is? No, I don’t think so. BAH employs some of the […]
Continue reading BAH, BAH, Black Sheep
My answer to this question is a resounding “yes.” But I don’t think that is the general view of cybersecurity professionals. After all, if business, government and other organizations pursued such a course, what would remain for cybersecurity folks to do? If you avoid the risk, then you don’t need professionals and tools to prevent […]
Continue reading Is Risk Avoidance the Key?