Security comes from policy as much as technology
“Every element of company operations has a cyber aspect,” Brooks says. “It’s not just the technical. It’s the policies….So it’s really important to have that working relationship across the organization, and that’d be the recommendation I’d make to any C-suite. If you don’t have your CSO and CIO and CTO involved directly with the leadership of the company — or agency if you’re in government — then you’re going to run into issues.” Read more at AT&T Business.
The data integrity issue becomes an economic problem really freaking fast. If you’re spending valuable resources to ensure your data is legitimate, those valuable resources (like time and money) can’t be used for your mission-critical operations.
Previously, I brought attention to what I believe is one of the biggest cybersecurity challenges: data integrity. As I note in a different piece, we have entered a strange phase in our history where questioning “evidence” is not such a ludicrous idea.
For example, altering photographs digitally so you can’t tell there have been alterations is a full-time job. This is great for art as we try to clean out any imperfections. It’s not so great when used to conceal a crime. Or alter a map or financial statement or design schematics. I’m confident you get the point.
And just to be clear, there are benign mistakes that can happen. Not all acts are nefarious. Here’s the key that ties everything together: it’s crucial to have the confidence that the data you have in your possession is accurate. Continue reading “Data Integrity Follow Up: Ways to Protect Your Data”
You can’t say let’s just spend a little bit of money and make it look good.
Watch the interview with Shawn Tuma on Business Security Weekly. Episode #76.
Continue reading “What is “Reasonable Cybersecurity?””
Data integrity is an important issue to keep an eye on because of that entire confidence thing we talked about earlier. Without confidence, we’re going to run into a lot of problems that will not be easy to untangle. And that untangling will be mega-expensive.
Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do.
But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous pieces, the lexicon we use can be troublesome at times. This is particularly true when there is room for cultural interpretation (that’s one of the reasons why curbing international cybercrime is real hard).
That lexicon problem extends into many different areas, including what “protecting” the data means. “Protecting” data goes well beyond making sure it doesn’t get stolen. It means the data isn’t tampered with and is still usable, as it was originally intended to be used. That data can be financial statements, design schematics, or RFP bids.
Here’s the key that makes the world go around and around: confidence. If counterfeit data starts to circulate widely, our confidence in the data begins to diminish. Therefore, it’s just a matter of time before I start asking: do I really trust this financial statement, design schematic – whatever really – to be legitimate? If I don’t, I got a problem. And if I no longer want to accept the data you’re giving me as legitimate, you got a problem, too. Continue reading “Data Integrity: The Next Big Challenge”
Just as business leaders have shifted their mindset to account for the inevitability of a data breach, the many cybersecurity calamities of 2017 should influence them to reassess how they treat Cassandras and prepare their security teams for a potentially catastrophic cyber event.
After such a tumultuous 2017, it’s hard to imagine things getting worse in the cybersecurity world, but one book predicted just that. While not solely focused on cybersecurity disasters, “Warnings: Finding Cassandras to Stop Catastrophes” by Richard A. Clarke and R.P. Eddy is a wake-up call for business leaders and lawmakers who often fail to heed warnings from experts about future calamities in the making, many of which are related to the evolving technology landscape.
Chief information security officers (CISOs) are sure to appreciate the many references to IT and security, and will likely want to share the book with the top leadership at their organization. In fact, The Washington Times called the book “essential reading” to understand how to improve our ability to deal with the “pervasive and continuous turbulence” of our times. Continue reading at SecurityIntelligence.com.
We’ve clearly fallen behind the times legislatively with respect to cybersecurity laws.
Perhaps you noticed from a recent Vanity Fair publication that Oprah Winfrey has three hands and Reese Witherspoon has some odd looking legs. Of course they really don’t. This was just “magic gone wrong” in the world of photo editing and likely invoked more than a few Homer Simpson “d’ohs!” and forehead smacks.
Goofy mistakes aside though, some photo editing and CGI work has been quite impressive and will surely get better. AI is even playing a role in this space. We’re going to keep this blog G-rated, but if you’re following the technology, it is possible to put somebody’s face on somebody else’s body in videos that are highly suggestive. Thankfully, at quick glance you can still tell these are fakes, but for how long will the naked eye be able to spot a fake?
So what do fake images and videos have to do with cybersecurity? Well, it’s a question of data integrity. Continue reading “The End of Evidence”
And that’s it. That is the entire basis for developing these principles, the rules of the road, these guiding lights, so that we can protect these systems we so dearly rely on.
What is a principle? The “know all” (aka, Google) tells us a principle is: “a fundamental truth or proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning.”
What is a communication system? The other “know all” (aka, Wikipedia) tells us a communication system is: “In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment usually capable of interconnection and interoperation to form an integrated whole.” Continue reading “The Principles of a Safe Secure & Intelligent (S2I) Communications System”
I think government is traditionally been way behind on procurement issues and recently, enactment of legislation for modernization has taken place. They’re trying to replace a lot of legacy systems.
Our guest today was recently named by LinkedIn as one of the top five people to follow in cybersecurity issues among their 500 million members. He was also just selected as LinkedIn to be an advisor on cybersecurity and emerging technology issues, and we’re lucky enough to have him here in the studio– Chuck Brooks of Chuck Brooks Consulting. Chuck, thanks for joining us. Continue reading “Local LinkedIn pick as cybersecurity guru talks trends”
Information is just another form of currency (arguably, the most valuable), which is why if you believe in the old saying “cash is king” then we should really start thinking “data is king” also.
How annoyed are you when you find out you lost some cash? Whether it is a few bucks in your jeans pocket or that “emergency stash” under the mattress, losing that “cold hard cash” is a feeling that always twists your stomach. Sometimes you blame yourself. Sometimes you blame others. Depending on the amount lost, your emotions could range from the standard “how could I be so stupid?” to a profanity-laced tirade that is not suitable for print here.
Question: do you feel the same way when you experience credit card fraud? My instinct is that while you would feel some sort of violation and negative feelings, it’s just not “the same” as losing cash. Continue reading “Treat Your Data Like Cash”
Does your company truly care about cybersecurity, or is it just going through the motions and asking you to check off the boxes?
Cybersecurity attorney Shawn Tuma tells us that courts and attorneys are getting pretty good at determining the difference—which can impact the cost of litigation in a major way after a cyber incident.
It is 2018 and you must be able to show your work toward “reasonable cybersecurity.” In part 1 of this report, Tuma shared the high-level answer to what “reasonable cybersecurity” is. Now, in part 2, he offers specifics on what you must be doing, at a minimum, to secure your business.
Continue reading to watch the video. Continue reading “How Courts & Attorneys View ‘Reasonable Cybersecurity’ in 2018”