For several years I have been honored to be a guest at the annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective organized at the University of Maryland by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance; Martin Loeb, professor of accounting and information assurance and a Deloitte & […]
Step into the Forefront of Cybersecurity
Welcome to our Spotlight section. Here we showcase the most attention-worthy news and events, jaw-dropping products and top shelf services, rapidly rising players, and can’t-miss research and standards to keep you in the know when it comes to the cyber security industry, especially active cyber defense. We highlight how cutting edge active cyber defense strategies, products, and ideas apply to your field, whether you’re in computer security, cloud security, network security, IT security, adaptive security itself, or any other brand of cyber security. We’ve got you covered.
- Cyber Solutions Reviews – Discover new capabilities, functionality, tactics or strategies as we review and compare products and services offered by a diverse range of cybersecurity companies.
- Interviews – Learn from the experts and stand out individuals as we discuss their fresh perspectives on key concepts, debate hot topics, and reveal their success stories and tough lessons from their experience in the cyber security space.
- Cybersecurity News & Events – Get the inside scoop on the most interesting stuff happening right now in cybersecurity, or check out our calendar for a heads up so you don’t miss upcoming industry events.
- Research & Standards – Ensure that you’re up to date with the rules of the road, and gain insights from trending research, major reports, and more.
Assuring the secure adoption of a new technology, assessing your software supply chain for risks, hunting for vulnerabilities in your infrastructure are all complex and challenging tasks – but ones that are critical to securing your business or government agency. Having specialized, automated tools that are seamlessly integrated using standard methods and interfaces can significantly […]
Agile risk assessment at industrial scale Operational technology (OT) systems now connect operations and maintenance equipment to information technology (IT) infrastructures. Doing so enables increased automation and real-time, data-driven decision making. Increased connectivity also amplifies risk, exposing critical infrastructure systems—and entire operations—to new opportunities for cyber attack. Traditionally, assessing system risk has been a manual […]
In my last article on the EO 14028 I mentioned that I thought there were several parallels between what the EO was calling out and some of the concepts and technologies that I discussed in my interviews and articles over the last 6 years. I constructed this crosswalk to reflect these relationships. I also added […]
Early this past summer 2021 a friend of mine was asking me about Executive Order 14028 on Improving the Nation’s Cybersecurity and I had to admit that I had largely ignored it. Frankly, I have experienced many similar bureaucratic moves in the past when it comes to cybersecurity and none seemed to have the impact that was […]
People make decisions every day that involve risk and uncertainty. Generally, we reconcile a variety of decision models using risk criteria often provided by organizational policies and/or guided by a variety of personal belief and trust systems. Many times we are forced to address ambiguous situations in uncertain ways, using uncertain terms and with uncertainty […]
Current Security Trends Reveal Difficulties in Assuring Authenticity Recently I was thinking about some of the major security challenges and problems of 2020 and going forward into 2021 like the ongoing SolarWinds supply chain mitigation issues; election fraud; the problems around disinformation and deepfakes; false flags in cyberattacks and the difficulties in making accurate attribution; […]
A Plethora of Standards and Guidance for OT / IoT Security In my research into OT and IoT systems security, I have come across a plethora of guidance and standards from various organizations and standards bodies. To some extent, this wide range of guidance is difficult to get your arms around to figure out what […]
Recently, I was talking with my daughter, the engineer, about testing. She is the lead engineer for payload integration and test for a large NASA space telescope. Our discussion got me to thinking about cyber testing and test metrics. From her space telescope perspective, it is very expensive to conduct tests, with some tests requiring […]