CSO

There are many more metrics we could cover that describe the state of current agency efforts to security the nation’s critical infrastructure but I believe this is enough to demonstrate the current maturity of the efforts.

The new cyber commands within the US military will need to establish mercenary programs with private industry, virtual cyber forces that perform offensive actions against entities hostile to the US Government and critical infrastructures.

Government agencies need to examine the relationships they have and come to a realization that they just may need new blood not cut from the same mold of the beltway bandits. It is time for experienced security leadership to take hold.

Napolitano is making a great leap of faith that we are at that point in the Cyber Security maturation cycle and this leap is much like Evel Knievel’s jump across the Snake River.

Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.

The amount of labor and effort to run this operational task has worn thin. No longer am I interested in dealing with tape for anything but keeping my bumper on the old car with duck tape. Other than that, tapes and cartridges need to go the way of the floppy disk. Time to take them out back and shoot them!

This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.

According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued. In a business context, corporate values and culture define the Tao. The success of any strategy depends on how it is supported by the Tao.

Gartner points out that encryption must be extended to all personal computers, not just company servers. Encryption not only addresses data leakage during personal and business use, but also when the hardware is retired. Disposed hard drives are often salvaged for the information they store. They recommend using strong encryption on files containing such information. Encryption Security Solutions' eSafe addresses this need.

What may 2030 look like to a CISO/CSO or the regular information security practitioner?
What will be the prevalent form of Information Security Risk Management?

Although I can’t provide definitive answers I feel confident enough to share some thoughts and predictions knowing that it is unlikely that I’ll be made accountable for them in 20 years.
Nonetheless, this may be a useful exercise to foster longer term strategic thinking about the infosecurity community, the market and the evolution of threats and risk.