CSO

From Cyber Jihad to Human and Computer Viruses - It has been a busy week

By Andrew Jaquith

Napolitano is making a great leap of faith that we are at that point in the Cyber Security maturation cycle and this leap is much like Evel Knievel’s jump across the Snake River.

The amount of labor and effort to run this operational task has worn thin. No longer am I interested in dealing with tape for anything but keeping my bumper on the old car with duck tape. Other than that, tapes and cartridges need to go the way of the floppy disk. Time to take them out back and shoot them!

By Khalid Kark

This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.

I recently visited Africa for the first time, and I was impressed. The South African government invited me to give a keynote speech at GovTech 2009 in Durban on hot cyber security trends within governments around the world. Not only was the conference impressive, I met people of different nationalities before, during and after the conference who convinced me that we have cyber allies in every corner of the globe.

Cyber experts: we need to think globally and act locally.

SecurityBinge – a team composed of Chris Martin aka pr34ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hackers’ perspective. SecurityBinge, according to its founders, “will have a community-driven focus in the delivery of its high quality video productions.”

According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued. In a business context, corporate values and culture define the Tao. The success of any strategy depends on how it is supported by the Tao.

What may 2030 look like to a CISO/CSO or the regular information security practitioner?
What will be the prevalent form of Information Security Risk Management?

Although I can’t provide definitive answers I feel confident enough to share some thoughts and predictions knowing that it is unlikely that I’ll be made accountable for them in 20 years.
Nonetheless, this may be a useful exercise to foster longer term strategic thinking about the infosecurity community, the market and the evolution of threats and risk.