Archives: Articles

From the Winter 2017 Issue

The Difference between Data Security and Privacy

Author(s):

Mark R. Heckman, Ph.D., CISSP, CISA, Professor of Practice, Shiley-Marcos School of Engineering University of San Diego

The difference between data security and privacy

Data Security and privacy are related, but distinct concepts. That may seem obvious to many people, but relatively few can clearly explain the difference. Privacy, moreover, is impossible without data security. This idea does not work the other way around, and the reason why that is true is often missed. Without a clear understanding of … Read more

From the Winter 2017 Issue

Train Like You Fight: Cyber Workforce Alignment

Author(s):

Chad Carroll, Chief Strategy Officer, Chiron Technology Services, Inc.

Over the past few years, industry surveys have highlighted the demand for technically skilled cybersecurity professionals, exposing a fundamental workforce shortcoming. The way industry identifies, trains and validates cybersecurity skills is outdated and misaligned. If the current training paradigm continues, the workforce will not grow in a manner responsive to the threat environment, and we … Read more

From the Winter 2017 Issue

CyberUSA Building National Resilience

Author(s):

Staff Writer, , United States Cybersecurity Magazine

“It is imperative that American communities pull together on cybersecurity.” warns Tom Ridge, the nation’s first Secretary of Homeland Security and Chairman for the recently launched non-profit CyberUSA. “This is the new battlefront for both national security and economic security. That’s why we need to organize better nationally to get our private sector working together … Read more

From the Winter 2017 Issue

An Analytical Framework for Cybersecurity Assessment

Author(s):

Dr. Colonel Gabi Siboni, Founder, G. Bina Ltd.

Cyber threats have become a major problem for every organization. There are many technological solutions, defenses, a lot of advice and many advisors. Before these can be effective, an organization must be able to frame the problem. Specifically, it must understand whether its defenses can mitigate cyber risks, and whether they are effective against existing … Read more

From the Winter 2017 Issue

Cybersecurity and Small Business Survival

Author(s):

David Thomas, MCSE, Director of Technology Services, Kenneally Technology Services

The “little guy mentality” can no longer be relied upon to protect and safeguard your systems in today’s environment.  Much attention has been paid to major data breaches that have affected large corporations, United States government agencies, not-for-profits and political organizations. This attention has resulted in the allocation of significant resources, both monetary and intellectual, … Read more

From the Winter 2017 Issue

TOP 10 Cybersecurity Conference Tips

Author(s):

Paul de Souza, CSFI-CWD (Cyber Warfare Division) Founder Director, Military Cyber Professionals Association (MCPA)

As cyber security professionals, many of us enjoy attending conferences and events for a variety of reasons. No matter your intent or agenda, there are certain principles to follow that will help you get the most out of your conference experience. Perception can be reality. People observe, people talk, people share. How you are perceived … Read more

From the Winter 2017 Issue

The Changing Dynamics of Cyber Assessments

Author(s):

John Williams, CEO, CyVision Technologies, Inc.

Cybersecurity is a lot like meteorology. For example, hurricane tracking systems fuse disparate weather data into a common model that supports situational awareness, decision making and response planning. A single datum, such as wind speed or barometric pressure is not sufficient to determine the hurricane’s path. The model’s accuracy is dependent on the integration of … Read more

From the Winter 2017 Issue

The Move to Standardization and Open Architectures Enable Cybersecurity Automation for Government Sector

Author(s):

Steve Kirk, Vice President, Fortinet Federal

As networks become increasingly complex, with wireless connectivity, the move to the cloud, BYOD, and the Internet of Things, they present ever-growing opportunities for compromise. Most organizations have deployed several security devices as part of their overall security infrastructure, usually from different vendors. Often, those devices don’t talk to one another. These interoperability challenges can … Read more

From the Winter 2017 Issue

Security through Planned Destruction— Using the Cloud to Reduce APT Risk 

Author(s):

Chris Rutherford, CISSP, CAP, Senior Strategic Cyber Consultant, LMI

David K. Shepherd, CISSP, PMP, Senior Consultant, LMI

Many network attacks gaining attention today are advanced persistent threats (APT) that aim to maintain access for long-term data exfiltration. The advent of cloud infrastructure provides a new avenue of defense against persistent network attacks. The ability to plan the destruction and re-creation of virtual machines in the cloud environment can dramatically reduce the time … Read more

From the Winter 2017 Issue

Achilles Heel: The Vulnerability of Embedded Firmware

Author(s):

Terry Dunlap, Founder and CEO, Tactical Network Solutions

Embedded firmware “is the flash memory chip that stores specialized software running in a chip in an embedded device to control its functions.”1 It’s everywhere – in computers, large and small electronic devices, Internet of Things (IoT) devices, medical devices, phones, tablets, cars and a host of other places. The vast majority resides in vulnerable … Read more