March 17, 2013    /    by

New NIST Cybersecurity Framework: Your Input Needed

The National Institute of Standards and Technology (NIST) issued a press release recently announcing the development of a new framework to reduce cyber risk. What do they need right now? Your input.

The day after President Obama released the “Improving Critical Infrastructure Cybersecurity Executive Order,” the National Institute of Standards and Technology (NIST) issued this press release announcing the development of a new framework to reduce cyber risk.

What do they need right now? Your input by April 8. READ MORE

March 9, 2013    /    by

The Top 100 Most Innovative Infrastructure Projects in the World

What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?

What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?

These were just a few of the questions that are answered in the annual study performed by KPMG which outlines the Infrastructure 100: World Cities Edition.   READ MORE

March 3, 2013    /    by

Three Takeaways from the 2013 RSA Conference in San Francisco

The largest cybersecurity conference in the world was held this past week - RSA in San Francisco. The 2013 show was as big and, in reality, overwhelming as ever. He are a few takeaways.

   The largest cybersecurity conference in the world was held this past week - RSA in San Francisco. The 2013 show was as big and, in reality, overwhelming as ever. There are literally thousands of articles and press releases that come out each year about the companies, products, awards, people and the hottest global security topics related to the greatest IT security show on earth.

There are so many conference sessions, side-meetings, receptions, demonstrations, bake-offs, dinners (and lunches and breakfasts), separate conference running concurrently and more that it is hopeless to think that attendees can participate in even a small fraction of the available activities. The vendors know that most security leaders with influence are somewhere in San Francisco during the week, and they all want to have “face-to-face” time over a meal or coffee. READ MORE

February 24, 2013    /    by

Seven Actions for Governors on Cybersecurity: A Transcript from the NGA Winter Meeting 2013

Yesterday, I was given the opportunity to speak on a panel at the National Governors Association (NGA) Winter meeting in Washington. Here is a transcript of my opening remarks which offer seven actions for Governors to take on cybersecurity.

Yesterday, I was given the opportunity to participate as a member of a panel entitled "States and Cybersecurity" at the National Governor’s Association (NGA) Winter meeting in Washington. This Health and Homeland Security Committee session was broadcast live on CSPAN and can be viewed here.

The other panelists discussing cybersecurity were Richard A. Clark, Chairman and CEO of Good Harbor Security Risk Management, and David Hannigan, Chief Information Security Officer at Zappos. We were asked to focus our opening remarks on action steps that states could take and not elaborate on the cybersecurity threat situation, which was covered in another briefing. READ MORE

February 19, 2013    /    by

Reactions to the Presidents EO on cybersecurity are all over the map

What are bloggers and other commentators saying about the new EO on cybersecurity and PPD-21?

Most readers of this blog already know that President Obama released an executive order last week on the topic of cybersecurity. The actual text of the executive order, along with the text of the more detailed Presidential Policy Directive / PPD-21, offer a glimpse into the future of our cybersecurity battles in America over the next few years.  

I have waited almost a week to comment so that I could summarize global reaction to these new edicts. As I mentioned before the executive order came out, new guidance on cybersecurity was almost inevitable for a variety of reasons. Well now the federal government’s sector-specific agencies have their marching orders, and like it or not, it appears to be time for critical infrastructure owners and operators to get on board the ship and do more to address weaknesses and raise the bar on cyber protections. READ MORE

February 10, 2013    /    by

Report: Executive order on cybersecurity coming after State of the Union address

According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address.

According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address. The State of the Union address is scheduled for Tuesday, February 12.

The administration, which has been drafting the order for at least six months, plans to set up voluntary cybersecurity standards for owners and operators of critical infrastructure such as water treatment plants, electric utilities and railway systems.  READ MORE

February 5, 2013    /    by

Social media notifications: Is it time to cut back?

Notifications sent from social media companies. Some people love them others want them to go away.

Notifications sent from social media companies. Some people love them – others want them to go away.

Is your inbox filling up with reminders for you to logon - or miss out? Has guilt or curiosity been used to get you to come back? Lately, I’ve come to discover that emails can be helpful, annoying, rude and even fake. READ MORE

January 29, 2013    /    by

Global Internet Connection Speeds: America lags far behind leaders

If Internet connection speed was an Olympic event, America wouldn't even get a medal.

If ‘Internet connection speed’ was an Olympic event, the USA wouldn’t even get a medal. In fact, America would finish somewhere between 9th and 24th, depending on the exact event – I mean comparison. This assessment comes from a recent Akamai report on “The State of the Internet.”

According to this CNN article, which commented on the report, Hong Kong takes Internet speed title: READ MORE

January 22, 2013    /    by

Work - Life Balance: Is It Time To Change The Name?

Is it time to change the way we think about work / life balance? I'm not sure, but I've become more open-minded on this issue. Allow me to explain.

Is it time to change the way we think about work - life balance? I’m not sure, but I’ve become more open-minded on this issue. Allow me to explain.

Last week, I was speaking at an ISACA Detroit meeting, and an interesting debate came up at dinner. This conversation ensued after my presentation on: Why Security Professionals Fail – And Pragmatic Solutions to Help Succeed. The fun, yet challenging, discussion revolved around strategies for dealing with career burnout. READ MORE

January 14, 2013    /    by

EU report says cyber attacks target trust: From identities to infrastructure

The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape - including infrastructure.

The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape. The excellent report “is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 140 recent reports from security industry, networks of excellence, standardization bodies and other independent institutes have been analysed.”

 In my view, the comprehensive approach used to create this PDF document makes it worth taking the time and energy to read throught the entire document in detail. The extensive coverage of topics includes definitions and activity in these areas of: “Drive-by exploits: Worms/Trojans , Code Injection Attacks, Exploit Kits, Botnets, Denial of service, Phishing, Compromising confidential information, Rogueware/Scareware, Spam, Targeted Attacks, Physical Theft/Loss/Damage, Identity Theft, Abuse of Information Leakage, Search Engine Poisoning, Rogue certificates.” READ MORE