Lohrmann on Cybersecurity

Over the past few weeks, there have been several high-profile breaches announced involving state government systems - one in South Carolina and one in Utah. My first reaction was to think: There but for the grace of God go we.

So what is the right level of security? How do you know if you have gone too far, or not far enough in protecting critical systems? Do all business functions need the same level of security?

Everyone is talking about the sinking of the Titanic and they should be. Here are five lessons for technology and security professionals from the sinking of the Titanic ...

So how can this customer service theme work for security professionals? Allow me to tell you a true story.

Several hundred people had gathered for a second morning to hear the results and ask questions regarding the recently completed Gartner study, which covered all aspects of Michigan Governments Information, Communications and Technology (ICT).

Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."

Internet privacy has long been a hot-button issue. Central questions are being asked about who owns what data, how that data can be used by various companies to target individuals in marketing and whether users can opt-in or opt-out of various data-sharing approaches. Just as in other areas of life in America in 2012, these questions are often end up being settled in the courts.

I traveled to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012.

Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.

But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.

How many online social networks have you joined? I'm starting to wonder if there are too many social media sites that I participate in. Is a backlash coming?

FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.