We all have our take on IT security, and if you’re reading this post it means you want to hear more. So do we, that’s why we have reached out to some well-known IT experts in the security blogosphere and asked them to share some invaluable tips with our readers.
Let us know what you think and share any tips you may have – we want to hear more!
While we all know that businesses should be talking to their clients, Brian Honan stresses the importance of communication within an organization. This communication, he says, is vital for addressing security challenges.
“Engage with the people within your business. Talk to senior management to see what their goals and objectives are for the year, such as is the business going to expand or contract. In this way you can better prepare for any challenges ahead. Speak to line managers to understand the challenges they face and how can you provide secure solutions for them. Finally, talk to end users so they are aware of the security threats facing your organisation and are educated and prepared on how to deal with those threats.”
Brian Honan Bio:
Brian is internationally recognised as an expert in the field of information security and has worked with numerous companies in the private and government sectors, in Ireland, Europe and throughout the United Kingdom. Brian has also provided information security advice to the European Commission.
Brian is the author of ISO 27001 in a Windows Environment, and co-author of The Cloud Security Rules. Brian’s work has been published in many respected trade publications and he is a prolific blogger for Information Security Magazine. He is also European Editor for the bi-weekly SANS NewsBites newsletter which reaches over 500,000 information security professionals.
Branden Williams has some advice when it comes to that ultimate security issue: the correct use and maintenance of good, strong passwords.
“While passwords are still the most common authentication mechanism, they are also the weakest. Spend this year following good guidelines with a password locker, and change all of your passwords to be unique to each site. In addition, where two-factor authentication is available (such as your online bank, Google, DropBox, eBay, or Paypal), enable and use it!”
Branden Williams Bio:
Branden has over 15 years of experience in technology and information security. He has extensive experience in Linux, Solaris, and Microsoft Windows (2K/2003) server platforms, and further experience in other operating systems including Mainframe (z/OS), BSDI, HP/UX, AIX, and OS X. Branden also has experience with Cisco IOS/PIX, WatchGuard, IPTables, Checkpoint and other technologies.
Branden was designated as a Fellow of the Information Systems Security Association (ISSA) and an Adjunct Professor at the University of Dallas’s Graduate School of Management. He publishes regularly and co-authored a book on PCI Compliance.
Branden is a CTO at a major security firm, a doctoral business student, and currently sits on the PCI Board of Advisors.
Ben Tomhave talks about compliance and litigation repercussions within the field of IT security and risk management.
“Get your house in order. The clock is running out (if it hasn’t run out already) on building a commercially reasonable, legally defensible security and risk management program. The old zero-sum ways must be abandoned. Incidents will happen, but you can do much to reduce their impact, even if those incidents occur in a cloud environment or are amplified by BYOD policies. Businesses must be able to demonstrate good decision-making processes relative to risk management, or they will be subject to civil (and possibly criminal) litigation. This will affect all industries, including law firms.”
Ben Tomhave Bio:
Ben Tomhave (MS, CISSP), helps global enterprises, SMBs and service partners unlock the real promise of integrated governance, risk management and compliance through his current role as Principal Consultant for LockPath, a market-changing GRC software company.
A distinguished author and experienced speaker, he currently serves on the board of the Society of Information Risk Analysts and as co-chair of the ABA InfoSec Committee within the Section of Science & Technology. He is also a member of ISSA and the IEEE Computer Society, and holds a MS in Engineering Management from The George Washington University with an InfoSec Management concentration.
Pierluigi Paganini looks forward at what 2013 might bring for those involved in IT security and offers his predictions.
“The major factors contributing to the diffusion of new cyber threats in 2013 will be the increasing use of social media platforms and mobility. Those that will be most active in cyberspace are the cyber-criminal groups and hacktivists. Contrary to the opinion of some security experts, I believe that the hacktivism phenomena can assume an important role in security.
In 2013 we will also observe increased state-sponsored attacks, and governments will become more active in both the defensive and offensive sectors. In addition, control and monitoring activities will increase in significant way.
Fortunately, the global level of awareness of cyber threats is also rising as never before.”
Pierluigi Paganini Bio:
Pierluigi is a company director, researcher, security evangelist, security analyst and a freelance writer.
He is a security expert with over 20 years experience in the field, and a Certified Ethical Hacker at EC Council in London. His passion for writing, and a strong belief that security is founded on sharing and awareness, led him to found the popular security blog “Security Affairs”.
He is also the chief information security officer for Bit4id, which is an industry leader in identity management. Pierluigi also works as a writer with several major publications in the field, such as Cyber War Zone, Infosec Island, The Hacker News.
Debra Littlejohn Shinder
Debra Littlejohn Shinder gives us some very wise words of wisdom about the changing face of corporate IT and how this relates to security.
“The nature of corporate IT is profoundly changing. Ten years ago it was all about protecting the network perimeter. In 2013, we’ll be dealing with the new challenges brought by cloud, mobile and BYOD. To avoid expensive (and possibly reputation-destroying) security breaches, organizations will have to shift from a reactive to a proactive mode and get serious about developing plans and policies to address the current chaos that always comes with major transitions.
Cyber attackers, like the old school criminals who burglarize homes or mug victims on the street, generally target the weakest links. Your security doesn’t have to be the very best money can buy; it does have to be better than average to convince the bad guys to move on to an easier target. It’s better to have a good security strategy in place now, than to have a perfect one “in the works.”
Debra Littlejohn Shinder Bio:
Debra Littlejohn Shinder is a former police officer/criminal justice instructor who now makes her living as an IT analyst, author, trainer and speaker. She has written or contributed to 26 books, published over 800 articles and has been living online, along with her husband Tom (whom she met via the Internet), since the mid-1990s.
On April 1, 2012, Deb Shinder received the Most Valuable Professional (MVP) award from Microsoft with area of expertise in Enterprise Security for the eighth year in a row.
Chris Boyd offers his thoughts on how scammers might be looking for greener pastures where users might not be wise to their tricks.
“Mobile devices, gaming and less well known social networks will likely see the most interesting forms of attack. Over a portion of 2011 and most of 2012, Tumblr saw some really new and innovative scams and attacks on end-users; now, those tactics are starting to repeat themselves and slowly but surely the user base is growing wiser. The only solution for scammers is to mix things up a little, or go elsewhere. And I’d be surprised if they don’t attempt to ply their trade on a newer, smaller social network.”
Chris Boyd Bio:
Chris is a six time recipient of the Microsoft MVP in Consumer Security, and a former Director of Research for FaceTime Security Labs.
He has been credited with finding the first rootkit in an Instant Messaging hijack, the first example of a rogue web browser installing without permission, the first worm on the Google Orkut network and the first example of a DIY Botnet creation kit for Twitter.
His specialties include Botnets, Spam, Phishing, P2P, Instant Messaging, Ad/Spy/Malware, Worms, Social Networking attacks/exploits and videogame console exploitation. He currently works as a senior security threat researcher for ThreatTrack Security.
Don’t forget to share your thoughts on what these IT security professionals had to say, or share your own tips by leaving a comment below.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!