Here are the Blogs in the Connecting the Dots category.
clear
Thursday, 16 February 2017
clear
blog preview image This week is RSA 2017 and I am counting hundreds of vendors exhibiting in San Francisco. This doesn’t count the others still in stealth mode and off the main show floor. They are all looking for the right formula to survive and grow. But what is that formula? In fact security startups aren’t much different ...Read More...
clear
Posted on 02/16/2017 3:20 PM by Fred Scholl
clear
Wednesday, 25 January 2017
clear
blog preview image I have been tracking the number of “cloud” jobs listed in Indeed.com for the past five years.  See the chart below.  This isn’t a scientific survey, but an indication of the openings with the term “cloud” in the job description.  Since 2012, this number has gone up continuously.  This month’s number ...Read More...
clear
Posted on 01/25/2017 11:13 AM by Fred Scholl
clear
Wednesday, 18 January 2017
clear
Occasionally a book on information security comes along that is required reading by all. The Spy Who Couldn’t Spell is one of those books. Published in 2016 and written by journalist and writer Yudhijit Bhattacharjee, it includes pretty much everything that security professionals deal with every day.  The ...Read More...
clear
Posted on 01/18/2017 1:55 PM by Fred Scholl
clear
Tuesday, 10 January 2017
clear
blog preview image There is no shortage of headlines stating the cybersecurity professionals shortage as a fact. For example, this one from Information Week. I have taught security at the graduate level, and can report that all my students found good jobs. But I get a little skeptical after reading all of these headlines ...Read More...
clear
Posted on 01/10/2017 10:25 AM by Fred Scholl
clear
Wednesday, 21 December 2016
clear
A few weeks ago, I was asked to comment on the "most underestimated IT security threat".  My answer was "us".  The full post is here.  My conclusion is going to be valid for 2017 and at least the next 10-20 years.  Why?  Because there are no magic pills to prevent cybersecurity failures.  Only your ...Read More...
clear
Posted on 12/21/2016 10:41 AM by Fred Scholl
clear
Tuesday, 6 December 2016
clear
President Obama's Commission on Enhancing National Cybersecurity issued its report on December 1, and I thought it had some good recommendations.  I was expecting a long list of regulatory requirements, but did not find those.  Now we have to wait to see if the incoming President chooses to follow the ...Read More...
clear
Posted on 12/06/2016 3:19 PM by Fred Scholl
clear
Monday, 28 November 2016
clear
Today, there are a large number of security startups trying to assure our data and infrastructure.  I have done two data communications start-ups in the past, over a period of 13 years.   One company was acquired by a larger firm; the second went public on NASDAQ.  The following reading list represents ...Read More...
clear
Posted on 11/28/2016 1:35 PM by Fred Scholl
clear
Sunday, 2 October 2016
clear
It is obvious that cyber security will continue to play an important part in national security.  But as a Washington outsider, it is difficult to see inside government policies and organizations that are responsible for this security.  Michael Hayden has taken a significant step in providing this insight ...Read More...
clear
Posted on 10/02/2016 11:07 AM by Frederick Scholl
clear
Friday, 16 September 2016
clear
Information security used to be part of IT.  That has changed recently;  security now needs to be independently aligned with the business operations, not just IT operations.  The PCI SSC calls this "Business as Usual" (BAU).  NIST CSF talks about aligning cybersecurity requirements with business activities. ...Read More...
clear
Posted on 09/16/2016 5:26 PM by Frederick Scholl
clear
Sunday, 11 September 2016
clear
Business Email Compromise (BEC) continues to be one of the most successful information security attack vectors.  Criminals steal email addresses and passwords of C-level executives and then use this information to initiate fraudulent financial transfers from the executive's employer to the criminal's ...Read More...
clear
Posted on 09/11/2016 8:35 PM by Frederick Scholl
clear
Monday, 5 September 2016
clear
Enterprise Risk Management (ERM) has been around at least since the days of the Trojan Horse.  Information security risk management can learn much from ERM and avoid reinventing the wheel.  The National Association of Corporate Directors (NACD)  made this clear in the 2014 handbook Cyber-Risk Oversight.  ...Read More...
clear
Posted on 09/05/2016 3:04 PM by Frederick Scholl
clear
Saturday, 3 September 2016
clear
My approach to risk assessment always includes analysis of actual breaches in an industry similar to the client industry.  This is the evidence based component of risk analysis.  On July 28, 2012, three protesters broke into the Y-12 Highly Enriched Uranium Manufacturing Facility (HEUMF) in Oak Ridge, ...Read More...
clear
Posted on 09/03/2016 2:24 PM by Frederick Scholl
clear
Wednesday, 16 April 2014
clear
Reuters reports today the guilty plea and plea agreement of Kody Peterson, charged with illegally distributing Android apps.  The conviction was the first copyright theft case involving Android apps.  The case was tried in US District Court for the Northern District of Georgia.  The original ...Read More...
clear
Posted on 04/16/2014 7:56 PM by Frederick Scholl
clear
Thursday, 25 July 2013
clear
Universities are traditionally open, without all of the information security controls that are implemented in the corporate environment.  Not surprising, given that the term university means community.  It is hard to build community with overly restrictive security controls. Now, however, ...Read More...
clear
Posted on 07/25/2013 1:13 PM by Frederick Scholl
clear
Monday, 3 June 2013
clear
On May 31, the Cloud Security Alliance released a white paper entitled “Cloud Computing Vulnerability Incidents:  A Statistical Overview”.  This paper analyzes published cloud vulnerabilities reported in the news media from 2008 to 2011.  A total of 172 unique cloud incidents ...Read More...
clear
Posted on 06/03/2013 11:09 AM by Frederick Scholl
clear
Tuesday, 5 February 2013
clear
Our local newspaper, The Tennessean, recently ran a story on the Y-12 nuclear facility break-in last year.  The defendants are now scheduled for a May trial in the Eastern District Court of Tennessee.  This prompted me to review the Inspector General’s Y-12 security breach report  ...Read More...
clear
Posted on 02/05/2013 9:57 AM by Frederick Scholl
clear
Monday, 15 October 2012
clear
There is a debate among security professionals as to whether a strong compliance or strong security program best protects the enterprise.  Arguments along the lines of compliance is “just satisfying a checklist” and “security is not compliance” are offered.  Obviously ...Read More...
clear
Posted on 10/15/2012 3:00 PM by Frederick Scholl
clear
Thursday, 2 August 2012
clear
Many businesses today assume that their workers will report to home in the event of a disaster at the corporate offices.  In fact, workers are already telecommuting or working full time in home offices.  The widespread implementation of broadband connectivity has made this possible.  In many cases corporate ...Read More...
clear
Posted on 08/02/2012 3:17 PM by Frederick Scholl
clear
Wednesday, 22 February 2012
clear
The rush to cloud computing has brought about amazing new services, but, without adequate vendor monitoring, businesses may be building digital supply chain risks that will show up later when cost and market pressures are felt by cloud vendors.  We can learn from business processing outsourcing ...Read More...
clear
Posted on 02/22/2012 1:46 PM by Frederick Scholl
clear
Friday, 17 February 2012
clear
The NY Times reported on 2/15/2012 the amazing story of Edward Maher, the suspect in a $1.5M 1993 armored car heist in the UK.  Recently apprehended, for almost 20 years he had been on the run in the US.  He had a number of regular jobs including, including eight years at Nielsen, the television ...Read More...
clear
Posted on 02/17/2012 11:36 AM by Frederick Scholl
clear