Security / Opinions

Make cybersecurity one of your top resolutions for 2014 - and stick to it, writes Anu Nayar, head of security, privacy and resilience at Deloitte NZ

Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at the RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access - you have to rethink all types to security to protect data and lives.

The outrage is more about media hype, hypocrisy and grandstanding than firm principles.

Restoring trust in our information systems after Edward Snowden's NSA revelations will take years -- if it can be done at all.

Scammers are nothing if not innovative. It just goes to show that the best defense is an educated workforce.

Companies have to fully confront the privacy issues they face and rethink their policies from the bottom up.

Issuing deceptive statements is no way to win back customers' trust. That's a lesson for anyone who might find itself in Target's position someday.

Hackers have exposed millions of passwords from Facebook, Google, and Twitter. Sadly, password compromise is so common that it barely even registers as news any more. Suffice to say that it's probably time to change your password again.

As early as 2007, if not earlier, Windows users encountered the very first rogue antivirus programs. Even today, end users are easily fooled by this vicious type of malware.

Security incidents are a complete disruption of my normal day-to-day activities. I love them. I especially like it when they uncover systemic problems we might not otherwise have found out about. We had one of those this week.

Premier 100 IT Leader Catherine Bessant also answers questions on pursuing a master's degree and getting buy-in from the business.

In a nutshell: The ever-increasing popularity of mobile devices has changed the way many enterprise users deploy technology, with an ever-increasing body of employees now bringing their own devices into work with them. The enterprise, meanwhile, focuses on ensuring its data is available securely to these devices. So, how prevalent is this trend really?
I'll skip the potential cost savings; relative to the extent of your enterprise, a move to mobile devices in replacement of PCs will indeed save a little cash, but this will quickly be eaten up by the IT departments need to make data available and secure.

Once upon a time, IT said unto select employees (in biblical tones): "Thou lucky employee, thou shalt have this very expensive cellphone (sign here) and thou shalt want no other. Go forth and communicate," adding, "and, lo, thou shalt also have this very expensive laptop (sign here as well) and thou better not break it, buster. Now, go forth and lug it around the country and give presentations and whatever else it is you do. Begone."

In these days of economic recession, with cyber crime on the rise, it's more important than ever for IT leaders to make the most of their security budget.

Cloud computing is all about the data. The essential issues are who
owns it, who holds it and who has access to it?

Got a technology contract to cover your latest deal, like an acquisition, merger or commercial transaction? It may not protect your interests the way you think it does. Horribly written contracts for tech and telecom deals cross my desk every day--they're a lawsuit waiting to happen. When a lawyer writes a contract, he should be writing a document that tells a story about the deal, albeit with a tilt toward his client. Often, what I see isn't a tilt--it's illiteracy.

I’ve been reading a lot recently about organisations undertaking major IT modernisation projects; ie, replacing legacy systems. Modernising a legacy environment is technologically challenging, but also culturally difficult. The changing nature of IT has and will continue to have a dramatic psychological impact on the enterprise’s greatest historical asset — its people.
Most organisations have a wide variety of applications in their portfolios. A substantial number of legacy applications were built or acquired over many years or decades. The mix is likely to include applications licensed from software vendors, along with solutions that were custom-developed by internal staff or third parties. Somewhat reflecting the various types of applications, application professionals often cluster into five dominant personas.

We're reporting to you today from the Myers-Briggs psychobabble and associated party tricks department here at the digital life labs - a division we set up several years ago, to investigate the use of psychological profiling as a means of hacking into computers to read our personnel files.
It always seemed like a promising idea. According to the Myers-Briggs psychological profile theory, the world is populated by just 16 personality types, ranging from your shy, touchy-feely INFP (introvert, intuitive, feeling, perceptive) type, who usually ends up as a missionary or a school teacher, to your bolshie, some might say fascistic ESTJ (extrovert, sensate, thinking, judging) types, who usually end up in charge of something.

This so-called "telecommunications revolution" has made us all a little nervous. With the ever-present threat of "identity theft", combined with the twin threats of scam emails and the constant risk that we might accidentally be exposed to nudity whilst innocently visiting sites such as www.nudes'r'us.com, it's hard to know where one can safely turn nowadays.
Yet, despite these ongoing security threats, I've been feeling relaxed and comfortable about the telecommunications revolution lately, mainly because I recently received a revolutionary new mobile phone designed specifically to protect its owner against such threats, especially identity theft.

When companies decide to combine logical and physical security, one of the first challenges they face is finding a leader who has been exposed to both information security and physical security. Someone has to be put in place to create change. Who is this person? What is his skill set? Where can she be found? Does he or she actually exist?
I speak with both information security and physical security professionals every day, and when the conversation turns to who is best equipped to lead a converged security operation, I hear many opposing opinions. Usually, the opinion of the person to whom I'm speaking has a lot to do with his or her experience. Whose point of view is correct? I don't know for sure, but I can tell you about the conclusions reached by three companies that have recently contacted me for assistance in their search for a converged security leader. No opinions to share here, just facts.