Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Getting Ahead of the Security Poverty Line 8: Questions and Answers

Final part of Andy Ellis’ keynote at HITBSecConf 2012 is dedicated to answering questions from the event attendees, relating to the role of CSO in a company. Now I’m happy to take a question or two or five from the crowd, if anybody wants them. – Hi! My question is: often a big mistake that...

Getting Ahead of the Security Poverty Line 7: Increasing Security Value over Time

Andy Ellis elaborates here on the methods to prioritize security tasks within organizations and thus maintain high security value in the long-term perspective. As security professionals, we have a lot on our plates, we have a lot of things to do. How many people here juggle? If you try to learn to juggle,...

Getting Ahead of the Security Poverty Line 6: Third-Party Security Reviews

This section of the keynote sheds light on common mistakes made while evaluating vendor services, and outlines the most judicious approach to this activity. Another area we’ve recently been looking at is third-party security reviews. Everybody probably has this, certainly, in these days of outsourcing;...

Getting Ahead of the Security Poverty Line 5: Security Awareness Enhancement Practices

This part of the keynote is dedicated to optimization of security awareness training programs, and the common drawbacks of external audits for organizations. Let’s talk about a couple of other problems and things we’ve done to deal with them. Security awareness – anybody here involved in security...

Getting Ahead of the Security Poverty Line 4: Effecting Long-Term Change

Andy Ellis now makes emphasis on risk reduction in a long-term perspective, concurrently highlighting some scare techniques security vendors tend to leverage. Now let’s look at some ways that people act, and I’m going to include a couple of my anecdotes here. First one isn’t me. So, I went and took 3...

Getting Ahead of the Security Poverty Line 3: Perceived and Actual Risk

The subject matter Andy Ellis focuses on here is the so-called Set-Point Theory of Risk Tolerance addressing the concept of perceived and actual risk. The Peltzman Effect Why are things getting worse for the organizations? And this comes back to the Peltzman effect. Sam Peltzman is an economist at the...

Getting Ahead of the Security Poverty Line 2: Degrees of Security Value

In this entry, Akamai’s Andy Ellis dwells on the degrees of security assurance within organizations, and explains why adversaries succeed in their attacks. How much security value is ‘good enough’? We’d all love to have perfect security; we’re not going to be there though. This graph is...

Getting Ahead of the Security Poverty Line

Andy Ellis, the Chief Security Officer at Akamai Technologies, gives a keynote at ‘Hack in the Box Amsterdam’ event, providing an in-depth view of the concept of present-day information security, its goals and constituents. Let’s start off with defining the security poverty line; the security...

Secure Password Managers and Military-Grade Encryption on Smartphones 5: The Summary

Elcomsoft employee Dmitry Sklyarov draws conclusions based on the study he and his colleague Andrey Belenko conducted about password keepers for smartphones. Now I’m going to move on to summary and conclusions. We mentioned iOS passcode many times during this presentation, and it’s probably a really good...

Secure Password Managers and Military-Grade Encryption on Smartphones 4: Paid iOS Password Managers

Having shed light on the specificities of free password managers for iOS, Dmitry Sklyarov now focuses on the popular paid password apps for this platform. Now that we have reviewed free password applications, it’s actually fair to assume that paid apps should be better than free ones. They should...