Don’t be the Next Victim
Even as the latest breach headline fades away, we all know there is another waiting in the wings (read Part I of my blog). How can organizations protect themselves? There is no panacea for securing a payment environment, and implementing advanced technology alone will not make an organization compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS provides a solid foundation for a security strategy that covers payment and other types of data, but overall security does not begin and end with PCI compliance. Therefore, an organization’s security strategy should employ best practices and an architecture that will not only facilitate PCI compliance, but also help secure the cardholder environment, prevent identity theft, reliably protect brand image and assets, mitigate financial risk, and provide a secure foundation for new business services.
Read More »
Tags: Cisco, data breach, data loss, data loss credit card, design, pci, PCI Compliance, pci-dss
Security events, such as vulnerabilities and threats, that are detected globally continue to grow and evolve in scale, impact, diversity, and complexity. Compounded with this is the other side of the coin, the unreported or undetected events waiting in the wings, hovering below the radar in a stealthy state. With all of the security technologies at our disposal, are they sufficient enough to provide effective protection? Well, it is certainly a good start when applied correctly. At a summary level, Cisco’s Security Intelligence Operations (SIO) approach to this challenge was covered in the Network World feature article, “Inside Cisco Security Intelligence Operations.” However, one of the core human elements, which I will introduce, that deserves closer attention is the role of security analyst. In addition, this article provides those of you with career interests some additional insight into working in the IT security field.
Read More »
Tags: advisories, Cisco, cyber security, cybersecurity, exploits, intellishield, secure software, security, security management, vulnerability
Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids. However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser. In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…
With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us. So, how are these breaches continuing despite all of the efforts to secure customer data? In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.
Anatomy of a Data Breach:
It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today. It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult.
Read More »
Tags: compliance, credit card, data breach, data loss, malware, pci, security
In our weekly review call for the Cisco Cyber Risk Report for March 26-April 1, 2012 we discussed the incident of the JetBlue mid-air emergency incident. The incident has been widely reported, but a short summary is that the pilot was reportedly acting irrationally, which caused the co-pilot to lock him out of the cockpit and led to the crew and passengers having to subdue him until the aircraft could be landed and authorities removed the pilot. While the investigation of this incident continues, there have also been several of these types of incidents. A review of the incident raised several security questions with us over the incident response policies and procedures.
Read More »
Tags: incident response, physical security, security
During my 25-year career, I’ve been fortunate to work closely with some of the best and brightest, supporting government and enterprise customers around the world regardless of where I worked. These experiences have enabled me to meet with statesmen and CEOs, into open and closed-door meetings on “the Hill” and abroad, to serve as a member of the CSIS Commission on Cybersecurity, and participate on numerous think tanks, boards of directors, and advisory boards. I’ve worked and learned from leaders in private industry and global governments, the defense and intelligence communities, and I’ve always gotten after it with the goal of making a difference and producing positive results.
When Brad Boston asked for me to succeed him in leading the Cisco Global Government Solutions Group (GGSG) in addition to my role overseeing the Corporate Security Programs Organization (CSPO), I was humbled, honored, and excited. GGSG/CSPO is a great organization. Fortunately for Cisco, our customers, and me, Brad will remain nearby, focusing on our go-forward strategy for Satellite Solutions. This expanded role certainly ups the ante for me, yet it is not an altogether new one. As a member of GGSG senior staff since it was formed, and in my role leading Corporate Security during the past ten years, I’ve watched the organization grow and thrive.
In taking the helm, I will build on this team’s outstanding achievements in meeting the unique requirements of governments around the world. We’ll continue to address the challenges faced by global government agencies, defense and intelligence communities, and work to advise our public sector customers on the leading practices and technology solutions that can achieve and enhance their mission goals. In my ongoing role as Chief Security Officer, I’ll continue to oversee and work with my leadership team to drive initiatives focused on Information Security, Product Security and Government Security, with focus on crypto, advanced government services, and cybersecurity—in support of our customers.
My expanded leadership team and I recognize what a critical role we play for our global government customers. To all of you, rest assured, we will continue to strive to become your most-trustworthy vendor and a true partner—one that works hard to help enable your mission success, delivers on our commitments, and gives only our best.
Tags: Cisco, CSIS, CSO, CSPO, cybersecurity, GGSG, government, information security, John Stewart, security