Cisco Blogs


Cisco Blog > Security

Even Security Administrators Deserve a Break – Part 1 of 2

May 26, 2011 at 8:45 am PST

By now, most of us have heard Cisco executives utter the words, “Work is no longer a place you go, but what you do.” Now we’ve all heard hundreds of these snappy one-liners in our careers, written by some marketer for the sole purpose of making a particular presentation more memorable. And like you, I easily dismiss catchphrases soon after the completion of the presentation. But for me, this one is different – because it’s so true. In fact, looking back over just the past 10-15 years, I find it hard to believe how much technology has changed the way we all live and work.

Read More »

Security Schemes – Why Keep Them Public?

Should we or should we not keep our security protocols and algorithms public? The debate has been going on for quite some time. It might even have taken place in the Roman Empire when Caesar Cipher was used to encrypt Julius Caesar’s messages. It has been the norm for a long time for all new security methods to be published externally in order to receive academic and public scrutiny, in a way so that they prove themselves.

Read More »

Tags:

Adapting Levels of Assurance for the NSTIC

This is part of an ongoing series on the National Strategy for Trusted Identities in Cyberspace. The introduction to this series can be found here.

One of the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is to support a wide range of use cases. These might include everything from low-value purchases to making adjustments to critical infrastructure, like power systems, where someone might get hurt if an unauthorized action takes place.

Read More »

Tags: , , , ,

Think Before You Post – Beware of Social Networking Pitfalls

May 18, 2011 at 6:00 am PST

In this week’s Cyber Risk Report we briefly discussed the fact that millions of individuals are victims of their own carelessness by freely posting information such as vacation plans and family photos on social networks and by storing Personally Identifiable Information (PII), such as medical records and financial information, on mobile devices. Users are sometimes not properly educated when it comes to what types of information should be shared, and with whom they should be sharing this information. This lack of education and subsequent “overposting” of personal details is now trickling down to our youth, some of whom are under the legal age to even utilize some of these social network sites. Read More »

Tags: , , ,

EastWest Institute’s Second Worldwide Cybersecurity Summit

On June 1-2, I will be participating in the EastWest Institute’s (EWI) second Worldwide Cybersecurity Summit at the Queen Elizabeth II Conference Center in London, and I’m very excited about the prospects for this event.

EastWest Institute is a global, action-oriented, “think-and-do” tank founded in 1980. Its goals are to mobilize leading business and government leaders to address cross-border cybersecurity challenges; set new models for private-public-sector leadership in addressing high-priority security threats and vulnerabilities; and to make advances on the most pressing issues in global management of critical information infrastructure with breakthrough international collaboration.

I’m particularly energized about this year’s session, as I anticipate we will continue and expand upon the dialogue initiated at last year’s inaugural summit in Dallas. I’m proud to have participated in that event, along with other government, business, and civil society leaders from around the world who came together to collaborate on ways to assure the security of the world’s digital infrastructure.

Read More »

Tags: ,