Facebook membership recently passed 500 million, prompting some to observe that if the social networking site were a country, it would now be the third most populous in the world after China and India. Certainly, the explosive growth of social media communities like Facebook, Twitter, and YouTube, and the part they are coming to play in politics and global business, has made government officials and business executives sit up and take note. Within the space of a few short years, social media and the Internet—in tandem with globalization and the birth of a new middle class—have emerged as forces challenging traditional assumptions of physical borders, individual rights, and cultural identity.
The networks and friendships created online may prove stronger than traditional national boundaries. They may erode political power in one place and create it overnight in another. Governments can embrace or guide social media, discourage or try to shut it down, or use it as a barometer of public opinion. What they cannot do is ignore it.
Read More »
What is the state of information security today? Where do organizations stand in comparison to the attackers who are determined to compromise their information resources? What methods are working to protect information assets, and what trends should influence future security purchasing or deployment decisions?
These kinds of questions and more are addressed in the periodic security reports released by security companies on a regular basis. Cisco of course released its 2010 Midyear Security Report recently, and we have also seen the Verizon Business Security 2010 Data Breach Investigation Report and the McAfee Security Journal Summer 2010 issue, and many others. From reading these three reports, in particular, I picked out some similarities about the goings-on in the industry and what the next few years might hold.
Unfortunately, it appears that we will still have to deal with raising awareness about what is appropriate to send to the landfill.
Read More »
In this blog post you will learn about entropy within the domain of information theory. You will learn what entropy is and how to compute it. You will be shown some simple C code snippets to bring theory into application. Also, you will be shown why it is an important measurement in the field of computer security. Finally, we will cover some practical applications of entropy calculation and analysis.
Read More »
Hundreds of security professionals and system administrators attended Black Hat USA 2010 in Las Vegas. Black Hat conferences always attract thought leaders from all facets of the information security world, including corporate and government sectors, as well a large group of researchers. The following are a few highlights of the presentations delivered during the Black Hat USA 2010 briefings.
Read More »
How do you build good, secure development practices into the DNA of a company with over 40 different business units, an incredibly diverse set of product lines, and employees distributed around the globe? One of the things you need is a virtual community of sharp, knowledgeable people who understand network security and secure product development (and testing), and who can share and evangelize that knowledge with their peers, their colleagues, and their management.
That virtual community is a reality at Cisco. Today, the Security Advocates program numbers over 100 members from 40 different business units, representing diverse product lines ranging from small SOHO devices to core routers and switches to SaaS applications. Testers, tech leads, developers, and architects learn together, share their knowledge and expertise with one another and with their business unit colleagues, and provide valuable feedback to centralized security teams. In a decentralized environment like Cisco, this is an incredible boost to the time-to-adoption of new secure development tools and processes.
Security doesn’t “just happen.” It takes dedicated voices to get and keep development teams focused on producing more secure products, especially when resources are focused on other, often more marketable customer requirements. Product teams inside Cisco show their commitment to security by designating a security advocate for their business unit. Bringing that message inside the development teams literally brings the information “inside,” with insider credibility from someone who understands the peculiarities, design features, history and market segment for a particular product — a major win when working with widely divergent products, markets and business realities.
Read More »