Cisco has had a long history of supporting the Forum of Incident Response Teams (FIRST), as members in the organization, as chairs of various programs, steering committee members, and conference organizers. Cisco has also been providing the network for the global conference for many years. This year I am chairing the conference that will be held in Vienna on June 12-17, 2011. To that end, I am asking for some good security presentations for this year’s conference. We already have some great submissions from Interpol, Kapersky ENISA, etc. As chair I would really like to differentiate the conference with presentations based on real-world cybercrime defense. As we look back we see how rapidly the environment has changed over the past 10 years, starting to bring focus on upcoming changes on the horizon with things like borderless networks, externalization of services, and cloud. And then, further, combine that with the increasing monetization and militarization of cyber threats. FIRST would like to take a close look at the protections and responses of the past, and whether they will be up to the challenge or part of the problem. I talk more about the theme and the conference in this short podcast.
If you have something you would like to share with the security community please read below and contact us using the Speakers Submission Form.
Read More »
Tags: CFP, CSIRT, FIRST, security, TRAC
BlueHat is Microsoft’s internal security conference, similar to our own SecCon. This year the conference was held Oct. 14-15, consisting of two full days of great content in a lecture theater environment. As part of their community outreach and Secure Development Lifecycle (SDL) collaboration I was invited to travel to Redmond for a few days to attend. The theme this year was Security Odyssey; I don’t know if you have seen the movie 2001, but there were references to HAL everywhere. BlueHat v10 Talks was a combination of internal and external sessions — with no NDA’s.
Though I spent much of my time in the speaker lounge, here are a few talks I had a chance to hear (with a little bit of Space Odyssey humor).
Read More »
When you access your email each day, do you do so at a distance of 15 paces because you’re just not sure what might jump out of that inbox? You can just about anticipate an email detailing how another user has caused a “blip” that will stretch your capabilities to protect both the user during their online engagements and the assets of the company? Or perhaps, there will be an email asking to set up a meeting of all-concerned to discuss how the employees in the sales department believe your information security policies are standing between them and their ability to do their job. Whose responsibility is it to keep the user engaged, informed, and compliant with company policy? Odds are, information technology leads will find their constituents asking how to accomplish something that wasn’t anticipated when the policies were created.
In a previous blog “When Your Employee Doesn’t Want to Come to the Office,” I shared my thoughts on the mobility aspects of the employee who wishes to work remotely. Today Cisco released part two of the Cisco Connected World Report and confirmed my hypothesis above: email inboxes are overflowing and IT departments are racing to catch up as the consumerization of the work place continues. Reading part two of the report, I was encouraged to see that more than 80 percent of IT department respondents noted they had an IT policy. What I found disheartening was the results from the end user, which detailed that ~24 percent of respondents didn’t know a policy existed, let alone where to find it. If that is the case, the escalation of policy collision isn’t going to occur.
Read More »
Tags: Cisco, Cisco Security, Connected World Report, Consumerization, IT Policy, security, Security Thought Leadership, social media, Social Network, Technology News
SecCon 2010 Banner
SecCon is Cisco’s internal security conference aimed at raising security awareness within the company’s development community. On Oct 4th – 7th we completed the third Cisco SecCon and it was a big success. At this year’s conference we had well over a thousand attendees, with representatives from almost every job function. Thank you to all the participants and speakers!
Read More »
Tags: CSDL, security
The last two years seem dominated by PDF vulnerabilities. As far as the specification and its various readers are concerned, there is likely more sour fruit yet to be uncovered; it’s simply too complex and full of dangerous “features.” But a few blogs have recently hinted that there may be a new vector emerging with surprising popularity. Brian Krebs suggests that exploit crimeware packages have begun reporting significant success rates with Java exploits; data collected by the Microsoft Malware Protection Center (MMPC) seems to agree. After taking a look at what Cisco ScanSafe had to share on the topic, it seems clear that the threat landscape appears to be shifting under our noses.
Read More »
Tags: java, ScanSafe, security