Now that we’re in the midst of October 2013’s Cyber Security Awareness Month, it’s a good time to think about the connections between security awareness and trust. This discussion centers on three questions:
- How do we trust our computers and devices?
- How do we trust our vendors?
- How do we trust the infrastructure?
We ask these questions mindful that information technology does not stand still and is probably accelerating. Forward progress, however, is unsustainable if we can’t trust the technologies we use. I don’t foresee any scenario where technology progress will come to a halt, but there are many ways it can fly off the rails if we’re not careful. This may sound dire, but I remain an optimist by nature and believe we can confidently move ahead if we take the time to think about security and trust and act on our conclusions. Cyber Security Awareness Month is a good opportunity to think about this, and I have more to say in the video blog post below:
Tags: Cyber Security Awareness Month, ncsam-2013, security awareness, trust
Many Cisco customers with an interest in product security are aware of our security advisories and other publications issued by our Product Security Incident Response Team (PSIRT). That awareness is probably more acute than usual following the recent Cisco IOS Software Security Advisory Bundled Publication on September 25. But many may not be aware of the reasoning behind why, when, and how Cisco airs its “dirty laundry.”
Our primary reason for disclosing vulnerabilities is to ensure customers are able to accurately assess, mitigate, and remediate the risk our vulnerabilities may pose to the security of their networks.
In order to deliver on that promise, Cisco has has made some fundamental and formative decisions that we’ve carried forward since our first security advisory in June 1995.
Read More »
Tags: advisories, Cisco Security, incident response, IOS, ncsam-2013, psirt, vulnerability
April first falls on a Tuesday next year. The following Tuesday is Microsoft’s monthly security update. It will be the last monthly security update for the Windows XP operating system. About one third of the computers with Windows operating systems on the Internet today are still running Windows XP, an operating system almost 15 years old. After the April 2014 update, issues with Windows XP will no longer be patched; Windows XP users should have already migrated to a more current Windows version. So with that we present, David Netterman’s Top Ten Security Related Reasons Why You Should Upgrade Your Computer’s Old Operating System:
Read More »
Tags: EoL, MAPP, ncsam-2013, security, update, Windows XP
Risk. It’s not just a strategic board game; in business it’s the analysis that determines the potential for loss.
In today’s organization, the consumerization of IT has led to groundbreaking developments in the mobility space. The broad deployment of BYOD, coupled with the availability of corporate data and applications, have challenged how we define security. And with recent news reports citing the rise of mobile hacking and network threats, the security of mobile technology and the data it carries seems to be at risk.
Fortunately, all is not lost.
Mobility gives employees and providers options for the workplace and creating a mobile experience that is efficient and innovative. It is also helping businesses save and make money. Today, employees in any place on any device can access any application across any network in any cloud. As a result, there are challenges associated with implementing a comprehensive BYOD policy that encompasses a proliferation of devices connecting to a network.
Even though mobility can cut costs and increase productivity, 60 percent of IT professionals recently surveyed believe mobile devices in 2013 present more of a risk to their organization than they did in 2012. And even with the growing concerns over mobile security, it still appears that only 60 percent of organizations require security technology for mobility plans. Why isn’t that number higher? After all Android Malware grew 2,577 percent in 2012 alone.
Read More »
Tags: byod, Cisco, Cisco Security, Cisco Security Intelligence Operations, Internet of Everything, IoE, malware, mobile, mobile malware, mobility, security
In the previous installment of the onePK series, you received a crash course on Cisco’s onePK. In this article, you’ll take the next step with a fun little exposé on onePK’s C API. You will learn how to write a simple program to reach out and connect to a network element. This is staple onePK functionality and is the foundation upon which most onePK applications are built.
The following short program “ophw” (onePK Hello World), is a fully functional onePK application that will connect to a network element, query its system description, and then disconnect. It doesn’t do anything beyond that, but it does highlight some lynchpin onePK code: network element connection and session handle instantiation. This is the foundational stuff every onePK application needs before useful work can get done. Read More »
Tags: Cisco, cisco ios, Cisco Security, cisco sio, IOS, ncsam-2013, network security, One Platform Kit, onePK, open source, secure software, security