Editor’s Note: This is the final installment of a four-part series featuring an in-depth overview of InfoSec’s (Information Security) Unified Security Metrics Program (USM). In this blog entry, we discuss some of the lessons learned during the program’s first year.
Winter weather in the North Atlantic Ocean can be precarious at best. Anyone recall the ill-fated journey of the RMS Titanic? Icebergs pose significant risk because only 10 percent can be seen above the surface, while more than 90 percent remain hidden below. Similarly, metrics and numbers on a chart represent only the tip of an iceberg. Rich, meaningful, and actionable data exists below the surface and, when leveraged successfully, can drive great results and outcomes. During the past year, the USM program has embarked on some new, uncharted waters. The journey hasn’t always been easy, but we’ve learned some valuable lessons along the way.
Read More »
Tags: infosec, Partner Security Architects, security, Security Knowledge Empowerment, Service Security Primes, SKE, unified security metrics program, usm
At the recent RSA Conference, I heard an MIT professor quip, “is it safe to keep passwords written on a piece of paper in your wallet?” Kidding aside, most of the mid-market customers I interacted with at RSA—in retail, healthcare, and manufacturing—understood the point. They all had similar security requirements. It was common to hear “we want a security solution that protects our customers, employees, and businesses. Something that’s simple, easy to use, and will protect our intellectual property.”
That’s often easier said than done. Your mid-market company’s security isn’t simply a matter of choosing the right solution. The experience of your IT staff and the way they set your security strategy also has an impact, as we’ve discussed in #ciscomidsize.
Read More »
Tags: #ciscomidsize, #madeformidmarket, midmarket, Mighty Middle, security
The recent OpenSSL Heartbleed vulnerability has shown that technology leaders must work together to secure the Internet’s critical infrastructure. That’s why Cisco is proud to be a founding supporter of the Linux Foundation initiative announced yesterday (April 24th).
The initiative will fund open source projects that are critical to core computing and Internet functions, and Cisco sees security technologies as a fundamental infrastructure component. The first project being considered for funding is OpenSSL. As a longtime contributor to open source and user, we’ve offered code and intellectual property to enhance OpenSSL. We’ve also provided patches and testing results to help address vulnerabilities. Today’s announcement takes that commitment a step further.
We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.
For more Cisco-specific information on the Heartbleed vulnerability, please visit our event response page and Security Advisory. You may also be interested in our April 23 webinar titled, Heartbleed: Assessing and Mitigating Your Risk.
Tags: Cisco, Heartbleed, Linux, open source, OpenSSL, psirt, security
Mobile security is a top concern for IT and business leaders. This guest authored blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies to achieve mobility goals. We are pleased to introduce our guest author Darryl Wilson, Director, Enterprise Mobility for Dimension Data Americas, as the first in this series – Darryl will address how a balanced approach to security can yield better business results.
By Guest Contributor Darryl Wilson
Director, Enterprise Mobility for Dimension Data Americas
Darryl Wilson has more than 15 years of experience overseeing large scale network communications projects both from a technical delivery and pre-sales perspective. Wilson’s areas of expertise include unified communications, network performance, troubleshooting and optimization.
The evolution to a mobile-centric workforce has been relatively short, thanks to an explosion of innovation and emerging mobile and cloud technologies. Just a few years ago, BYOD was a hot topic of conversation and mobile device management (MDM) solutions offered a simple way to secure an influx of devices and users.
However, today we are seeing that the tactical implementation of MDM solutions is not enough to control a multi-device, multi-vendor, and multi-OS mobility landscape. In fact, most of the companies I work with are using solutions that have not been optimized or customized for today’s ever-changing mobile world. In addition, security concerns have left many organizations feeling like they need to choose between control and truly reaping the business value mobility offers.
For example, in a recent Dimension Data Secure Mobility Survey Report, 79% say mobility is a top priority for their organization. However, the report indicates that a much smaller segment of those IT leaders’ actions back it up. Seventy-seven percent of those surveyed believe data is the greatest concern pertaining to mobility, yet only 55% have a mobility roadmap in place. If securing company data and successfully implementing a mobile policy is of such importance, why aren’t more IT leaders taking strategic action?
Read More »
Tags: Cisco, Cisco Partners, Cisco Security, dimension data, mobile security, mobility, security
When sizing clusters for devices in our Identity Services Engine (ISE) deployment, Cisco IT uses a “3+1” formula: For every person we assume three devices (laptop, smartphone, and a tablet) plus one device in the background (security camera, printer, network access device, etc.). In a company the size of Cisco, with roughly 80,000 employees, the math is simple: Read More »
Tags: capacity management, Cisco IT, coc-security, Identity Services Engine, IoE, ISE, security