Why SCADA Security Matters–And What You Should Know About It
My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article. SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage...
Read MoreBlast from the Past: Why Vendor Hype Benefits No One
The other day while starting work on a post about why hype is never a good marketing strategy when I remembered, “hey! I already wrote about this.” Since the information is still relevant today, we decided to make the piece available again. Many thanks to Carol Baroudi, Founder of Baroudi Group, Inc. for kind permission to reprint this document. Software and technology vendors,...
Read MoreCA to Acquire Arcot
Yesterday the news came out that CA is planning to acquire Arcot for about 200 Million. If you’ve read that it’s part of a CA IAM play, that’s correct, but it’s Strong AuthN and fraud prevention for IAM. Strong AuthN is something CA hasn’t really had before and the Arcot mobile solutions mean this can also be billed handily as a “cloud play.” For more,...
Read MorePAN Truncation and PCI DSS Compliance
Plenty has been written about the VISA tokenization best practices – but many have overlooked the truncation best practices. Ed and I covered truncation for SearchFinancialSecurity: In July, Visa Inc. got out ahead of the Payment Card Industry (PCI) Security Standards Council and issued its own best practices for tokenization and PAN truncation. While quite a lot of attention has been...
Read MoreSocial Engineering: Why Employees Are Your Security
Ed dives into social engineering in his E-Commerce News article this week: In the enterprise data security chain, human beings often prove to be the weakest link. Using social engineering tactics, thieves can frequently gain secret information about a company’s systems simply by asking. To prevent this, not only must employees be trained, but systems must be changed to reinforce the...
Read MoreDivide and ???
If you’re a PCI maven, you probably already know that today the PCI Security Standards Council (SSC) issued their summary changes to the current PCI-DSS and PA-DSS which will become v2.0 of both documents. Rob Westervelt interviewed me on the changes and pulled this quote for his article: My biggest fear is that we’re beginning to see a splintering of PCI with other documents being...
Read More“Rhumba the Lindstrom Way” – Our Run-in with Russian Security
Today Bill Brenner, Senior Editor at CSO Online, had a run-in with the Secret Service after taking some pictures of Marine One and enjoying his passion for history while down in DC to cover Metricon5. If you haven’t read his coverage of the incident he posted an opinion piece on CSO Online: What it’s Like to be Grilled by the Secret Service, and also a personal piece, How to Test Your...
Read MoreBuyer’s Guide to Web Application Firewalls
For eSecurity Planet this month, I put together a guide to the most important considerations when buying WAFs: Web Application Firewalls (WAFs) entered the IT security scene about 10 years ago with offerings from start-up companies Perfecto (renamed Sanctum before being acquired by WatchFire in 2004), KaVaDo (acquired by Protegrity in 2005), and NetContinuum (acquired by Barracuda in 2007). The...
Read MoreLog Management Program Planning Security School
SearchSecurity asked me to do a Log Management Program Planning Security School – and the results just got published. Many thanks to Jim McGovern for his time and insight in the Q&A interview! If you’re interested in log management, please take a look: Log Management: Six Tips for Success Log Management Strategies that Work – Video Application Event Log Management: The...
Read MoreFive Tips to Improve your Security Posture
From IT Computer World Canada Tip No. 3 Password hygiene “One of the big problems with organizations is that it is hard for them to understand what the real risk is related with making a particular choice, so then we get overly concerned about something because it appears scarier,” said Diana Kelley, partner at IT security consultancy SecurityCurve. “Be realistic about risk,” she said....
Read MoreFriday September 10, 2010
Diana Kelley's profile