247 posts categorized "Technology and Society" Feed

Beware the Lizard (by Paul W. Smith)

Geico Lizard with Brain

 "I’ve experienced many terrible things in my life, a few of which actually happened."

– Mark Twain

A man driving his luxury car late at night becomes lost and slowly realizes that he is in a very bad part of town.  When his car breaks down, the tension mounts.  He is approached by a group of gang members, one of whom is brandishing a handgun.  The tow truck he has called arrives, but as its driver confronts the gunman, the outcome is unclear. 

This is the opening scene from the 1991 film “Grand Canyon.”  It sticks in my mind more than a quarter century later because of the artful way it resonates with the wide-ranging fears that engulf us.  Some of those cause the all-too-familiar knot in the stomach, while others we hardly notice.

If you’ve ever wondered why you’re afraid of so many things, don’t panic.  We are all hard-wired for fear courtesy of a small portion of the brain known as the amygdala.  Scientists blame this chunk of grey-matter for emotional responses like fear, anxiety and aggression.  If you are a caveman who fears a rustle in the bushes that could be a sabretooth tiger, this is a good thing.  When you are an office worker afraid to open an urgent email from your boss, not so much.

Continue reading "Beware the Lizard (by Paul W. Smith)" »

Network Security Countermeasures and Solutions -"Things You Must Do, First" (by Andrew A. Vladimirov)

Before even planning, not to mention budgeting and starting to implement any countermeasures, it is necessary to have a clear picture of what do we actually defend against, as well as what is it that we are defending. Unfortunately, in over 15 years of my experience in information security this is rarely the case. More often than not, decisions on security safeguards depend on anything (ranging from vendor relationships and discount offers to aggressive security solutions marketing and relevant media hype of the year) but the actual risks faced and attacker strategies employed.

So, a question of “how effective/modern/popular the proposed safeguard (whatever it might be) is?” is blatantly wrong (and yet remains a very common question from the IT side).

There must be, of course, an implemented security baseline (including, at least, strong password policy enforced, antimalware on all Windows and MacOS hosts, SPAM filter, stateful or proxy perimetre firewall, reasonable network separation rather one nightmarish flat network with everything on VLAN1 still seen in numerous SME’s, some user security awareness training, and hard drive encryption on mobile hosts taken off site including BYOD). However, everything else is subject to discussion. 

The question “does it address the real risks we face according to their criticality” is the right one, but it requires approaching information security as a form of risk management it is, which is often not the case. So, it's a question of overall strategy, then tactics, and not “which particular gun is more powerful/we fancy more”. I’m deliberately using military analogies here as 8 years ago we did a book that approaches information security through a military strategy framework, the second edition came 4 years ago, and despite all technical change it is as relevant now as it was then.


Continue reading "Network Security Countermeasures and Solutions -"Things You Must Do, First" (by Andrew A. Vladimirov)" »

Startup Dreams (by Paul W. Smith)

Straight Talk for Startups-Small
 Book Review:  Straight Talk for Startups by Randy Komisar and Jantoon Reigersman

 I confess that I play air guitar in the shower and I fantasize about hitting the winning basket at the buzzer.  I suspect that I am not the only one who does this.  For most of us, such dreams leading to wealth and fame fade with the awareness of our meager guitar or basketball skills. 

The one dream that cannot be so easily dismissed is that of the entrepreneur; we all secretly believe that we can conjure the “Big Idea”, raise a pile of money, and ride the wave to Lamborghini-ville.  Straight Talk for Startups by Randy Komisar and Jantoon Reigersman will improve the odds.

The book is both reality check and detailed manual.  While the exhaustive machinations of startup finance can be overwhelming for the casual reader, both novice and seasoned entrepreneurs will find a thorough and practical guide for circumnavigating the many threats that a new business will encounter.  The cover promotes “100 Insider Rules for Beating the Odds…”, while the dedication celebrates the rule-breakers who “make this world a better and more interesting place.”  The resolution of this apparent contradiction?  You have to know the rules before deciding which ones you can afford to break.  Think of them more as “prime directives.”  Bend and break them if you must, but never forget them.

The 100 rules span the 5 main sections of the book.   Here are a few key thoughts.

Continue reading "Startup Dreams (by Paul W. Smith)" »

Mapping Network Security Resilience To The NIST Cybersecurity Framework (by Keith Bromley)

Mapping Network Security Resilience To The NIST Cybersecurity Framework!

On May 11, 2017 President Trump issued his Presidential Executive Order 13800. As part of this executive order, all government agency heads will be held accountable for implementing solutions and managing the risks associated with threats to our nation’s cybersecurity and thus must take immediate action to review cybersecurity protocols in order to upgrade each department’s IT infrastructure. Furthermore, the executive order mandates the use of the NIST Framework for Improving Critical Infrastructure Cybersecurity within government agencies.

The NIST Framework for Improving Critical Infrastructure Cybersecurity provides a common language for understanding, managing, and expressing cybersecurity risk. This framework is built upon concepts to organize information, enable risk management decisions, address threats, and improve through lessons learned.

The foundation to these concepts are aligned within five core functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

A new whitepaper from Ixia (a Keysight Business) called Deploying a Layered Visibility and Cybersecurity Architecture provides an overview of how to combine a visibility architecture with a security architecture to address the NIST architecture. The following excerpt provides a short of overview of how to accomplish this. A full discussion on the subject is contained within the whitepaper.

Review the foundation concepts - Framework-01

Continue reading "Mapping Network Security Resilience To The NIST Cybersecurity Framework (by Keith Bromley)" »

Mysteries (by Paul W. Smith)

Black Box with question mark

Mysteries abound where most we seek for answers.” – Ray Bradbury

There are good mysteries and bad mysteries.  If you are relaxing next to the pool with a best-selling mystery novel, that’s good.  If your doctor is baffled by your “mysterious” symptoms, that’s bad.    Puzzling mysteries can be challenging, frustrating, or even concerning.  Since the beginning of time, mankind has been intrigued by mysteries.  All the while, science has relentlessly pursued explanations, the purpose of which is to eliminate mysteries. 

Magic - the kind that’s performed by a magician - trades on our fascination with mysterious things – pulling a rabbit out of a hat or sawing an assistant in half.  One of my personal favorites is the up-close, sleight-of-hand magic that relies on technique and distraction.   In many cases, I know what the magician must have done, but he does it so well that it still has a pleasantly mysterious feel to it. 

Science fiction literature, another personal favorite, often creates mystery by flirting with the boundary between plausible fantasy and reality.  Prolific science fiction writer and futurist Arthur C. Clarke is known for his Third Law, which says that “Any technology sufficiently advanced is indistinguishable from magic.”  Sir Arthur passed away in 2008, but his Third Law has never been more relevant.

Continue reading "Mysteries (by Paul W. Smith)" »