Security Management Strategies for the CIOAccess "Marcus Ranum chat: Information security monitoring "
This article is part of the November 2011 issue of Effectively navigating the security risk assessment process
Marcus Ranum: Richard, thanks for taking the time to talk; it’s been a while and we’ve got a lot to catch up on! In the last couple of years we’ve seen a marketing push over advanced persistent threats (APT), a campaign attacking security companies, and the Aurora/Shady Rat attacks. I assume you’re still a fan of network security monitoring? It’s always seemed to me we,as a community, have been cutting costs in the wrong place. We need more monitoring, analysis and brainpower. Where do you see things going? Richard Bejtlich: It's been quite a ride the last few years, indeed. Overall, I think there’s a growing sense that becoming an intrusion victim is a possibility for lots of organizations, and a certainty for many depending on the sector and assets at stake. Enough of a variety of organizations have been compromised that many executives are asking, “Are we next? How would we know?” and similar tough questions. As a result, we're seeing increased interest in “Are we compromised?” assessments, rather than “Are we vulnerable?” assessments. It’s one thing to ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
PCI council developing point-to-point encryption certification program
by Robert Westervelt, News Director
PCI Security Standards Council plans to release a list of certified components in April.
-
VDI security supports active protection strategies
by Eric Ogren, Contributor
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.
-
PCI council developing point-to-point encryption certification program
by Robert Westervelt, News Director
-
-
Overcoming obstacles in the security risk assessment process
by Craig Shumard and Serge Beaulieu
An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.
-
Cybersecurity threats target lack of SMB security
by Amy Rogers Nazarov
Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.
-
Overcoming obstacles in the security risk assessment process
by Craig Shumard and Serge Beaulieu
-
Columns
-
Marcus Ranum chat: Information security monitoring
by Marcus J. Ranum, Contributor
Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.
-
The lack of computer security: We’re all responsible
by Elizabeth Martin
We all have an explanation for weak security, but everyone needs to do their part to improve it.
-
Time for discourse on China computer hacking
by Michael S. Mimoso, Editorial Director
China is being accused of hacking corporate, government and military networks in the U.S. for economic gain. Policy makers need to be versed in cybersecurity and figure out how to respond.
-
Marcus Ranum chat: Information security monitoring
by Marcus J. Ranum, Contributor
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...