Access your Pro+ Content below.
Eliminating black hat bargains
This article is part of the November 2013 Vol. 15 / No. 9 issue of Information Security magazine
When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker. In 2007, Hamilton started working with the U.S. Department of Homeland Security and the University of Washington on creating a system to gather global threat data to find compromises on the networks of the city's hospitals, emergency services and other critical infrastructure as quickly as possible. By denying attackers time to fully exploit any beachheads into his organizations' networks, Hamilton aims to make each attack more likely to fail and the overall campaign more costly. And, because of the city's connections with state and federal law enforcement, shutting down the attackers' infrastructure was also a possibility. (...
Access this Pro+ Content for Free!
Features in this issue
Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.
In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.
Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.
Software security ranks high among security executives' concerns but low in terms of time spent, according to an (ISC)2 CXO study.
Columns in this issue
If software security keeps you up at night -- and it should -- you are in good company.
Wading into the murky waters of security metrics? Jay Jacobs offers his take on data collection and incident reporting with the VERIS framework.
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.