Access "Eliminating black hat bargains"
This article is part of the November 2013 Vol. 15 / No. 9 issue of Virtualization security dynamics get old, changes ahead
When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker. In 2007, Hamilton started working with the U.S. Department of Homeland Security and the University of Washington on creating a system to gather global threat data to find compromises on the networks of the city's hospitals, emergency services and other critical infrastructure as quickly as possible. By denying attackers time to fully exploit any beachheads into his organizations' networks, Hamilton aims to make each attack more likely to fail and the overall campaign more costly. And, because of the city's connections with state and federal law enforcement, shutting down the attackers' infrastructure was also a possibility. (Editor's note: Hamilton moved on ... Access >>>
Premium Content for Free.
Virtualization security dynamics get old
by Chris Hoff
Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.
Eliminating black hat bargains
by Robert Lemos
Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.
- Virtualization security dynamics get old by Chris Hoff
Beyond the Page: Virtual security
by Christofer Hoff
In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.
Executive viewpoint: Mixed messages on software security
by Robert Richardson, Editorial Director
Software security ranks high among security executives' concerns but low in terms of time spent, according to an (ISC)2 CXO study.
- Beyond the Page: Virtual security by Christofer Hoff
Time for a closer look at software security
by Kathleen Richards, features editor
If software security keeps you up at night -- and it should -- you are in good company.
New measures for security metrics: Ranum Q&A with Jay Jacobs
by Marcus Ranum
Wading into the murky waters of security metrics? Jay Jacobs offers his take on data collection and incident reporting with the VERIS framework.
Break-even analysis: The highs and lows of risk and ROSI
by Pete Lindstrom, Contributor
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.
- Time for a closer look at software security by Kathleen Richards, features editor
More Premium Content Accessible For Free
Strategies for a successful data protection program
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
Devices, data and how enterprise mobile management reconciles the two
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
Putting security on auto-pilot: What works, what doesn't
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...