The Whys and Wherefores of Innovation in the World of Cybersecurity

The Whys and Wherefores of Innovation in the World of Cybersecurity

April 2017 Volume 15 Issue 4 There’s No Going It Alone: Disrupting Major Cybercrime Rings Every Move You Make, I’ll Be Watching You Watching Me Watching You HSTS and New Trends for Secure Browsing Security Assurance of Docker Containers: Part 1 The Whys and Wherefores of Innovation in the World of Cybersecurity NEW TECHNOLOGIES IN SECURITY Table of Contents DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Feature 16 The Whys and Wherefores of Innovation in the World of Cybersecurity By Avani Desai Fifteen years ago the security market was much smaller with an eclectic mix of commercial and open source tools. Now we have a tidal wave of security vendors offering a staggering number of options. The author looks at the driving forces behind the vanguard in security and the new technologies that make up second-generation security solutions. Articles 20 There’s No Going It Alone: Disrupting Major 30 HSTS and New Trends for Secure Browsing Cybercrime Rings (a Case Study) By Marcelo Carvalho – ISSA member, Brasil Chapter By John Garris This article discusses insecure behavior between The identification and eventual disruption of a browsers and servers and potential risks associated sophisticated criminal enterprise, requiring on-the-fly with recent opt-in HTTP Strict Transport Security problem solving and groundbreaking international (HSTS) suggested by RFC 6797, heavily discussed collaboration, offers a model of how an international at recent security conferences such as OWASP cooperative effort can succeed. This article documents AppSec Europe, CNASI Brasil, InfoSecurity Europe, the efforts that ultimately brought down Rove Digital, an and OWASP APPSEC Latin America. It also briefly Estonian-based criminal operation that compromised describes new trends regarding web browsing security. millions of computers. 35 Security Assurance of Docker Containers: 26 Every Move You Make, I’ll Be Watching You Part 1 Watching Me Watching You By Stefan Winkel By Tanya Forsheit and Daniel Goldberg The Notary project, recently introduced in Docker, Smart TVs, like other Internet-connected devices, is built upon the assumption that the software come with their fair share of privacy and data security distribution pipeline can no longer be trusted. In risks. This article explores a few noteworthy recent this article, the Notary service will be explored with and high-profile developments that cast some doubt regards to an in-depth look at security testing of on the security of smart TVs and suggests that device Docker containers. manufacturers may not be sharing complete information about the data collected and used by those devices. Also in this Issue 3 From the President 4 [email protected] 5 Sabett’s Brief This Time, It Really Is a Game Changer 6 Herding Cats My Machine Learns 7 Gray Hat It’s the Technology, Stupid 8 Open Forum It Is Time for New Thinking and Different Approaches to Cybersecurity 9 Perspective: Women in Security SIG Security Technology Market, Predictions, and Future Cyber Focus ©2017 Information Systems Security Association, Inc. (ISSA) 10 Security in the News The ISSA Journal (1949-0550) is published monthly by 11 Howard A. Schmidt Tribute Information Systems Security Association 11130 Sunrise Valley Drive, Suite 350, Reston, Virginia 20191 14 Association News 703.234.4095 (Direct) • +1 703.437.4377 (National/International) 2 – ISSA Journal | April 2017 From the President Greetings ISSA Members International Board Officers Andrea Hoy, International President President Andrea C. Hoy, CISM, CISSP, MBA, Distinguished Fellow Vice President Justin White s we enter the second quarter of privacy, governance, Secretary/Director of Operations the year, we are seeing securi- and audit. We need Anne M. Rogers ty and privacy challenges from to identify better CISSP, Fellow Athreats and growing vulnerabilities, as means for protect- Treasurer/Chief Financial Officer predicted, blossoming like spring flow- ing data. In many Pamela Fusco ers. So how do we combat what is now places we are seeing Distinguished Fellow upon us. This month I am excited to see that data breach notification laws now Board of Directors emerging technologies being addressed. include the loss of data encryption keys. Debbie Christofferson, CISM, CISSP, As a CISO, I’ve found that watching What if through emerging technologies CIPP/IT, Distinguished Fellow Gartner’s “Hype Cycle of Emerging we could eliminate complex protection Mary Ann Davidson Technologies” gives business a competi- schemas or external encryption key Distinguished Fellow tive advantage and insight into projects, stores? I’ve already seen one product Rhonda Farrell, Fellow but to a CISO it is the ability to align or- that is addressing this, and I believe Geoff Harris, CISSP, ITPC, BSc, DipEE, ganizational strategic planning of where 2017 will see these emerging technolo- CEng, CLAS, Fellow our infosecurity program should be gies embraced by security. DJ McArthur, CISSP, HiTrust CCSFP, EnCE, GCIH, CEH, CPT aligned as to the technology businesses On a personal note, in this issue we Shawn Murray, C|CISO, CISSP, CRISC, are predicted to engage in the near fu- honor Howard Schmidt, a key ISSA FITSP-A, C|EI, Senior Member ture. leader and leading light in security. For Alex Wood, Senior Member We see how well our technology encryp- Howard, “making it better” was his sole Keyaan Williams, Fellow tion protocols have assisted those using agenda in the many security causes he Stefano Zanero, PhD, Fellow ransomware to encrypt and hold hos- championed—it was never about him, tage data. It’s now time for us to learn but always about bettering the security The Information Systems Security Asso- different ways to protect, detect, and re- landscape for all. He made our commu- ciation, Inc. (ISSA)® is a not-for-profit, cover from the unidentified threats that nity better. He made us better people. international organization of information security professionals and practitioners. It our current controls can’t combat. There I still remember our first meeting during provides educational forums, publications is so much dynamic collaboration and a SANS training in New Orleans, both of and peer interaction opportunities that en- information sharing that is expected in hance the knowledge, skill and professional us sitting on the floor talking about the growth of its members. business and our lives these days that we changing dynamics of rules on routers With active participation from individuals cannot just depend on our perimeter de- and firewalls. Even then, I could tell he and chapters all over the world, the ISSA fenses. Application wrappers are trend- was a true thought leader. I will miss our is the largest international, not-for-profit ing as we see more services delivered in association specifically for security pro- thought-provoking conversations on fessionals. Members include practitioners the cloud. Our ISSA Journal has looked any and all topics. And at RSA he would at all levels of the security field in a broad at mobile, BYOD, IoT; we know that new always ask to “save a dance for him” at range of industries, such as communica- approaches are critical to data protec- tions, education, healthcare, manufactur- the end of the day to relieve the stress ing, financial, and government. tion and privacy. of continuous learning and network- The ISSA International Board consists of Emerging technology that looks at the ing. He never stopped loving his family some of the most influential people in the security industry. With an internation- DNA of our systems, determining our while still finding time for giving to his al communications network developed normal baseline, identifies anomalies ISSA family. He will be greatly missed. throughout the industry, the ISSA is fo- that may be potential viruses or bacte- cused on maintaining its position as the At the end of one’s life, it is neither pos- preeminent trusted global information se- ria trying to harm us; artificial intelli- sessions, nor accolades, nor “things” curity community. gence monitoring our systems needs that matter. It is about the lives you The primary goal of the ISSA is to promote to be what our new security controls have touched. Howard not only touched management practices that will ensure the provide to protect us. The thought of confidentiality, integrity and availability of many lives; he enriched those lives in information resources. The ISSA facilitates self-protecting data is an idea whose a way that few have, and in a way that interaction and education to create a more time has come. New security solutions inspires us all to be successful environment for global informa- still must help us meet compliance is- tion systems security and for the profes- more like him. sionals involved. sues, reaching down to the data level for protection of our clients’ and employees’ April 2017 | ISSA Journal – 3 [email protected] New Technologies in Security Thom Barrie – Editor, the ISSA Journal Editor: Thom Barrie [email protected] Advertising: [email protected] first got to ed by phone while he was racing to an 866 349 5818 +1 206 388 4584 know How- airport or some other such destination, ard Schmidt other times Skyping from Europe and Editorial Advisory Board Ishortly after I once, I believe, from Singapore or on his Richard Abbott came on board way there. I once actually did catch him James Adamson at the Journal. at home, but only that one time; he was Phillip Griffin, Fellow Dave Cullinane always on the move. Michael Grimaila, Fellow was finishing up During one of our final talks Howard Yvette Johnson his term as president and Howard was intimated that he was on the short list John Jordan, Senior Member about to begin his second tenure leading to go to the White House. Sometime the the association. following month or so Kevin Richards, Mollie Krehnke, Fellow As you’ll see in the tribute section, How- ISSA Vice President, stepped up to take Joe Malec, Fellow ard was gracious, affable, and friendly in the vacated spot as Howard headed off Donn Parker, Distinguished Fellow addition to the range of attributes folks to be President Obama’s White House Jean Pawluk, Distinguished Fellow describe.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    48 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us