Essential

now browsing by tag

 
 

Why #trust is the #essential #currency of #cybersecurity

Cisco trust strategy officer Anthony Grieco spoke with TechRepublic’s Dan Patterson about how organizations can improve security by building trust.

Watch the video or read their conversation:

Patterson: Humans remain the intractable cybersecurity problem. They also represent a cybersecurity potential solution … I wonder if we could start with that premise, that trust is, and that humans are the challenge for cybersecurity and trust is one way to solve that problem.

Patterson: When a company, when an enterprise company engages with partners and other enterprise companies or even other SMB’s and start ups, cybersecurity can emerge as a big, big threat to intellectual property, to potential hacking and upstream challenges. How do you encourage organizations, or how can we build trust amongst partners and encourage communication and collaboration in ways that would tamp down on hacking and other cyber problems?

Grieco: Yeah, Dan it’s good to be back with you again. You know it’s a really critical set of conversations that we need to be having as an industry. This notion of the role that humans play and how companies need to be thinking about cybersecurity and the role that trust plays around their business is really critical. We see so many of those companies that have traditionally not been digital companies, are now becoming and using digital technologies in ways that are transforming their businesses.

Humans are a critical component to that. I spoke to a bank the other day and it’s a major bank, and they describe themselves in a few years they were going to be just a technology company with a bank logo on the outside of their building. So, this use of technology and digitalization is really transforming the business landscape and the use of and the building on the notion of trust that has been built in many of those brands for years, is a really critical component to where businesses need to go.

So we think about that and we think about the role that trust plays and we think about how digital businesses and those legacy businesses that are transforming, need to explicitly think about how security, data protection and privacy really play a foundational role in continuing to build that trust that businesses have built over the years.

Patterson: Trust is really a currency and it can accrue over time. Especially as businesses are undergoing what you describe which is digital transformation. So many companies now think of themselves as that, the bank that you described, a technology firm that happens to do their industry vertical.

What are some of the risks of trust building or after you’ve built trust, of eroding some of the trust equity that’s been built?

Grieco: Yeah, the currency analogy and the currency of trust is, I think is a really important thing for businesses to think about. Trust is liquid, it can come and go. It can be destroyed, it can be created in the context of your customers and how it is you’re thinking about these discussions. Ultimately trust must be backed by something as well. This is really foundationally what we see our customers really beginning to grapple with.

For many years in this notion of businesses have treated the digital technologies as implicitly trusted, and today more and more we see this notion of explicit trust. What we see, many times, and you talk about what the risks are around trust and the digital transformations, we see trust being destroyed when there’s not the clear notion of being transparent with the customers about expectations.

Ultimately we think this notion of explicitly giving customers artifacts and evidence and reasons why they should be trusted as a third party, as a provider, as a partner, really becomes foundational to the notion of building trust, continuing to build that currency.

Ultimately fulfilling the expectations of your customers. You know, when we think about that for us, we think about it quite a bit in making sure that we’re transparent with our customers about how we do security in our development processes. How we’ve built a culture around security data protection and privacy as it relates to the overall discussions with our company.

Ultimately we really tell our customers and encourage our customers to understand the behaviors and expectations of us as a business and look to provide evidence to build that trust. Without those things, we see customers beginning to worry. So the risks, from a business perspective are really transparent today. Today, there’s friction in this market space.

Customers are worried about this conversation, they’re worried about security, they’re worried about data protection, they’re worried about privacy. Being proactive, from a business perspective and being transparent about how you’ve built trust into what you’re producing and delivering from a digital perspective can give you an advantage from a business. Both to differentiate yourself and to remove that friction that’s existing in the market space today.

Obviously if you fail in these fundamental areas you risk destroying the trust that you’ve built. The destruction of that trust is not necessarily just tied to the digital world. It can be tied to that legacy of trust that you’ve built across your business for many years.

Patterson: I love the idea of exchanging of artifacts or doing the things that we do just as humans that accrue trust over time, but when enterprise companies have a real concern over exchanging of intellectual property or sharing protocols and procedures that may be inappropriate to share outside of the company, how do you exchange or in what ways have you seen a good examples of companies exchanging trust artifacts or behaving in a way that will accrue trust that other companies could learn from? Even if they have these types of sensitive protocols or data.

Grieco: Yeah I think there’s a tiered approach that we’ve taken and we’ve seen many take in the context of this conversation. First we think it’s really important to be broadly public about the overall approach to how your building explicit trust. For us, that’s talking about our secure development life cycle, or vulnerability disclosure policy.

All of those things are really broad and public facing and frankly meant to be consumed by all of our customers to help them understand the breath and depth of the things that we’re doing as a company. There’s next layers of things, more advanced customers may ask us more advanced questions and indeed, non-disclosure agreements and limited environments in which you display that information can be techniques that are used in many cases to help do these things.

In many cases we share for instance, testing results with our products, of how we’ve security tested our products. In limited environments with customers to help them build confidence in what it is we’re doing as a company to implement those practices that we’ve talked about in our secure development life cycle and many others.

In some limited instances it may even make sense to go even deeper, into a deeper relationship, a deeper partnership with those customers that are really looking at you as a critical provider of technology and capability to them, in order to get into really deep conversations about design and architecture and many of those sorts of things.

We look at it from a risk perspective every time we do this. We look at risk as it relates to ourselves, we look at risk as it relates to all of our customers. So when we think about those trade-offs that we make in the context of exposing that information, it is really critical that we understand not only the risk to us as a company but the risks and the secondary risks to everyone of our customers when we take on these activities.

I will say though, the trend in this conversation is one that is more towards public disclosure. More towards openness and more towards transparency in all aspects of these businesses because there’s such a hunger from the marketplace to really understand what’s going on in this space.

SEE: Hiring kit: IT audit director (Tech Pro Research)

Patterson: I’d love to go back to what you mentioned a moment ago, as well as that hunger for transparency. So when we see a consumer facing data leaks, like what happened with Facebook and Cambridge Analytica, there is this changing of, going from implicitly trusting everything to maybe I should pull back a little bit. Although that’s in the consumer space, have you seen a similar reaction in the enterprise or the B2B data space in terms of how customers think about data, data availability and changing the default motion of implicit trust true to, or implicit trust to trust building or actions that accrue trust equity over time?

Grieco: 100%. It’s begun well before any of the events that you described and it’s been led up to by high profile breeches that have been well documented that have really created the awareness to what businesses in particular need to be thinking about and beginning to explore when it comes to risks that they’re taking around trusting implicitly in the ICT space and the connected technology space.

So the trends and the sets of questions that we get from customers is really only accelerating when it comes to complexity and depth that we’re being interrogated at as a critical provider of technologies to customers.

Indeed, I think the awareness that is being raised by all of the high profile breeches and the behavior change that we see from our customers reflects the importance and awareness that we now see in the context of this discussion.

For so many years we’ve really though about cybersecurity as an awareness problem, I would tell you that I think this conversation that we’re having around trust and explicitly being trusted as an artifact of the fact that we’re no longer in the need to raise awareness to cybersecurity.

The awareness is there, the need and understanding from a customer, it can, increasingly from consumers but especially from businesses and enterprises, they all understand what they’re, what they need to be, … they all understand they need to be thinking about it.

What we see them struggling with the most today is how to effectively and efficiently address those concerns. That’s again, where the notion of being proactive in the context of explicit trust is important. Putting those pieces of artifacts of data that really give the evidence to build those confidence and capabilities with those entities.

Whether it’s about data as you mention, how it’s protected, how it’s gathered, how it’s used, all of those sorts of really critical fundamental ideas around data, and more importantly and increasingly the resilience of the capabilities that are there. Are they going to be when they’re under attack? Are they going to be there when you need them to be?

Those two key topics are ones that we find really actively being engaged by our customers and I do believe it is an outcropping and an outcome of many, many of the recent high profile breeches that we’ve seen. Not just in the past six months, but frankly building over the past five years.

advertisement:

The post Why #trust is the #essential #currency of #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why #developing an #internal #cybersecurity #culture is #essential for #organizations

Source: National Cyber Security News

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture.

Understanding the dynamics of cybersecurity culture
The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations.

This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of large European organisations. The report provides good practices, methodological tools and step-by-step guidance for those seeking to commence or enhance their organisation’s cybersecurity culture programme.

The idea behind the concept
Cybersecurity culture refers to the knowledge, beliefs, attitudes, norms and values of people regarding cybersecurity and how these manifest in interacting with information technologies. It reflects the understanding that the organisation’s actions are dependent on shared beliefs, values and actions of its employees, including their attitude towards cybersecurity.

While many organisations and employees are familiar with related concepts such as cybersecurity awareness and information security frameworks, cybersecurity culture covers a broader scope. The idea behind this concept is to make information security considerations an integral part of an employee’s daily life.

Read More….

advertisement:

View full post on National Cyber Security Ventures

It seems essential, in relationships……..

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It seems essential, in relationships and all tasks, that we concentrate only on what is most significant and important. Soren Kierkegaard The post It seems essential, in relationships…….. appeared first on Dating Scams 101. View full…

The post It seems essential, in relationships…….. appeared first on Become007.com.

View full post on Become007.com

It seems essential, in relationships and all tasks……

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It seems essential, in relationships and all tasks, that we concentrate only on what is most significant and important.   Soren Kierkegaard The post It seems essential, in relationships and all tasks…… appeared first on Dating…

The post It seems essential, in relationships and all tasks…… appeared first on Become007.com.

View full post on Become007.com

For True Cyber Security, Using A USB Firewall Is Essential

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans While trojans and email phishing still feature prominently in hacker toolkits, getting into a system IRL is one of the most effective … View full post on Become007.com

The Department of Homeland Security is essential to US cyber strategy

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security is essential to US cyber strategy

Last week, President-elect Donald Trump formally nominated former commander of United States Southern Command Gen. John F. Kelly to serve as secretary of the Department of Homeland Security (DHS). In his announcement, he cited Gen. Kelly’s “decades of military service

The post The Department of Homeland Security is essential to US cyber strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Risk-based approach essential to realistic, manageable IT security program

doten_988674

Source: National Cyber Security – Produced By Gregory Evans

Security and risk are often mentioned in the same breath, and while they can complement each other, taking a risk-based approach is essential to building a realistic and manageable IT security program that can scale from small to large organizations, Rick Doten, chief, cyber and information security, Crumpton Group, said at SC Congress Toronto 2016 […]

The post Risk-based approach essential to realistic, manageable IT security program appeared first on National Cyber Security.

View full post on National Cyber Security

Cyber security is an essential element of national security

Source: National Cyber Security – Produced By Gregory Evans

Deyana Kosdaninova, head of the Office of the President of the Republic of Bulgaria, in an interview with FOCUS News Agency on the Consultative Council for National Security (CCNS) FOCUS: What requires the convocation of Consultative Council for National Security on the topic of national policy for cyber security now? Deyana Kosdaninova: Bulgaria, like any other European country currently faces many challenges and many of them are interrelated. Increased migration pressure, though now surrounds our country, is a challenge by itself. We already held a CCNS meeting on this topic. All institutions joined forces, draw a plan and are already working on it. The migration flow creates prerequisites for an increased risk of terrorist attacks – the direction in which number of preventive measures were taken. One of the forms of terrorism is namely cyber attacks. Structures like the so-called Islamic State also use cyber attacks as part of their terrorist activities. Cyber attacks inflict much damage. There are many cases about which the public is not informed, but that does not mean they are not great danger. In recent months, cyber attacks have become a constant threat to the normal functioning of our daily life. At the end of […]

The post Cyber security is an essential element of national security appeared first on National Cyber Security.

View full post on National Cyber Security

Essential security apps for your phone or tabletNational Cyber Security

nationalcybersecurity.com – Hackers would love to weasel their way on to your smartphone or tablet, just like they try to do your computer. That’s how they steal sensitive information like account details, passwords, importan…

View full post on Hi-Tech Crime Solutions Weekly

Essential security apps for your phone or tablet

Essential security apps for your phone or tablet

Hackers would love to weasel their way on to your smartphone or tablet, just like they try to do your computer. That’s how they steal sensitive information like account details, passwords, important texts, intimate photos and whatever else possible. Unfortunately […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security