Archive for the ‘data security’ Category

h1

@CyberSec_EXPO call for speakers deadline 7th April

March 28, 2014

By Rosalind Carr, @Rosalind_at_O

 

IP-EXPO-EuropeCyber-Security-Expologo

 

In its first year, Cyber Security EXPO, part of IP EXPO Europe 2014, is in search of senior information security and technology experts to present at this targeted information security event. According to the event’s Content Director Mike England, “Cyber Security EXPO will delve into the issues set to disrupt the status quo in cyber security thinking with a view to providing visitors with a real understanding of the challenges that are impacting on their organisations.”

Taking place from 8th – 9th October 2014 at ExCeL London, Cyber Security EXPO will incorporate a dedicated CISO conference plus education theatres and a significant exhibition. It will examine major themes, including:

  • Internet & Network Security
  • Fighting Cyber-Crime
  • Log Data & Advanced Analytics
  • Identity & Privacy Protection
  • Cloud Security & Governance
  • Mobile Device Management

Read the rest of this entry ?

Advertisements
h1

Up close and personal Q and A with infosecurity Security Watch blogger @BrianHonan, a diamond from the Emerald Isle

January 18, 2012

By Rose Ross (@Rose_at_0)

As 2012 dawns, we have had the pleasure of getting an audience with renowned infosecurity blogger, Brian Honan. Keep an eye out for his blog SecurityWatch www.bhconsulting.ie/securitywatch if you aren’t already a fan.

Q.  Tell us a bit about yourself:

I am an independent information security consultant based out of Dublin Ireland.  When not providing services to my clients I enjoy writing articles for various magazines, blogging to my own site and now to Infosecurity Magazine Blogs, editing the SANS NewsBites and writing the occasional books are one way that I can articulate some of my ideas and reach a wider audience.  I believe that a key element in our battle against criminals is sharing knowledge and information.  I don’t pretend to know all the answers but if some of what I write makes people think differently, discuss an issue in more detail or look at an issue in a different way, then it is worth the time and effort put into the piece.  I have also published and contributed to numerous whitepapers on information security and also speak regularly at various conferences and seminars.  I also founded and run Ireland’s Computer Emergency Response Team, IRISSCERT www.iriss.ie.

Q. Tell us a little bit about the blogs you write for and their interest in data security.

My own blog, SecurityWatch www.bhconsulting.ie/securitywatch, is where I do a lot of my posting.  Although, of late my rate of posting has dropped off.  Likewise I used to regularly blog to the Infosecurity Magazine blog http://www.infosecurity-magazine.com/blog/ but have not done so in a while.  One of my resolutions this year is to address this deficit and update both blogs more regularly.   SecurityWatch is my own company’s blog so I use it to make people aware of some of the work we do, new industry initiatives, upcoming security events and also post some of my musings on information security.  Infosecurity Magazine is one of the industry’s leading publications on information security and I tend to post more strategic or information security management issues.

Q. What’s hot in IT security this year?

I always worry when people focus on what is hot in IT security.  My concern is that if we look at what is hot we tend to overlook the basics which in turn can lead to system compromises.  However, providing organisations continue to take a risk based approach and address the basic disciplines in information security then the areas I see being hot this year are the consumerisation of IT, cloud computing, hacktivism and security awareness.  Consumerisation of IT covers not just allowing employees to use their smartphones, tablets or personal PCs to work on but also personal services such as personal email accounts, file sharing solutions, online collaboration tools and social networks.  Given the ease of use with these devices and services and also how tech savvy many people are today, those responsible for security can no longer simply ignore this issue and need to see how best to integrate into their work place and manage the associated risks.  Cloud computing will continue apace this year and as more and more business people see the benefits that the cloud can bring, IT security needs to grasp this nettle and ensure cloud is embraced into their organisations in a secure manner or they will be simply bypassed by the business.  Remember you do not need to be technical anymore to deploy and use many cloud services.  You simply need a credit card and a mouse.  Anonymous and other groups such as Lulzsec have focused the spotlight in 2011 onto hactivism with many major organisations hitting the headlines as a result, for all the wrong reasons.  However, while hacktivism is nothing new the increasing media exposure to the likes of Anonymous is encouraging many others to come forward and use the Internet as a means to demonstrate their displeasure at the way companies, individuals or governments are behaving.  So I see an increase in these type of attacks this year and already we are seeing an example of this with the tit for tat exchanges that are currently happening between activists in Israel and Saudi Arabia.  In order to help minimise the risk of the above topics and to address the traditional and on-going threats we face I see many organisations looking at how to better educate their users to be more aware of information security risks and how to deal with them.

Q. How many security events do you attend each year?

I try and attend as many as I can, work permitting.  Being based in Ireland means that for many major events I have to travel so I have to be rather choosy on which ones I go to.  I always make sure that each year I get to attend both Infosec Europe and RSA Europe.  I find these are great events to get to meet others in the industry and to keep up to date with what is going on.  Last year I attended and spoke at BsidesLondon and found it to be an excellent event and hope to attend again this year.  I also run the Irish CERT’s Annual Cybercrime conference in November and it is fast becoming one of the top security events in Ireland.  I also look to attend local chapter events for organisations such as ISSA, ISACA and OWASP.  These events are excellent in allowing people to network with their peers in the local area and to discuss issues of common interest.  If you cannot get to attend any of the major events I would strongly recommend people look towards their local ISSA, ISACA and OWASP chapters for their events.

Q. Which one are you most looking forward to?

I look forward to Infosec Europe and RSA Europe a lot as I get to meet friends and peers that I may not see as regularly as I wish.  It is often a chance to meet with new people or to come across a new product idea or interesting speaker.  While it requires a lot of work, the Irish CERT Cybercrime conference is also a favourite as it is an opportunity for us to invite great speakers to address an Irish audience and for those attending to network with each other.

Q. What types of stories or companies are likely to attract your attention this year?

Those that look at addressing the basic issues in IT security and look to engage with the community on dealing with those issues.  This approach though is not attractive to many in marketing as it requires investing time and resources in building up relationships and  can be a long slow burn to achieve any direct results.  But from the organisations I have seen take this approach the dividends gained can be quite large.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is the best contact, brian.honan(at)bhconsulting(dot)ie or via Twitter @brianhonan.

Q. Who is worth listening to (about IT security) and what’s your favourite blog?

Those that are engaged in the trenches in dealing with IT security issues and tend not to put a marketing or sales spin onto the topic.  A good list of people on Twitter to follow is Tripwire’s Top 25 Influential People to Follow on Twitter http://www.tripwire.com/state-of-security/it-security-data-protection/top-25-influencers-in-security-you-should-be-following/

Q. What is your favourite piece of technology?

The Internet, I know it is composed of many different technologies but when you think about how it has changed our lives, both personal and business, it is amazing.

Q. What do you think is the most important development in IT security to date?

I think one of the most important developments in IT security to date is the information sharing forums or groups that have been set up to help organisations, both private and public, to share information and intelligence on criminal activities and devise strategies on how to address them.  While technology will help us tackle some of these threats, it is humans at the end of the day who are actually posing the threats and it will be humans working for the common good that ultimately can best address those threats.   So the setting up and running of the first CERT, CERT/CC www.cert.org, was a major forwarding initiative and one that is still paying dividends today.

Q. What is the best piece of advice for companies pitching stories?

Avoid the FUD (Fear Uncertainty and Doubt) approach, the sky is not going to fall if someone does not use your product/service.  Yes do highlight the issue but address it in a pragmatic way.  Also don’t brand your solution to solve the latest security buzzword or that your product could have prevented the latest headline security breach.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I love social media as it provides me with the opportunity to keep in touch with friends and peers and access the thoughts of some of the best minds in the industry. While I have a profile on Facebook I am not as active there as I very wary about the way Facebook deals with the privacy of its users.  I am very active on Twitter (@brianhonan) and LinkedIn (http://www.linkedin.com/in/brianhonan).

Copyright ©Launchpad Europe 2012. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2Infosecurity.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.

h1

Cloudcamp London – Goes Big Data with some Infosec twists for one night only!

January 16, 2012

By Rose Ross, AKA @Rose_at_0

 

I’ve just blogged about the upcoming CloudCamp London on Big Data for www.countdown2storageexpo.com but wanted to shout out one of the lightning talks which will make this event of interest to the Infosecurity world too! Full post here: http://countdown2storageexpo.wordpress.com/2012/01/16/cloudcamp-london-goes-big-data-for-one-night-only/

 

Chris Swan from UBS will be giving a lightning talk on “Security Information and Event Management – a big data problem. A look at how big data tools are being used for security monitoring”.

 

I have chatted with and listened to Chris before at Cloudcamps in the past and he’ll no doubt have some Infosec pearls of wisdom on Big Data to share. If Big Data is starting to appear on your Infosec radar it is definitely worth getting yourself down to the Crypt on the evening of 25th Jan. And as always to round off the evening beer and pizza. A perfect Cloudcamp evening for sure! See you there!

More at http://www.cloudcamp.org/london

h1

Q and A with a very likeable and ethical hacker: Steve Mansfield-Devine AKA @contrarisk – Editor of Network Security and Computer Fraud & Security

December 21, 2011

By Rose Ross, @Rose_at_O

Well infosec PR peeps, Christmas certainly has come early this year. If you need a code to crack or a lock to pick. Who ya gonna call? Steve Mansfield-Devine of course….

Q. Tell us a bit about yourself:
I’ve been a journalist for 30 years, freelance for most of that time. I’ve covered all kinds of subjects, from gaming in Nevada to life in the US Marines. I’m a private pilot and so have written for flying magazines. And I do some work in the defence sector. But overwhelmingly my beat has been technology. I started to specialise in infosecurity a few years ago and became editor of Network Security and Computer Fraud & Security about 18 months ago. This year I became a Certified Ethical Hacker (CEH).

Q. Tell us a little bit about the titles you write for and their interest in data security.

Network Security and Computer Fraud & Security are monthly, subscription-only journals aimed at infosec professionals and institutions. They focus mostly on technical issues, although we do cover infosecurity strategies and policies. We assume a high level of knowledge on the part of our readers and run in-depth features, typically starting at 2,000 words and often running as long as 6,000.

Q. What’s hot in IT security this year?

People can’t seem to stop talking about comsumerisation, which is clearly an issue. And the cloud is making a lot of people very obsessive – to an exaggerated degree, I think. There’s been a lot of talk about ‘hacktivism’ too, of course, but I think that’s also over-hyped. The likes of Anonymous and LulzSec are media-friendly – especially to those parts of the media that don’t understand infosecurity. But from both a technical standpoint and a business impact perspective, it’s fairly trivial stuff. That may change if the volume of hacktivism increases. There’s an associated issue, which isn’t hacktivism per se, but which I think is far more significant, and that’s how people are using communication networks in support of genuine activism, as in the case of the Arab Spring. And there’s the dark side of that, too, with the attempt by various authorities to kill thse networks as an act of oppression. That’s going to be a very interesting area to watch.

Q. How many security events do you attend each year?

I try to get to three or four. Being based in rural France makes it a little difficult sometimes. But InfoSecurity is a must, and RSA is high on my priority list.

Q. Which one are you most looking forward to?

SecurityBsides London. Last year was the first time it was held in London and I found it invaluable. I got to meet a lot of people who actually do security – rather than selling it or talking about it. I got to talk to a number of pen-testers and security professionals who were able to give a very different picture to the glossy products that tend to dominate trade shows.

Q. What types of stories or companies are likely to attract your attention this year?

The mobile market is getting very interesting. When it comes to malware and other exploits, Android is starting to look like the Windows 98 of the 21st Century. With smartphones outselling PCs and the rise of tablets, mobile networking is where the action is going to be from a security perspective. That, of course, is why so many people are focused on consumerisation. But that’s just about Bring Your Own Device issues: mobile is a hot topic that extends well beyond the problems of securing smartphones within the corporate perimeter.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Definitely email – smd[at]contrarisk[dot]com. You may be lucky and get my attention via Twitter (@contrarisk), but I can’t guarantee it. Never by phone.

Q. Who is worth listening to (about IT security)?
Pen-testers. They know where the bodies are buried. Strangely, that saying is usually metaphorical…

Q. What is your favourite piece of technology?

My iPhone. Sometimes I even use it as a phone.

Q. What do you think is the most important development in IT security to date?

That’s a very broad question. What strikes me as the most significant issue in security is what hasn’t happened – and that’s to do with our inability to get to grips with the Layer 8 problem. For all our fancy new technology – next-generation firewalls, IPSs, Security as a Service – we still continually fall prey to our inability to adopt secure habits. That affects everyone – from software writers who don’t build security into the development lifecycle, and still produce code vulnerable to buffer overflows or SQL injection, to individuals who re-use weak passwords and fall victim to even the most blatant social engineering tricks. Computers and the Internet are now such an intrinsic part of the fabric of our lives that it’s time we put some real effort into raising awareness.

Q. What is the best piece of advice for companies pitching stories?

Make them technical. I want details, facts, figures, examples and practical information — not opinion. We get offered way too many high-level opinion pieces.

Q. What was the best press trip you’ve ever been on? Worst? Why?

Oh well, that goes way back (as I do). It would have to be the NATO press trip to watch an amphibious assult exercise in the Med. Doing a catapault launch from the USS Eisenhower was definitely a high spot.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I use Twitter, though I can’t say I love it. I’m on LinkedIn, which is genuinely useful. I also use Facebook and definitely hate that.

Q. Tell us something no one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

My phone number was printed in the first edition of the Hacker’s Handbook, back in 1985. That led to some very interesting late-night calls. And my latest hobby, with which I’m currently obsessed, is lock picking…

h1

Opportunity knocks for UK Cloud infosec and other start-ups: @UKTI mission to Silicon Valley offers great ops

September 6, 2011

By Rose Ross AKA @Rose_at_O

The UKTI is offering some great opportunities for some sassy UK cloud start-ups to get some flowers in their hair or more excitingly meet with leading Cloud lights such as VMware and Salesforce. Full info below.

UKTI Cloud Mission: 24 – 28 October 2011 San Francisco

Following the success of last year’s mission, UK Trade & Investment is organising a second Cloud Mission to Silicon Valley. The Cloud landscape is becoming clearer, the PaaS market continues to expand, hybrid Clouds are a reality, and enterprises and governments are planning to adopt Cloud services beyond Dev & Test and for a range of their business functions. The US market is looking for further Cloud technologies, products and services to drive adoption.

We are currently recruiting CEOs of cutting edge companies whose software deliverables might include:

     -Compliance, security, reliability, or privacy benefits which address business concerns around Cloud adoption 
     -Cloud enabling features for scaling, performance, virtualisation, storage, or middleware 
     -Real cost reductions for business users of private or hybrid Cloud architecture 
     -Analytics of Real-time / Big Data across the Cloud 

Or, is your technology part of the Cloud that powers smartphones and tablets, mobile and collaborative working?

Join UKTI’s 4 day agenda, including meetings with a selection of the following major vendors: Salesforce, Citrix, VMware, HP, IBM, plus local incubators, business environment advisers, strategists and peer companies.  Mission participants will have the opportunity to attend FailCon (www.thefailcon.com) on Monday the 24th at a special UKTI 20% discounted rate. 

Places are limited for the mission, register your company today and find out more about this fantastic opportunity –HERE.  The link will take you to the EventBrite website where you will have 90 minutes to complete your application. 

Participation in the mission will require commissioning a £888
Overseas Market Introduction Service (OMIS) through UK Trade & Investment. This service provides for overall mission programme and outlined activities. Delegates are responsible for covering the cost of their own transportation and accommodation.

h1

Summer news sizzler PR tip: Top 7 security journalists in EMEA on “Data Loss Prevention”

August 12, 2011

By @Rose_at_O

Hot on the heels of another recent example of data loss in the NHS, we’ve checked out who is writing the most on this topic in EMEA. Here are the top 7 journalists scribing on the subject over the June and July period.

One of the journos on the list, Dan Raywood from SC Magazine UK was recently profiled here on the Countdown blog. Check out the interview here.

We’ll try and catch up with the others profiled for you on the blog soon. Happy Summer pitching!

Name Story Count Rank Top Titles  
Brad Reed 3 1 Macworld UK
Bob Tarzey 2 2 IT-Director.com
Peter Schmitz 2 3 Search Security (Germany)
Andreas Bergler 1 4 IT-Business
Ángel Gallego 1 5 Red Seguridad
Anne Confolant 1 6 ITespresso.fr
Dan Raywood 1 7 SC Magazine
         
       
       
       
       
       
           

 The league table has been produced courtesy of www.apollosurveys.com.

 

Thanks to Will and the team for allowing this to be reproduced. For more info on all the fab stats you can get from Apollo, drop them a line at enquiries@apolloresearch.com

 

h1

Q & A with Dan Raywood, Online News Editor at SC Magazine in the UK

August 10, 2011

By @Rose_at_O

Q.  Tell us a bit about yourself: 

I am Online News Editor at SC Magazine, been here since September 2008

Q. Tell us a little bit about the titles you write for and their interest in data security. 

SC Magazine is the industry leading B2B title for the information security industry writing for IT security professionals. I cover daily news, blogs and opinion articles for the website www.scmagazineuk.com and write the occasional piece for the printed magazine.

Q. What’s hot in IT security this year? 

Mobile security and management, cloud, virtualisation

Q. How many security events do you attend each year? 

Probably about ten including shows like Infosecurity Europe, IP EXPO, RSA and one off events

Q. Which one are you most looking forward to? 

Probably RSA, it is more speaker-driven than the others

Q. What types of stories or companies are likely to attract your attention this year? 

Perspectives on policy, new solutions to doing things (as we get so many stories that are doom and gloom)

Q. How many interviews do you do per week? 

Varies on the time of year, but on average I would say at least five

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is always the best as I do read them throughout the day, it is also the least distracting and providing you don’t need an answer immediately (which I don’t often do on the phone) I will come back to you.

Q. Who is worth listening to (about IT security)? 

Some really good vendor spokespeople like Rik Ferguson (Trend Micro), David Harley (ESET), James Lyne (Sophos), Jeremiah Grossman (White Hat Security), Chris Wysopal (Veracode), Mikko Hypponen (F-Secure) as well as too many end users and analysts to mention.

Q. What’s your favourite blog?

As a news resource with a wide range of hot topics covered, Sophos’ Naked Security is very up to date

Q. What is your favourite piece of technology?

Probably the Apple iPad, even though I do not own one yet.

Q. What do you think is the most important development in IT security to date? 

Intrusion detection technology, we rarely hear critical stories or opinions while DLP is crucified. Not suggesting that it is fixed, but it seems far more mature

Q. What is the best piece of advice for companies pitching stories?

Keep it brief, get to the point, don’t bury your pitch at bottom of your email as we are too busy to read between the lines to find what it is you are pitching. Also if you are pitching a survey, always include details on who and how many were surveyed

Q. What was the best press trip you’ve ever been on? Worst? Why?

I spent two days on the beach in Cyprus with Kaspersky last year with one day of work which was interviewing researchers. The worst was a trip to Amsterdam which was in fact an office in Schiphol to be told about a new technology I had been briefed on two weeks previously.

Q. What’s your favourite restaurant?

A. Can I have more than one? I love Gaucho Grill, Roast and Indian food (Brick Lane may not be classy, but the food can be fantastic)

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

On all of the main ones, use Twitter (@danraywood) and LinkedIn for work.

Q. Tell us something no one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

Not much to say really, I marked ten years in journalism at the start of this year if that is of interest to anyone?