Domain: isaca.org
Stories and comments across the archive that link to isaca.org.
Stories · 2
-
How Can Businesses Close 'The Cybersecurity Gap'? (venturebeat.com)
Companies can't find enough qualified security personnel, and fixing it requires "a fundamental shift in how businesses recruit, hire, and keep security talent," according to a VentureBeat article by an Intermedia security executive: The trickle of security students emerging from post-secondary schools may not be fully prepared to tackle complicated security issues -- what we need are people who can protect businesses environments from everything from spam and BYOD vulnerabilities to complex threats like APTs and spear phishing. Second, certain companies may not know what to look for in a professional. Third, when skilled professionals are hired, they can often be overworked to the point where they don't have the time to keep up with the latest developments in the field -- and even in their own security tools... The fundamental problem facing the skills gap, however, is that there aren't enough people coming into the field to begin with. Here, companies need to do two things: step-up their advocacy when it comes to promoting cybersecurity careers, and look internally for employees who have the skills and desire to take on a security position but need the training and support to succeed...
Finally, businesses need to recognize that security threats today go well beyond just one department. Every employee should be responsible for knowing what to look for in an attack, how to report a suspected threat, and how they can simply disengage from content and files they deem suspicious. Basic security training needs to become a part of the onboarding process for any employee -- especially for those in the C-Suite, where a greater number of spear-phishing attacks occur.
The article also cites a study which found "about a quarter of all cybersecurity positions are left unfilled for about six months." -
US Military Is Looking At Blockchain Technology To Secure Nuclear Weapons (qz.com)
Lasrick quotes a report from Quartz: Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications. DARPA, the storied research unit of the U.S. Department of Defense, is currently funding efforts to find out if blockchains could help secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites. The report adds: "The case for using a blockchain boils down to a concept in computer security known as 'information integrity.' That's basically being able to track when a system or piece of data has been viewed or modified. In DARPA's case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they're surveilling a particular military system. This September, DARPA, which stands for Defense Advanced Research Projects Agency (the agency helped create the internet, among other things), awarded a $1.8 million contract to a computer security firm called Galois. The firm's assignment is to formally verify -- a sort of computer-code audit, using mathematics -- a particular type of blockchain tech supplied by a company called Guardtime. Formal verification is one way to build nearly unhackable code, and it's a big part of DARPA's approach to security. If the verification goes well, it could inch DARPA closer to using some form of blockchain technology for the military, DARPA's program manger behind the blockchain effort, Timothy Booher, said. 'We're certainly thinking through a lot of applications,' he says. 'As Galois does its verification work and we understand at a deep level the security properties of this [technology] then I would start to set up a series of meetings [with the rest of the agency] to start that dialog.'"