To queue or not to queue, that is the PCI question via CSO Online
When it comes to security, many queuing services are optimized for speed and not for security. And that is a red-flag when it comes to PCI. If the data is effectively encrypted, then most of your security issues will be obviated. The challenge with queuing and encryption is that depending on the scenario, you may not have direct control of the ephemeral data used by the queuing software.
The Future of Security: A Roundtable via Backchannel
Backchannel has assembled a panel of security professionals from technology companies and academia for a weeklong virtual roundtable discussion. Panelists have been asked this two-part question: What are society’s more urgent technological vulnerabilities today? And what will they be 10 years from now?
Check out the responses so far:
- Patrick Heim: We Didn’t Evolve For This!
- Joel de la Garza: Security As An Afterthought Never Works
- Gerhard Eschelbeck: The Authentication Problem
- Rebecca Bace: Security Needs A Culture Change
- Michael Coates: We Need A Basic Set Of User Rights
- Alex Stamos: The Key To Security Is Being Open
- Nicholas Weaver: The Global Spy Network of Deadly Robots
What’s Next After the Internet of Things? via Gartner
We have reached the point where the IoT has moved beyond targeted, proprietary and costly use in industries such as manufacturing and utilities (known as operational technology, or OT) to cheaper, standardized and ubiquitous use everywhere. The time is up to adopt foundational security hygiene, implement secure development of applications as a standard practice, and complete any integration required between IT security and OT security.
Banking malware is using techniques once reserved for state-sponsored hacking gangs. Consider the recently discovered Metel crimeware package which contains more than 30 separate modules that can be tailored to the computer it’s infecting. This was the most clicked article in yesterday’s bi-weekly newsletter.
Integrate Security Silos to Stop APTs via Security Intelligence
With its comprehensive monitoring capabilities, a SIEM solution makes it possible to determine base-level behavior of the enterprise then send alerts if it detects patterns deviating from the base level. This provides a very strong foundation for mitigating security risks across all domains. A solution with this type of analytic capability and transparency will also be the cornerstone when it comes time to enforce processes that comply with the EU’s impending data protection act.
The U.S. Government’s Role in Cybersecurity via CSO Online
Alejandro Mayorkas, Deputy Secretary of the Department of Homeland Security discusses DHS’s role in Cybersecurity of the U.S. government infrastructure and commercial infrastructure.
SIGNUP FOR OUR BIWEEKLY NEWSLETTER HERE AND FOLLOW US @IDENHAUS.
Photo Credit: Valerie Everett