Information security

Dear CISO, please talk about business with your board, not technicality.

Antonio Ieranò CSO, Cyber Security Architect, technical evangelist, consultant, writer, journalist and trainer Dear CISO and Board I think we should always consider our job as a part of the business. We finally started to consider cyber security and data protection as a serious issue but now the question is how we evaluate a risk in our analysis and business plans… Current documentations and reports, for risk analysis, presented to most of the boards use just a flag (High, medium, low risk) but does not seems to specify any metric. Without metric it is hard to make sound evaluation and…

Security and Datacenters

A Datacenter is a collection of several different elements, all working together to offer a platform to our digital needs. A datacenter is actually a mix of different elements, some logic some physical, it is just not a mere collection of elements but a complex systems with a lot of interactions. We can easily see inside the datacenter, cables, racks, servers, network equipments, storage units and so on but all are there (or should be there) for a purpose and are interconnected. A big part of a datacenter is not even visible; it is the software and data running in…

A lesson from VW: Vendors, reputation is everything

View image | gettyimages.com Just jumped on the news, between some soccer player affair and the wonderful Rugby world cup I put my eyes on the VW scandal: OMG they lie to customers and government agency… Why I am not at all surprised? Let be clear, I have nothing against VW, it is a great brand with great product, but is a company driven by profit and so profit is the biggest interest, above ethic and other consideration. This is why government and consumers need to be vigilant and force companies to act fairly. It is surprising that something like…

Time for enterprises to think about security, seriously

View image | gettyimages.com UE directive on Attack against information systems  give us no more excuse to deal seriously, Under the new rules, illegal access, system interference or interception constitute criminal offence across the EU. But while the legislator is working to create tools to address cybercrime as a Whole system problem, that is affecting EU economy, what are enterprise doing on this side? The problem is that if enterprises does not align their cyber security defence to the correct approach every legislation will be useless, because the target will be always too easy. Makes absolutely no sense to start…

Security and Risks Updated

When I’m talking about security with customers, partners or at an event the first question I usually receive is: how much this will cost to me? This is an understandable question, costs have to be monitored and expenditures have to be planned wisely;  how much I can spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seemed to be attracted more by strange inner believes than an empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that…

V-Valley Security: Advanced Persistent Threat

Inizia con questo articolo una serie che ripercorre le presentazioni che ho fatto per V-Valley, distributore aggiunto del gruppo Esprinet, al fine di poter dare la possibilità a chi non ha potuto partecipare all’evento, o non ha preso appunti :), di rivedere le slides con un minimo di commento. Ovviamente per chi mi conosce non esiste una relazione biunivoca tra quanto detto dal vivo e questi articoli, che sono per forza di cose più generici rispetto alle versioni live, ma spero che siano comunque un utile compendio ed una piacevole lettura 🙂 Chiunque oggi segua il mondo dell’informatica, ed in…

check out my new article on hakin9

http://hakin9.org/read-hakin9s-qr-code-hacking-issue-and-get-knowledge-how-to-protect-yourself-from-data-loss/ Read Hakin9‘s QR Code Hacking Tutorial and Learn How To Avoid Data Loss You received this newsletter because you subscribed to autoresponder address list of Hakin9 magazine. If you want to unsubscribe please click the link. Dear Readers, we are pleased to inform you that our new tutorial about QR code hacking has just arrived. You can download it here. In this issue you will find articles such as: QR Code Hacking BASICS Hacking QR CodesBy Rishabh Rastogi An information security, risk and governance minded professional who thrives on evaluating technologies and business processes from a critical perspective. Popularly…

Security Costs and Security Budgets

When I’m talking about security with customers, partners or at an event the first question I usually receive is: “how much this will cost to me?” This is an understandable question, costs have to be monitored and expenditure have to be planned wisely, the problem of  how much I canshould spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seamed to be attracted more by strange inner believes than a empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that I’ve…

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides Mobile Security Series – Beyond BYOD – Slides inShare1 Le slide del primo approfondimento (ISC)2 Italy Chapter sul Mobile (Beyond BYOD) sono disponibili ai soci a questo link(*): Webinar – (ISC)2 Italy – Mobile Series 1 – Beyond BYOD Ringraziamo tutti coloro che hanno seguito il seminario e ancor di piu’ chi ha dedicato del tempo per completare il sondaggio sull’iniziativa. Stay tuned: nelle prossime settimane vi informeremo sulle date del secondo e poi del terzo seminario della serie. (*) Per accedere alle slides e’ necessario essere Soci di (ISC)2 Italy Chapter; l’utenza…

(ISC)2 Italy Chapter Site » (ISC)2 Chapter Italy al Security Summit

(ISC)2 Italy Chapter Site » (ISC)2 Chapter Italy al Security Summit (ISC)2 Chapter Italy al Security Summit inShare2 Domani 12 Marzo inizia a Milano il Security Summit, probabilmente la piu rilevante manifestazione di Sicurezza ICT nel panorama Italiano. Lo scorso anno il Capitolo Italiano di (ISC)2 ha annunciato la propria nascita proprio a questa manifestazione ed è naturale per tutti noi esserci affezionati e presenti anche per questo motivo. Anche quest’anno dunque parteciperemo ed avremo uno spazio tutto per noi. L’appuntamento è quindi per il secondo giorno, ovvero il 13 marzo Mercoledi alle 16.30. Pierluigi Sartori, socio (ISC)2 Italy Chapter, presenterà un…

Posts navigation
Stop censorship
%d bloggers like this: