SysRisk

Simply Cybersecurity

Read this first

The CISO Role Is Technical

Recently there has been a bit of discussion about information security leadership. The other night I was put on the spot when I made a comment and the response was, “so if you’re not technical, you cannot do security work?” Or, something like that.

I didn’t want to be rude and do understand that there is a whole domain of IT, information and security governance that focuses on policy, procedures, and resilience. That was the focus of the first five years of my career at EY and KPMG. However, larger organizations that have a lot to leak, already have have risk and control departments to focus on policy and procedure review, while having a department that focuses on disaster recovery. Even when that falls into the information security department directly, it is a supporting function to the role of actively securing the environment.

The CISO roles needs to be a cyber security expert with...

Continue reading →


HTTraP

This scripting and programming project started about seven years ago when we started thinking about web defense. The concept turned much larger because we came to realize that all services offered over the internet - DNS, FTP, SSH - are all naturally defensive. The service is sitting there running with a port open and attackers can just apply scripted attacks or manual techniques (rare these days) to penetrate the host system.

The idea behind HTTraP was similar to a honey pot in that it tried to analyze the activity, but only for a couple tries before it stored the activity in a database, then blocked the IP. The idea was a web presence that would give the user strict usage rules and once 404 or 50x errors are thrown, then IP, geo-location, error number, and reason (url injected) would be stored and analyzed, but the user/ip address would be blocked after a couple offenses. There is no...

Continue reading →


SOCinaBox

While the name nor the idea are original, we have yet to see the actual solution to the issue. The issue I refer to is the fact that small and medium-sized businesses are out in the cold when it comes to cyber security monitoring and hardening.
Every security operations center (SOC) or security as a service (SaaS - the other one) offering starts at a price point that alienates businesses that operate on a smaller scale. This is where enterprise security forgets that we are only as strong as our weakest link, so they implement a warmed over review of contractor and sub-contractor security, which are usually smaller businesses. These smaller companies suffer in the face of questions related to periodic penetration tests, firewalls and intrusion detection on internet connections, internet connection monitoring, or even ISMS certification.
The knee-jerk reaction for most businesses is to...

Continue reading →