Computer security

Devi fare il budget sulla sicurezza informatica? Se sei stato fortunato: ti sei preso un ransomware

ho pensato che sia cosa utile fare seguito ad un mio precedente post che si chiedeva se era paperino a fare i budget di sicurezza. Diciamolo, uno dei problemi che affliggono il mondo della sicurezza è che in pochi hanno una vaga idea di come costruire un budget che copra questi bisogni e lamentarsi sempre non aiuta a risolvere il problema, ho quindi pensato di scrivere un suggerimento su come venire incontro alla determinazione del valore economico della stesura di un budget di sicurezza informatica. Il problema di costruire il budget della sicurezza è, notoriamente, che chi lo fa deve…

Happy new insecure 2017: my resolutions and wishlist for new year

Here we are, a new year comes and we, as cyber security expert, will keep warning the world about the deeply insecure world we are living. And we will announce new technologies and new devastating scenarios related to new technologies. IoT and Cloud will rise their evil face while bad people will be lurking in the dark waiting to attack the innocent lamb crossing the road. But, in all of this, the most of the damage will be still done by bad designed systems, by managers that does not understand what means living in a digital world, by politicians that…

unhappy employee are a cyber security concern

Have you ever considered the fact that the “best place to work” is something a security chap should take into serious consideration? A lot of people keep thinking that security is all about one of that technology, most of those expert master perfectly one of another specific technology and think they have the sacred graal of security. Since I am not so a big tech expert I am allowed to think that security isn’t in that specific technology, but in a systemic approach where technology cover just one part, and is just a part of a whole process. One of the aspect…

Security and Datacenters

A Datacenter is a collection of several different elements, all working together to offer a platform to our digital needs. A datacenter is actually a mix of different elements, some logic some physical, it is just not a mere collection of elements but a complex systems with a lot of interactions. We can easily see inside the datacenter, cables, racks, servers, network equipments, storage units and so on but all are there (or should be there) for a purpose and are interconnected. A big part of a datacenter is not even visible; it is the software and data running in…

The rightful way to make an employee unhappy

Management is a difficult art, management in big corporations is more difficult. Management in a corporation where the multicultural requirement is a need is even harder. We all know it and, to a certain extent, we have to deal with it. We can’t expect everything works well and right, and we have to show flexibility and we have to be open to change and embrace the new but… Let’s be real, no matter how much effort you put sometimes things are just not right. When the environment is too toxic probably is better to leave than hoping for a change. …

The IoT Files: Culture

The IoT Files: Culture   In the previous IoT flies tried to outline what are, from my point of view, some key factor that have to be taken into account when talking about IoT. The last, but not the least, point I would like to put some notes is culture. Since IoT is something that will shape out way of life on many aspect, we have to convene that culture is a key element in order to positively and safely embrace it. Culture refers to billions of things, from language structure to literature, from how we share information to how…

The IoT Files – Privacy

In the previous post “The IoT Files – intro and security” I started to talk about Security issues related to the IoT world. Security imply a wide range of elements, one of them is Privacy. But since the nature of this topic is particularly sensitive I will talk about it separately. Privacy in the Internet of Things assume a different taste than we used to think. We should think again what IoT means. A lot of objects that are able to communicate and process data,  equipped with sensors that make them aware of the neighborhood. Those sensors will be able to…

Global Cooperation in Cyberspace Initiative

Dear Colleagues,   The EastWest Institute is leading a Global Cooperation in Cyberspace Initiative to help make cyberspace more secure and predictable. As part of that initiative, EWI has established a “breakthrough group” that is working to enhance cybersecurity for governments and enterprises globally by enabling the availability and use of more secure information and communication technology (ICT) products and services.   For providers in the ICT supply chain, the group is promoting the use of recognized and proven international standards and best practices that improve product and service integrity. For buyers of ICT, the group is working to foster the use of procurement…

A lesson from VW: Vendors, reputation is everything

View image | gettyimages.com Just jumped on the news, between some soccer player affair and the wonderful Rugby world cup I put my eyes on the VW scandal: OMG they lie to customers and government agency… Why I am not at all surprised? Let be clear, I have nothing against VW, it is a great brand with great product, but is a company driven by profit and so profit is the biggest interest, above ethic and other consideration. This is why government and consumers need to be vigilant and force companies to act fairly. It is surprising that something like…

Time for enterprises to think about security, seriously

View image | gettyimages.com UE directive on Attack against information systems  give us no more excuse to deal seriously, Under the new rules, illegal access, system interference or interception constitute criminal offence across the EU. But while the legislator is working to create tools to address cybercrime as a Whole system problem, that is affecting EU economy, what are enterprise doing on this side? The problem is that if enterprises does not align their cyber security defence to the correct approach every legislation will be useless, because the target will be always too easy. Makes absolutely no sense to start…

Posts navigation