SANS Institute

For SANS Critical Controls: Authentication Missing In Action

Authentication is the gateway to privilege and authorization. Consider how many portions of your life, digital and otherwise, revolve around authentication. Whether you want to do Internet banking, tweet a friend, or buy a present, some sort of authentication likely occurred to allow you to do so.   But when it comes to one of the most widely used sources of advice for organizations to improve their security, authentication is absent. I’m speaking about The SANS Institute’s “20 Critical Security Controls.” This list represents a great public-private partnership effort with SANS, the Center for Internet Security, and Center for Strategic and International Studies all involved in its production and maintenance. The goal of the document is to help provide organized guidance and actionable improvements for organizations wanting to strengthen their security posture. Because of the separation of subject matter into individual control areas, the document is quite useful at conveying […]

Continue Reading

SANS’ Pescatore: Security Needs Rethink For Internet Of Things

Our friends over at InfoSecurity Magazine have an interesting interview with SANS’ Director of Emerging Security Trends John Pescatore about security and The Internet of Things. Pescatore gets a somewhat skeptical hearing from the enterprise-focused IT security publication. (“Granted, it’s unlikely that anyone would be sending a car an email with a malicious executable, but that doesn’t mean there aren’t threat vectors for hackers to exploit,” InfoSecurity opines, by way of an introduction. Oh really?) But Pescatore brings a “deep field” view to this topic, noting that the security issues around IoT are already upon us in the spent almost two decades as Gartner’s Obi-Wan Kenobi for security, where he advised companies and technology vendors on the best way to navigate the shifting sands of the IT security space. Speaking to InfoSecurity, Pescatore says the 100,000 foot message is: ‘let’s learn from our mistakes.’ Specifically, that means not looking at intelligent devices, including […]

Continue Reading
1 2