Tag: Policy

Kaspersky Lab's name has been linked to increasingly detailed reports of spying by Russian intelligence agencies.

Kaspersky’s Cold War(e), Unpacking DOJ’s Encryption Talk and regulating IoT

In our latest Security Ledger Podcast we talk about Kaspersky Lab’s Cold War tinged smack down with for NSA analyst Dave Aitel of Immunity Inc. Also: Bruce Schneier weighs in on what has and hasn’t changed in the Trump DOJ’s take on strong encryption, while Josh Corman of PTC tells us that federal rules governing IoT security may be closer than we think.

US Deputy Attorney General Rod Rosenstein speaks at The Cambridge Cyber Summit. He raised questions about the use of strong encryption.

In Boston, Deputy AG Rosenstein picks up call for Encryption Back Doors

US Deputy Attorney General Rod Rosenstein used a speech in Boston to criticize the technology industry’s use of strong encryption which he called “warrant proof,” even as he said law enforcement had no issue with its use. 

What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

Opinion: NIST Guidelines make Digital Identity all about Risk

Opinion: NIST Guidelines make Digital Identity all about Risk

Contributing writer Chip Block of the firm Evolver says the new NIST Digital Identity guidelines do much more than rethink passwords. They help solve an age old problem: how to prioritize security spending. 

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.