Cybersecurity Forum Covers Full Spectrum of Innovations
By Carl Willis-Ford, Senior Technical Advisor, SRA International and Adjunct Faculty, George Mason University, MS in Technology Management Class of 2008
During quarterly meetups, the Cybersecurity Innovation Forums, hosted by Mason’s MS in Management of Secure Information Systems (MSIS) program, demonstrate recent innovations in a wide spectrum of cybersecurity topics: from governance to code, from network traffic to acceptable use policy.
I had the pleasure of speaking at the Forum on February 5, 2015. To set the stage, it was a cold night with temperatures in the 20s and enough wind for a wind chill factor of… well, REALLY cold. As I walked across campus trying to stay warm (after parking in the wrong garage), I wondered whether there would be much of an audience, considering the weather. Not to worry…by the time the presentations started, we had a full house of folks from industry and academia, who were ready for an evening of risk management, non-malicious security violations, and wearables security!
First up, Al Seifert, CEO of MSB Associates, provided a peek into the Security i-Cue product, which provides an innovative and much needed assist in managing the security program. i-Cue aims to provide a comprehensive solution to address risk-based security management, compliance, actionable intelligence, and reporting to all levels, as well as a “what if” feature that shows how a control change affects things.
Seifert took us on a walk through National Institute of Standards and Technology (NIST) guidance and risk management principles before showing us how better use of the existing data in the enterprise results in a better understanding of compliance and reduces costs.
The second speaker was handsome, erudite, and…ok, it was me, your guest blogger. One of my passions is learning how end users relate to cybersecurity policy, including how and why they choose to
follow (or not to follow) policy. While there is considerable focus on the malicious insider threat, I like to talk about the non-malicious insider threat – users who knowingly violate policy because they think they need to in order to do their job (or make it easier), or because they want to help a co-worker.
I gave some background on non-malicious security violations, showed the seriousness of the threat, and finished up with some ideas (and cited research) on the questions of why they happen and how we can improve awareness programs to reduce the occurrence and risk
Jack Mannino, CEO of nVisium and chairman of the Northern Virginia Chapter of OWASP (Open Web Application Security Project), wrapped up the evening talking about wearables (including Google Glass and Android Wear). The constant evolution of wearables, along with their expected ubiquitousness, will certainly impact our lives, both in capabilities and in the security of our personal data.
Mannino’s talk was humorous while offering an informative view of the inner workings of wearable applications and security. He showed the audience examples of wearable app architecture, an analysis of an attack upon that architecture, and ideas for making the app less vulnerable.
The snacks were delicious, the coffee was hot, and the audience was fully engaged, asking great questions of all the speakers and joining the speakers in conversations afterward…an evening well spent!
Trackback from your site.