Categories
Articles

Risk trade-offs? Or spirals?

A couple of recent discussions have mentioned “trade-offs” between risks. But I wonder whether that might sometimes be a misleading phrase: concealing dangers and perhaps even hiding opportunities? “Trade-off” makes me think of a see-saw – one end down, other up – which has a couple of implications. First, the two ends are in opposition; […]

Categories
Articles

Automation: Two ways

Earlier in the year, Networkshop included a presentation on Juniper’s Mist AI system for managing wifi networks. I was going to look at it – as an application I don’t know – as a test for my model for thinking about network/security automation. That may still happen, but first it has taken me down an […]

Categories
Articles

Thinking about blocking

Throughout the time I’ve been working for Janet, the possibility of using technology to block undesirable activity on networks and computers keeps coming up. Here are four questions I use to think about whether and how technology is likely to be effective in reducing a particular kind of activity: Where is the list? Any technology […]

Categories
Articles

Images of Cyber-security

Victoria Baines closed the FIRST conference with a challenge to improve our image (video). Try searching for “cyber security” and you’ll see why: lots of ones, zeroes, padlocks, and faceless figures in hoodies. Some of the latter look a lot like the grim reaper, which makes the task seem hopeless: in fact, cyber badguys can […]

Categories
Articles

Knowledge Management for Security & Incident Response

Knowledge Management (KM) isn’t a topic I remember being presented at a FIRST conference before, but Rebecca Taylor (video) made a good case for its relevance. Security and incident response use and produce a lot of information – a Knowledge Management approach could help us use it better. Most teams quickly recognise the benefits of […]

Categories
Articles

Making CSIRTs (even) better

Incident Response Teams are, as the name indicates, responsive. Often they will try to provide whatever services their constituency asks for, or seems to need. However over time that can result in a mismatch between what the team offers and what its resources, capabilities and authority can actually deliver. That leads frustration, both among disappointed […]

Categories
Articles

Ransomware: an emotional experience

Tony Kirtley’s FIRST conference talk (video) explored how the Kubler-Ross model of grieving can help understand the emotional effects of a ransomware attack, both to avoid negative consequences and, where possible, to use natural emotions to support positive responses: Denial: in a ransomware attack, denial should be short-lived, as the nature of the problem will […]

Categories
Articles

Trust or Mutual Benefit?

The theme of this year’s FIRST conference is “Strength Together”. Since I first attended the conference in 1999, we’ve always said the basis for working together was “trust”. However that’s a notoriously slippery word – lawyers, computer scientists and psychologists mean very different things from common language – and I wonder whether security and incident […]

Categories
Articles

Security Poverty: a problem for everyone

Wendy Nather’s keynote at the FIRST conference (video) considered the security poverty line, and why it should concern those above it at least as much as those below. To secure our systems and data requires resources (tools and people); expertise to apply those effectively; and capability, including sufficient influence to overcome blocking situations or logistics. […]

Categories
Articles

Incident response in the cloud

My first reaction to Mehmet Surmeli’s FIRST Conference presentation on Incident Response in the Cloud (video) was “here we go again”. So much seemed awfully familiar from my early days of on-premises incident investigations more than twenty years ago: incomplete logs, tools not designed for security, opaque corners of the target infrastructure, even the dreaded […]