General

Many major news carriers found it important to carry the news today that “Obama orders a 60-day cybersecurity review”. Some stated that “Cybersecurity is now one of the major national security problems facing the United States”, while in reality, it is actually a major INTERNATIONAL security problem facing the ENTIRE GLOBE (not just the United States). Other references were made to th need for the White House to

1. initiate a drive to develop next-generation secure computers and networking for national security applications; 
2. establish tough new standards for cyber security and physical resilience; 
3. battle corporate cyber espionage and 
4. target criminal activity on the Internet.

All of these are absolutely important and critical issues that cannot be ignored, but one major issue missing in these is the PEOPLE component of cybersecurity. As my whitepapers have repeatedly eluded to, People are the FIRST line of DEFENSE; technical security controls are rendered futile by people who are not aware of how to protect their own computing ecosystem.

I was  privileged to be in the audience of the Commission on Cybersecurity for the 44th Presidency on the day  (December 29), their report was released for public viewing, where the panelists - Rep. Jim Langevin (D. R.I), Rep. Michael McCaul (R. TX), Lt. General Harry D. Raduege Jr. USAF, retd.) Deloitte & Touche and Marcus Sachs, Verizon Comunications participated.

Highlights from the panel I captured are given below.

1. Cybersecurity is today’s greatest security threat.
2. There is a need for increased awareness among the American people.
3. Threats are real today in the virtual world.
4. Espionage and Digital Pearl Harbor is very likely.
5. Cyberspace is an national asset and needs apropriate protection not just for national security but also for economic security without compromise on privacy and civil liberties.
6. There is a need for buy-in from the International community as well as cyberspace does not end at the waters edge.
7. Partnerships with the private sector as well is extemely important and has been proven to be useful in past situations.
8. There is a need for a cyber mindset - safe and protected use of the cyberspace.
9. There is a need for education and awareness - across the nation and internationally.

“It is Imperative as a nation that cybersecurity is taken into account seriously for the liveability of the nation. If not we have failed as a nation.” 

From the press release it seems to be like President Obama is taken cybersecurity into account seriously. Only time will tell of the liveability of this nation and the world. It’s about time that cybersecurity was in the forefront.

Are there other questions (than the ones listed below) that take more precedence that an Information Security Professional/Leader/Executive needs to be able to answer in the board room? If so, please respond …

1. What is the Revenue to the company?
2. What is the Cost to the company?
3. What are the Risks to the company?

Additionally thoughts on how these questions can be answered from an information security perspective is welcome.

1982 Machine of the Year was the Computer and the 2006 year end issue of Time magazine has “You” - the IT Professional as the Person of the Year.

With the continued focus and increased attention on information security, many information security professionals find themselves to be in constant demand. What makes these InfoSec Professionals to be sought after? (See DNA of an effective InfoSec Professional) and the real question would be will 2007 be not just the Year of “You-the IT Professional” but also the Year of the “InfoSec” Professional?

Just wondering, in today’s day and age, what constitutes the DNA of an effective InfoSec Professional -
Is it one who is versatile with a breadth of experience across various technology or is it someone who is super specializes in one area of security? Is it one with an entreprenuerial spirit, a visionary, …

I would like to compile various opinions as to what one thought was the DNA of an effective InfoSec Professional

Merriam-Webster defines effective as “producing a decided, decisive, or desired effect”Â