Daily Tech Digest - June 23, 2017

Where to spend your next security dollar

You probably haven’t thought about NACD for cyber security training. But, the program is the best security management course I have seen, is online and will give your senior executives a great overview of what your organization needs to be doing about security and risk management. The course describes the security management function and is general in scope, not compliance focused. If your executives participate in this training, they (and you) will have an excellent idea of the essential practices your organization needs to follow. The program connects security practices with business issues and language. I don’t have anything against my ISC2 and ISACA training courses, but their roots are in technology and audit. This training’s roots are in business.

Lightworks 14 review: Free video editing software lacks proper Mac decorum

With version 14, developer EditShare has taken great strides to make the Lightworks more consumer-friendly, consolidating the previously modular user interface into a fixed, full-screen workspace. (The flexible “classic” mode is still available from the Project Layout settings.) With the organized, single-window UI comes an easier to use application, but Mac users won’t feel quite at home. For starters, there are no menu options at all, and Lightworks shuns Apple’s traditional contextual menu shortcuts in favor of the Windows right-click approach. Likewise, the file browser has a distinctly Unix look and feel that makes macOS seem like a second-class citizen. Coming from years of experience with native Mac editing software, the transition was a bit jarring to say the least.

Atomistic and Holistic View of an Enterprise

Enterprises are complex adaptive systems where a complex adaptive system is defined as systems that are characterized by complex behaviors that emerge as a result of non-linear interactions in space and time among a large number of component systems at different levels of organization. That is a view of the enterprise arrived at by breaking it down into smaller units of organization may be useful in comprehending each individual part and how they fit into the larger whole, but it will not lead to a holistic understanding of the enterprise itself. To use an analogy, for example, if you get two cars, one from UK and the one from US, and break it apart and understand it in terms of their components, that analysis might answer some questions about the functioning of these cars, but that analysis alone will not tell you why one has the steering wheel on the left side and the other has it on the right side.

Automation And Society: Will Democracy Survive The Internet Of Things?

When the internet first went live, many commentators assumed it would provide a pure form of democracy. Everyone was given the same platform; age, race and gender were no longer relevant and we were all anonymous. But the reality was more chaotic, as we struggled to comprehend the power of a new tool that would revolutionize human life. This strange world was somewhere we could get lost and detach ourselves from everyday existence, but often it was also a quasi-reality that proved overwhelming and dangerous. Yet slowly we have found structure. Society has become inherently more intelligent - we can find the answer to almost anything at the click of a button. Those at the cutting-edge can now gain previously unimaginable insight into human tendencies and interests.

Stay out of the hot seat with turnkey private cloud

When it comes to implementing a multi-cloud strategy, your approach to private cloud can have a dramatic effect on your organization’s results. When compared with a DIY private cloud approach, implementing a turnkey private cloud will dramatically reduce the friction you experience. Less static friction with a turnkey private cloud means that your strategy will be implemented faster, accelerating time-to-value. Less dynamic friction with a turnkey private cloud means that ongoing cost and risk will be reduced, resulting in improved service levels and a better bottom line. Less friction means less heat. Keep yourself out of the hot seat and adopt a turnkey private cloud.

A new release management strategy depends on speed and efficiency

Dark launching is a similar process. Software is gradually and stealthily released to users in order to get their feedback as well as to test performance. Code is wrapped in a feature toggle that controls who gets to see the new feature and when. Facebook and Google rely on dark launches to gradually release and test new features to a small set of users before fully releasing them. This approach lets operations staff determine if users like or dislike the new function. It also allows for an assessment of system performance before moving ahead with a full release. As these different delivery options emerge, companies are looking for ways to train and familiarize their staff as part of a new software deployment strategy.

What it takes to be a security incident responder

The skills needed for a quality incident responder can be categorized into two main groups: personal skills and technical skills. “The greater one’s technical skills, the better the incident responder,” Henley says. Among the desirable skills are a good grasp of basic security principles such as confidentiality, authentication, access control and privacy; security vulnerabilities; physical security issues; protocol design flaws; malicious code; implementation flaws; configuration weaknesses and user errors or indifference. Responders should also know about the Internet of Things (IoT), risk management, network protocols, network applications and services, malicious code, programming skills and intruder techniques. IT security professionals who become leaders or members of response teams sometimes take circuitous routes to these positions.

5 ways businesses can cultivate a data-driven culture

The pressure on organizations to make accurate and timely business decisions has turned data into an important strategic asset for businesses. In today’s dynamic marketplace, the ability for businesses to use data to identify challenges, spot opportunities, and adapt to change with agility is critical to its survival and long-term success. Therefore, it has become an absolute necessity for businesses to establish an objective, data-driven culture that empowers employees with the capabilities and skills they need to analyze data and use the insights extracted from it to facilitate a faster, more accurate decision-making process. Contrary to what many people think, cultivating a data-driven culture is not just a one-time transformation. Instead, it’s more like a journey that requires efforts from employees and direction from both managers and executives.

The fight to defend the Internet of Things

One job of the IoT ecosystem, including technology, products, and service providers, is to protect millions (or even billions) of other people by introducing robust security capabilities into the wide variety of connected devices shipped everyday. A robot or IP camera might require advanced computer vision and data processing power, while a connected light bulb may only need basic connectivity and a simple microcontroller. But they all need to be protected. Security needs to be considered in every aspect of the IoT, whether that’s the device itself, the network, the cloud, the software, or the consumer. Attacks are imminent. A study from AT&T, for instance, revealed a stunning 458 percent increase in vulnerability scans of IoT devices in the course of two years. Hackers usually exploit combinations of vulnerabilities to perform an attack.

It's Time To Upgrade To TLS 1.3 Already

The designers of TLS 1.3 chose to abandon the legacy encryption systems that were causing security problems, keeping only the most robust. That simplicity is perhaps one of the reasons it will be ready in half the time it took to design its predecessor. Connections will still fall back to TLS 1.2 if one end is not TLS 1.3-capable -- but if a MITM attacker attempts to force such a fallback, under TLS 1.3 it will be detected, Valsorda said. Almost 93 percent of the websites in Alexa's top one million supported TLS 1.2 as of January, up from 89 percent six months earlier, according to a survey by Hubert Kario's Security Pitfalls blog. But seven percent of one million means a lot of websites are still running earlier and even less secure protocols. Among the laggards are some sites you would hope to be on top of security: those taking online payments.

Quote for the day:

"A good programmer is someone who always looks both ways before crossing a one-way street." -- Doug Linder