[Log In] []

Exploring the science and magic of Identity and Access Management
Wednesday, October 28, 2020

KuppingerCole: Information Security Predictions and Recommendations 2014

Cloud Computing, Identity, Information Security, Internet of Things
Author: Mark Dixon
Thursday, December 19, 2013
2:53 pm

Kuppingercole

Kuppinger Cole just released an insightful Advisory Note: “Information Security Predictions and Recommendations 2014.”  The introduction stated:

Information Security is in constant flux. With the changing threat landscape, as well as a steary stream of new innovations, demand for Information Security solutions is both growing and re-focusing.

I like both the predictions and recommendations in this report.  Here are a few excerpts from my favorite recommendations:

Cloud IAM (Identity and Access Management)

Define an IAM strategy for dealing with all types of users, devices, and deployment models that integrates new Cloud IAM solutions and existing on-premise IAM seamlessly.

API Economy

Before entering this brave, new world of the API “Economy”, define your security concept first and invest in API Security solutions. Security can’t be an afterthought in this critical area.

IoEE (Internet of Everything and Everyone)

Before starting with IoEE, start with IoEE security. IoEE requires new security concepts, beyond traditional and limited approaches.

Ubiquitous Encryption

Encryption only helps when it is done consistently, without leaving severe gaps.

The whole paper is well worth reading.  Hopefully, this post whetted your appetite a little bit.

Comments Off on KuppingerCole: Information Security Predictions and Recommendations 2014 . Permalink . Trackback URL
WordPress Tags: , , , , , ,
 

Encryption Games at the Cyber Command

General
Author: Mark Dixon
Thursday, July 15, 2010
7:05 pm

It is was fitting today that as I studied the subject of encryption in preparation for my CISSP exam, I stumbled upon information about the newly-formed United States Cyber Command, a US armed forces sub-command subordinate to United States Strategic Command. The command was officially activated May 21, 2010 and is slated to reach fully operational readiness by October 2010.

The Cyber Command:

“ … plans, coordinates, integrates, synchronizes and conducts activities to direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

Defense Secretary Robert Gates, stated in the official June 23rd announcement:

“Cyberspace and its associated technologies offer unprecedented opportunities to the United States and are vital to our nation’s security and, by extension, to all aspects of military operations. Yet our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.”

OK.  This sounds like a good thing to do.  But what was really intriguing and fitting for me today was to learn that the command’s handsome new emblem contains an encrypted message its inner gold ring: 9ec4c12949a4f31474f299058ce2b22a.

image

Can you figure out what it means?  The Wikipedia article for the command states:

“The text "9ec4c12949a4f31474f299058ce2b22a", which is located in the command’s emblem, is the MD5 hash of their mission statement.”

This is consistent with a statement from a command spokesman quoted in an article by John Cook of Yahoo! News.  However, something is not quite right.  John explained:

“We tried encrypting that entire statement using an MD5 hash generator, and we didn’t get a match to the logo code. So it looks like just a portion of the statement has been encoded.”

Wired Magazine has launched a contest to see who can crack to code.  Can you do it?  You can win a t-shirt from Wired or a ticket to the International Spy Museum.

Even better, rumor has it that the Cyber Command wants to hire 1,000 new cyber specialists over the next few years.  Maybe this game is part of the recruitment process.

Or … maybe this will remain another obscure mystery destined to someday being mentioned in a novel by Dan Brown.

Comments Off on Encryption Games at the Cyber Command . Permalink . Trackback URL
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.