OSHEAN eCurrent | Page 32

MEMBERSHIP Q&A Q: There is a renewed push for companies to weaken encryption methodologies so governments can more easily access data during investigations, what impact would such policies have on your organization / constituents? Q: Does your organization use NIST for cybersecurity management? Would you recommend other organizations have this framework? Whether it’s NIST or some other type of framework, getting an overall framework established My opinion is that if an agency embeds back- and set up is vital. While they may be struc- door keys into encryption, no one will use that tured differently, cybersecurity frameworks encryption any longer and other approaches translate to each other pretty well. You can will be used. I wouldn’t use it since as we have start by doing very basic things like verifying seen the government is often compromised your inventory and hardware, figuring out your (see the OPM break in issue) and as such my assets and resources, and starting from there data would not be secure. Any serious actor in the world would simply use a different method so this would only work on the lowest level of criminal activity. Thus, completely ineffective. KEVIN LONGO Solutions Engineer, OSHEAN ALLAN ZAWADOWICZ Network Engineer, OSHEAN Dr. Doug White meets with students. Q: Have hacktivists like Anonymous caused you to change your approach to security? In many ways, they’re the vigilantes of the Q&A with Our OSHEAN Members OSHEAN members are the engines behind IT transformation within their organizations. Join us as we profile different members each month. DR. DOUG WHITE network and that microwave is full of security Professor of Networking, Security and Forensics at Roger Williams University compromises, this is a huge threat. Much like the early Wi-Fi problems where people were Q: As the ‘Internet of things’ becomes more of bringing in Wi-Fi nodes and attaching them in their offices, this will require new protocols a reality, what steps must organizations take to protect sensitive data? and restrictions to prevent creating difficult to Testing and training will have to expand. If I spot security threats. Q: In such complex IT environments, how do you balance security and usability? Internet. They pose a threat to certain people/ groups who have done wrong by them or who represent socioeconomic, political, or criminal If you don’t have an easy, reliable way for users injustices. Yet they rarely (if at all) act as a col- to do their jobs day-to-day, they will find one lective, going after random targets. on their own. For example, if your organization More importantly is knowing what information doesn’t have a good IM client that is easy to use you (or your organization) holds that could be and reliable, your employees may begin using of value to hackers. This enables you to deter- applications like Facebook’s chat function to mine what the target landscape looks like. Un- transfer business files. Having good interac- derstanding the threats better positions you to tions with your users and educating them on implement measures to protect against those the right way to do things allows you to deter- threats regardless of the underlying motiva- mine their needs and build good solutions to tion. The motivation isn’t as important as what meet them. you’re actually susceptible to. can attach a microwave oven to the company 32 | CURRENT 2015-2016 Stronger Together | 33