Delivering Chicago Consulting Group's and our Partners' perspectives on a number of relevant and timely discussions is the aim of this section.  How well we communicate with clients is important to us.  We also respect the voice of our customers who have knowledge about a particular topic, experience in the field and a distinct point of view.

Ray Overby, Co-Founder KR-Inc.

Application Security: An Oxymoron

BrightTALK

October 16, 2014  1pm CDT

https://www.brighttalk.com/webcast/188/124759

 

Is application security really effective in keeping cyber attackers from stealing data?

z/OS applications that implement security in the application layer can always be exploited. This is an inherently flawed design that enables a cyber attacker to easily bypass the installation security controls.

A severe security code vulnerability, when exploited, allows the bypassing of installation defined controls. Severe security code vulnerabilities reside in the OS layer.

Scanning application layer programs for vulnerabilities will NEVER find a severe security code vulnerability. While there are benefits to scanning application layer programs for application coding or design flaws, you should not expect to find a severe security code vulnerability that will allow a cyber attacker to get access to data.

To successfully manage the z/OS code vulnerability issue requires an interactive and proactive vulnerability management methodology, along with monitoring of critical z/OS functions.

 

BLOGSPOTS

 

THE ANALOGIES PROJECT

 

Mission

 

The aim of the Analogies Project is to help spread the message of information security, and its importance in the modern world.

 

By drawing parallels between what people already know, or find interesting (such as politics, art, history, theatre, sport, science, music and every day life experiences) and how these relates to information security, we can increase understanding and support across the whole of society.

NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY 

NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity on February 12, 2014. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

 

NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.

We are a part of the information security discussion regularly.  Our commitment to listening to customers and helping them understand the big picture conversation from our experience.  Making security, compliance and risk management simple is what we do.