IT leaders share their tips on how to keep pace with technology change.
The Indian government is working on its operating system named BOSS, and it’s planning on ditching any kind of Microsoft-related application.
When faced with a business challenge, business leaders often have a good idea where they need to go and how they must evolve. But there is often a mismatch in how prepared they perceive their organization to be, and the cold, hard reality within their walls. This is especially true when it comes to the challenges associated with the way digital technology is reshaping our future.
My name is Jim Salter, and I’m a professional Linux sysadmin and developer. I’m the chief technologist of Openoid, and the author and developer of its product, Sanoid, an open source project that aims to make your servers functionally immortal. But, somewhat unusually for people who have taken the full plunge, I didn’t start out that way.
Cybersecurity experts aren’t like you or I, and now we have the evidence to prove it. Researchers at Google interviewed more than 200 experts to find out what security practices they actually carry out online, and then spoke to almost 300 non-experts to find out how they differ. Perhaps unsurprisingly, the security experts practice what they preach – or, at least, they tell Google they do. They’re more likely to use two-factor authentication, to install software updates, and avoid visiting shady websites. Even for practices that are subject to healthy debate within the security community, actions speak louder than words: the experts are more likely to run anti-virus software and to use password managers than non-experts.
For the last few months, I’ve been working full time and talking with colleagues about a new way for security executives to measure the effectiveness of security programs. In very important ways, the ideas are new and non-obvious, and at the same time, they’re an evolution of the ideas that Andrew and I wrote about in the New School book that inspired this blog. I’m super-excited by what I’ve learned. I’m looking to grow the team and talk with security executives at large organizations, and so I’m saying a little more, but not “launching” or sharing a lot of details. This is less about ‘stealth mode’ and more about my desire to say factual and interesting things.
What’s important is that a big bank has taken steps to release software developed in house to meet its own needs to developers outside its organization. It’s even more important that, in the process, it’s jumping on the open source bandwagon, even if reserving the right to keep some software proprietary.
The cracks in the armor of most enterprise websites are many including recurring holes in OpenSSL, PHP, and WordPress and are largely due to a combination of extensive customizations paired with a shortage of testing and fixing of vulnerabilities when compared with that of long-standing commercial OS software. CSO Magazine traverses the treacherous terrain of the massive security craters present in today’s websites. Find out what it takes to fix these holes from the start and throughout the development life cycle.
Learn Nmap and related tools. Learn some other port and vulnerability scanners. Use them. Also learn your distribution’s commands and utilities for managing ports. Shut down any open, unused ports. One company I know has only two, at most three, ports open on the external network. That makes them a very hard target indeed. The bad guys may find and attack those ports. Then again, they may just go looking for easier targets.