Tag Archive for: role

The Role of Global Digital Identity Management in Telecommunications and Internet Security

/in


Building Trust in the Digital Age: The Role of Global Digital Identity Management in Telecommunications and Internet Security

In the digital age, trust has become a paramount concern for individuals and businesses alike. As we increasingly rely on digital platforms for communication, commerce, and entertainment, the need for robust security measures has never been more critical. One of the key components in this digital security landscape is the concept of global digital identity management, particularly in the realms of telecommunications and internet security.

Global digital identity management refers to the process of creating, managing, and securing digital identities. A digital identity is essentially a collection of data attributes that uniquely identify an individual, device, or entity in the digital world. This can include everything from usernames and passwords to biometric data and behavioral patterns. In the context of telecommunications and internet security, digital identity management plays a crucial role in verifying the identities of users, ensuring the integrity of communications, and protecting against fraud and cyber threats.

The importance of digital identity management in telecommunications cannot be overstated. With the advent of 5G technology and the Internet of Things (IoT), the number of connected devices is set to explode, each requiring a unique digital identity. Managing these identities securely is crucial to prevent unauthorized access and ensure the privacy and integrity of communications. Moreover, as telecommunications companies move towards more personalized services, the ability to accurately identify and authenticate users becomes even more critical.

In the realm of internet security, digital identity management is equally vital. As we spend more of our lives online, our digital identities become targets for cybercriminals. Identity theft, phishing attacks, and data breaches are just some of the threats that individuals and businesses face. By implementing robust digital identity management systems, we can better protect ourselves against these threats. These systems can help verify the identities of users, authenticate transactions,…

Source…

Microsoft takes pains to obscure role in 0-days that caused email breach

/in


Microsoft takes pains to obscure role in 0-days that caused email breach

Getty Images | Aurich Lawson

On Friday, Microsoft attempted to explain the cause of a breach that gave hackers working for the Chinese government access to the email accounts of 25 of its customers—reportedly including the US Departments of State and Commerce and other sensitive organizations.

In a post on Friday, the company indicated that the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory, an identity service that manages single sign-on and multifactor authentication for large organizations. Microsoft’s Threat Intelligence team said that Storm-0558, a China-based hacking outfit that conducts espionage on behalf of that country’s government, exploited them starting on May 15. Microsoft drove out the attackers on June 16 after a customer tipped off company researchers of the intrusion.

Above all else: Avoid the Z-word

In standard parlance among security professionals, this means that Storm-0558 exploited zero-days in the Microsoft cloud services. A “zero-day” is a vulnerability that is known to or exploited by outsiders before the vendor has a patch for it. “Exploit” means using code or other means to trigger a vulnerability in a way that causes harm to the vendor or others.

While both conditions are clearly met in the Storm-0558 intrusion, Friday’s post and two others Microsoft published Tuesday, bend over backward to avoid the words “vulnerability” or “zero-day.” Instead, the company uses considerably more amorphous terms such as “issue,” “error,” and “flaw” when attempting to explain how nation-state hackers tracked the email accounts of some of the company’s biggest customers.

“In-depth analysis of the Exchange Online activity discovered that in fact the actor was forging Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key,” Microsoft researchers wrote Friday. “This was made possible by a validation error in Microsoft code.”

Later in the post, the researchers said that Storm-0558 acquired an inactive signing key…

Source…

CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief

/in


HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company.

Reporting and budget

Historically, the CISO reports to the CIO, and this remains the most common reporting structure. Not all CISOs agree with this because of the inherent conflict of interest between IT and security. Both Burkey and Cross believe it is right for some companies, but wrong for others.

There’s no one size fits all solution to the hierarchy issue, says Burkey. “Every company has a different culture and different value prop; and it is these that determine the right location for the CISO.”

Cross has a very similar view. “There is no right or wrong answer to this,” he says. “It is dependent on the company culture and the business landscape how things should best be structured.” Supporting this, he notes that Dell’s structure is slightly unusual. “I report to a chief security officer who reports to general counsel, who reports to the CEO.” A stronger than usual integration with Legal could be considered important for a firm working across multiple jurisdictions with different privacy and data security requirements.

Joanna Burkey, CISO at HP
Joanna Burkey, CISO at HP

Budget is always an issue for any CISO – getting sufficient funds to do what is important. One of the weaknesses in having the CISO report to the CIO is that it is still common for the security budget to be taken as a percentage of the IT budget. But security has grown beyond IT alone. 

“Cybersecurity is a strategic horizontal in most enterprises,” comments Burkey. “Cyber is important everywhere and it is really important that the funding model and the financial partnerships for cyber span the enterprise.”

Achieving this is complex and governed by the individual business landscape. “I’ve seen different models that can work,” she continued. “Budget could be received from a single source, such as the CFO or CTO, but…

Source…

The Russia-Ukraine war is causing some to rethink the role of offensive cyber operations in armed conflict

/in


The impact of Russia’s offensive cyber operations against Ukraine appears to be muted. (Image credit: Juanmonino via Getty)

For some, the horror of the Russian invasion of Ukraine was also meant to mark the dawn of a new era in modern warfare: one in which degrading your enemy’s capabilities through cyberspace would play an important — perhaps even decisive — role in determining success on the real-world battlefield.

As militaries and societies grew ever more connected to and reliant on the internet to run, so too would the cyberspace domain grow in importance in combat, and nowhere was that supposed to be demonstrated more clearly than in Russia’s war, where their elite and well-resourced military hacking units could cut off Ukraine’s access to power, water and other essential resources, disrupt their communications, wipe out large swaths of private and public sector systems and data, and smooth the way for ground troops to dominate their Ukrainian counterparts.

In reality, the impact of offensive cyber operations appears to have been far more muted.

While the initial invasion did, in fact, come with a flurry of hacking campaigns against many of these targets as Russian troops crossed the border, the cadence of those campaigns have dropped markedly in the months following and have seemingly failed to provide Moscow with any meaningful advantage on the ground.

The experience has some U.S. observers advising that we collectively pump the breaks on the idea — formally endorsed by the U.S. military and others governments — that cyberspace is now a fully fledged domain of war, comparable to land, air, sea and space. That’s one of the chief conclusions reached by Jon Bateman, a former cyber specialist at the Pentagon who has served as an advisor to the chairman of the Joint Chiefs of Staff and the secretary of defense on military and cyber strategy, in a paper released shortly before the new year.

“I think it’s fair for U.S. military and NATO and others to define cyber as an operational domain. That can be a helpful doctrinal concept. I think where it becomes misleading is when military and civilian leaders then assume that cyberspace is as consequential or major as…

Source…