I tweeted this article out yesterday, but wanted to go ahead and add a few comments. I have personally read a few of these books and many of the others are on my reading list. I am a particular fan of “The Phoenix Project” for anyone who has worked in an IT shop, specifically one in Retail. I started seeing co-workers on every page. Gene Kim and team did an excellent job capturing the realities and hopes of DevOps.
I also just finished “SpamNation”. Kudos to Brian Krebs for all of his efforts to make all of us safer from criminals and spambots the world over. I also want to complement the Epilogue. Mr. Krebs took the time to provide some very sound advice to his readers.
This is a great read for anyone debating the cost benefit analysis around holistic security and the demands of compliance specific standards like HIPAA and PCI. It only takes one breach to bring security efforts and their costs into focus.
This type of regulation is an excited and necessary next step to try and curb the fraud surrounding online transactions. That said for those of us in the United States, we should not get too terribly excited as regulatory changes in Europe seem to take several additional years before they trickle down to us and US industry generally. However, a move to stronger and more consistent 2-factor authentication in the EU will mean better optional implementations in the US.
I have very happy to see this level of preparedness on the part of energy officials in South Korea. Threats to critical infrastructure are certainly real and in some cases more eminent than we care to admit. All nation states should have tested and realistic plans to deal with these type of threats. Such a practice is not reactionary or alarmist, but instead prudent and pragmatic.
This is lovely news to ponder on the Friday morning before Christmas! Be aware and conscious of these types of threats. Update firmware and/or replace your routers and firewalls with more hardened devices. Tis’ not the season you want to be vulnerable to the bad guys.
For the record, I vote for “better defense”. Much of the IT security community agrees that these attacks against Sony were probably not directly engineered by players in North Korea. That said, retaliation gets us no closer to a solution. As I wrote yesterday, this is not a tit for tat situation. The US must manage this at a much larger and more practical level. A best first step would be the strengthening of this country’s cyber defense stance followed by a mechanism to encourage the same in all significant business and economic sectors.
Not sure why this flew under the radar, but it is a scary proposition…
This is just one link to one of dozens of articles concerning the Sony breach and the subsequent pulling of “The Interview” from movie theaters around the country. I like many of you am both angered and frustrated at this entire situation, from Sony’s response to the conjecture of retaliatory attacks by the US government against North Korea.
First and foremost, this entire situation is an example of cyber-bullying targeted at the US Constitution and its freedom of expression as well as the very nature of capitalism in a free market society. Every American should be outraged that the acts of one nation state could influence what appears at an American theater. It really is that simple. Corporate America is bowing to the whim of a violent dictator. We are setting a very dangerous precedent by allowing this to happen.
Secondly, Sony is clearly not guiltless in this situation either. Like most instances of bullying, Sony was not prepared for conflict. They found themselves cornered on the playground with their IT pants pulled down around their ankles due to a complete and utter disregard for proper cyber defenses. Other corporations desperately need to take notice and prepare themselves. There are plenty of bullies on the playground of our world’s economic stage and the environment is ripe for a wave of similar extortion attempts and cyber attacks.
Finally, retaliation in the forms being bantered around via public media outlets is not the answer. There are no real value-added cyber targets in North Korea and the attack itself was clearly outsourced to players located in other locations throughout the world. Retaliation and retribution need to come in the form of real world controls. This is not a tit for tat situation. At the end of the day, the American infrastructure is under attack, either physically or economically, and that kind of threat should be handled in a serious manner and at the highest levels of government. As citizens, we have a right and responsibility to demand this of our elected officials. Do not be lulled into thinking this is just about a silly movie and the bruised egos of the Hollywood elite.
This is a great conversation from a budget management perspective. Building strong relationships with your Accounting team can be very profitable long term.
I think this is a great next step in the evolution of website management and development. Now is certainly the time to take this into consideration as you plan resources in 2015.