"The issue in cybersecurity
in particular is the defenders have to defend all the points of entry
and every line of code and the bad guys just have to find one flaw. When
you implement methods to eliminate classes of problems that is helpful,
this is a well known type of problem that has been around for a long
time." -Isaac Potoczny-Jones
Wednesday, April 9, 2014
Quote for Portland Business Journal: Heartbleed
I was recently quoted in the Portland Business Journal in an article about the HeartBleed vulnerability.
Heartbleed: A great time to think about incident response
Heartbleed is the nickname of a dangerous OpenSSL vulnerability that was just announced. A security update was already available before the announcement, and this is definitely a vulnerability where quickly patching makes a big difference. A fast response matters here because malware wasn’t in the wild yet, so many sites likely can prevent any negative consequences with quick action.
The necessity for rapid response to vulnerabilities illustrates why you should have an incident response procedure in place. An incident response procedure allows for a measured, planned response to a security incident like this one. In this blog post, we’ll walk you through the basics of putting together an incident response plan, mostly based on NIST’s incident response process.
Subscribe to:
Posts (Atom)