Your SlideShare is downloading. ×
2012 09 Isc2 Info Security Professional Magazine Raj Goel Interview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2012 09 Isc2 Info Security Professional Magazine Raj Goel Interview

195

Published on

InfoSecurity Professional Magazine\'s September 2012 interview with Raj Goel

InfoSecurity Professional Magazine\'s September 2012 interview with Raj Goel

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
195
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Q&A EXPERTS ADDRESS TRENDING SECURITY TOPICSBeyond Security AwarenessTALKING ABOUT SECURITY IS NOT ENOUGH. WE ALL NEED TOACT ON SECURITY PRACTICES.RAJ GOEL, CISSP, is CTO of Take HIPAA for example: You are aBrainlink International, Inc. and doctor. If your records go missing,an IT and infosecurity expert who you are personally liable for thatdevelops security solutions for data loss. The customer records arevarious industries. Senior Manag- lost, and the organization is helding Editor Joyce Chutchian spoke accountable for any breached data.with Raj about the state of IT In the cloud, if your vendorsecurity. loses data, the vendor is not liable. You are liable. I’m working withQ: You’ve written and spoken a nonprofit, underprivileged health-lot about social media threats and care organizations, and they wantrisks. What are your biggest concerns? to be compliant. They don’t have the budget, so First of all, there is the myth that cybercrime they are moving to Google Apps. Google says notand financial fraud is a recent concept, when in to use Google Apps for HIPAA or PCI. Vendorsfact, the problems started in the 1934 to 1936 era, have been carefully insulating themselves fromwhen the IRS issued Social Security cards. Your any liability without telling the customer. There isSocial Security number became your de facto ID no lemon law for cloud computing. If Google losesnumber, and it’s still used today, despite all the your data…oops! The liability is yours.corruption and identity fraud. I give a popular talk at conferences, on how Q: What can we do about this?social media and the cloud are over-collecting We need to educate everyone aged 18 to 60.worldwide, especially for the under-18 popula- This means educate ourselves, management, fami-tion. Kids who were born in 1983 and beyond have lies, and other members of our society who helpgrown up with computers. They do everything enforce the laws, design and pass them. Don’t justonline like SMSing and chatting. As teenagers, collect a paycheck. Be involved as citizens of ourthey are not wired to think of 34-year-old threats. society and in politics. As security professionals,We have built a surveillance engine; everything we are all citizens, and we are all consumers. It isa 12-year-old says online will never be forgotten. our charter that we have to be in the front lines ofAnd what they say and what their friends do and protecting fellow citizens, whether it be attorneys,say, whether it be on a game website, retail or Face- accountants, teachers, parents, medical profes-book, will follow them and haunt them for the rest sionals, etc. Go talk to your local parent/teacherof their lives. It’s all stored in the cloud, and they school groups. Talk to the Boy Scouts and Girldon’t even know what the cloud really is. Scouts; local attorneys and bar associations. I have spent more than fifteen years reading theQ: What are your biggest concerns about the cloud law on security—and it’s not how you can configureright now? a firewall, it’s how you can create a security policy. From a technical perspective, there is no clear Encrypt your laptop. Don’t be lazy. It’s not enoughdefinition of what the cloud is. Some people are to be educated—you need to enforce awareness. Justrelabeling it as private hosting, and private data cen- because a security question asks you for your moth-ters are relabeling it as the cloud. From a legal per- er’s maiden name, doesn’t mean you have to usespective—under current U.S. federal law—what the her real name. Change your passwords frequently.cloud gives you technically, it takes from you legally. Don’t just talk about security, act on it. ISSUE NUMBER 19  INFOSECURITY PROFESSIONAL  21

×