cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

I have seen this way too often ...

 

EQuPK43UYAAkoP0

 


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
11 Replies
Highlighted
Community Champion

Re: I have seen this way too often ...

"Why are you banging that pot?"

    "To keep the tigers away."

"There are no tigers here."

    "Aren't you glad it works so well?

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Community Champion

Re: I have seen this way too often ...

Such is the life of today's CISO. They get no respect.

Highlighted
Community Champion

Re: I have seen this way too often ...

@AppDefects @rslade @CraginS The average life span of a CISO within an organisation is 26 months currently.   So how long would a virtual CISO last?  Twice as long or less?

 

Regards

 

Caute_cautim

Highlighted
Community Champion

Re: I have seen this way too often ...

The full report is shown here:  ttps://www.securitymagazine.com/articles/91652-new-survey-reveals-ciso-stress-and-the-toll-it-takes

 

The benefits and disadvantages of a virtual CISO are shown here including the ISACA report 2019 indicating there is only 72% of all organisations with CISOs.

 

https://linfordco.com/blog/virtual-ciso/

 

Regards

 

Caute_cautim

 

 

Highlighted
Community Champion

Re: I have seen this way too often ...

The first time I saw this in a really big way was the Michelangelo virus in 1992.
Despite the fact that it was real (I have copies, including the only extent copy on
a 3 1/2 inch floppy) it is still described, in histories and media reports, as a "hoax."
Extending from my own, personal experience, I can say that the predictions of
numbers of infections, and the fallout, had we *not* warned people, were not
exaggerated at all.

I think the most unfair aspect was that I was trying desperately to get the word
out and not really getting any response from the local media. My baby brother
didn't believe the virus actually existed, but, at literally the eleventh hour, 11 pm
on March 4th (1992 being a leap year, and the virus counting dates by number of
days into the year it triggered on March 5th of 1992) he finally tried out the AV
scanner I had given him, and, lo and behold, his computers were infected. He
alerted his church, and found that their computers were infected. And just who
was it who got his picture in the paper the next morning? Right. My baby
brother.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
It doesn't matter if the cup is half full or half empty.
Whatever's inside it is evaporating either way.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: I have seen this way too often ...

@rslade  Was he promoted or blamed for the incident?  Or did anyone really believe him?

 

A history lesson:  the first use of the term "virus" was to refer to unwanted computer code occurred in 1972, in a science fiction novel, "When Harley was One", by David Gerrold.   Fred Cohen formally defined the computer virus in 1983.  It appears computer viruses were being written by individuals, although not named such, as early as 1981 on early Apple II computers.

 

Apparently, In November 1983, Fred Cohen (then a doctoral student in electrical engineering, at the University of Southern California) presented the idea of a computer virus to a computer security class led by Len Adelman.  He demonstrated five prototype viruses on a VAX II/750 running Unix.  Each virus obtained full control of the system within an hour.  Cohen later showed that similar results could be obtained on a Tops-20 system, a VM/370 system, and a VMS system.

 

Regards

 

Caute_cautim

Highlighted
Community Champion

Re: I have seen this way too often ...

I have seen this but I guess I was lucky, very early on, a competitor called my CEO and said:

 

"you have been hit with a virus"

 

My CEO: flabbergasted and upset, called me.  "his exact words.......WHY HAVEN'T YOU TOLD ME WE WERE HIT"

 

My response "by what" or "by who"

 

My CEO "well Joe from XYZ corp said we had a virus (specific name not important)"

 

My response "not that I am aware of, but please give me 1/2 hour to check into it"

 

About an hour later:

 

My response " we have checked and checked and we cannot find any trace of that virus or any other malware in our environ"

 

My CEO "are you sure, because if I find out differently, you are fired"

 

My response " if you think I am lying, please just fire me now.....however, can we find out where "Joe" got his information"

 

My CEO "good point" and goes on the call Joe.  

 

Turns out, Joe's corp had been hit and the techs said, well if we got hit so did they, they are not as good as we are, because we have all the bells and whistles in place.

 

My CEO, then laughed out loud and told Joe that he would be happy to have his staff provide training to his folk......wow, 

 

After that, and through an education program we were able to instill a mentality with Sr. Management that it was not a matter of if but when..............

 

Lucky for me, I stayed in that ISO role for close to twenty years.......(ooops, showing my age again)

 

Security is typically the last thing on their minds and only when bad things happen do they realize it's there so CISOs need to remind them of the risks, etc on a regular basis and yes getting time with them is difficult and sometimes impossible but persistence does pay off.

 

d

 

Highlighted
Advocate I

Re: I have seen this way too often ...

I've been told viruses are a hoax by a CIO (my boss at the time) and that all us security folks are absolutely delusional ... And a couple of month later we got ransomware in the network via an outdated flash plugin, worked until 3am to clean it up and restore from backups.  He shortly after went back to the delusional, there are no risks stance.  You just can't reason with stupid.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Community Champion

Re: I have seen this way too often ...

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

>   A history lesson:  the first use of the term "virus" was to refer to
> unwanted computer code occurred in 1972, in a science fiction novel, "When
> Harley was One", by David Gerrold.

Unfortunately, although the term virus is used, H.A.R.L.I.E. was not actually a
virus, or viral in any way, simply an experiment in aritificial intelligence.
"Shockwave Rider" talks about a "tapeworm," but, again, there is no sign of
replication. The first real fictional account of something with a viral type of
activity is probably "The Adolescence of p-1," published in 1977 (so it still
predates Fred's formal work, but doesn't use the term "virus").

>   Fred Cohen formally defined the computer
> virus in 1983.  It appears computer viruses were being written by individuals,
> although not named such, as early as 1981 on early Apple II computers.  
> Apparently, In November 1983, Fred Cohen (then a doctoral student in electrical
> engineering, at the University of Southern California) presented the idea of a
> computer virus to a computer security class led by Len Adelman.

It was Len who coined the term "virus." Fred hadn't really given the concept a
name when he presented it, although his thesis and later dissertation used the term.

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468