anton chuvakin

Anton is on a plane to California. Thanks to modern technology - scheduled posting - he just posted his take on how not doing application logging.

If you are into software development, you might find his insights to very useful.

Anton posted about Cyber Security Plans.

I follow you 100%, Anton! There has been a large number of these hijacks lately, and it is obvious that being paranoid is not enough.

It is due time to set up your cyber security plan, and as a bare minimum I suggest it should include:

• list of all your profiles online, with your log in.
• list of all your IM/e-mail and other communication tools, with log in
• list of other sites/tools that requires you to log on.
• The lists above should also include each sites URL or contact information for changing passwords, or in worst case shutting them down.
• a friends-list who you trust, and who are willing to help you get back your own life online. The purpose is to have them help you rebuild your internet presence. Make sure you agree some way for them to be certain that they are communicating with you, and not someone else.
• in case you are living in a less secure part of the world, being 0wned online may also mean you are a target in the real world. A friend of mine got attacked online, and then the appartment was broken into. Nothing but memory cards, pins and similar computer storage was stolen. Makes you wonder, right?

The list will grow. Please help me - what should the Cyber Security Plan look like? What would you do if the worst happens?

In the blogosphere there are a few bloggers who stand out. Amongst security bloggers, one of my absolute favorites are Dr. Anton Chuvakin. He is extremely knowledgeable, and he dares have his saying. He is also one of the bloggers in the security space that has the highest production rate I believe.

Anton is also the co-author of the book Security Warrior.

Anton came to security after reading the book Maximum Security by Anonymous. It was an awakening, and Anton knew what to do in his life. He claims he still do not know who wrote the book.

For Anton, Information Security is not obvious, even if it sounds like it: A: information security is about two thing: "securing" and "information", not only fighting hackers, fixing vulns, blocking attacks, protecting networks, deploying appliance, configuring firewalls, etc.

Nowadays, information pretty much makes the world go round and the missing of security is to protect information C-I-A: confidentiality (of course, for confidential info), integrity and availability for legitimate use. Yes, there are various extensions to the CIA formula, but it does describe the picture adequately for our purposes.

On key impacts IS has on business, Anton says:

A: In short: IS protects business information.

That is why it is called IS - "information security." As far as the impact of security on business, it might be dramatic and negative or dramatic and positive or none.

What determines the above choice is how well you understand the risks you face. If you have no idea what risks you face and then you go and buy a lot of security gear and use it to block random things, you are guaranteed a negative impact.

And if you know the top risks, you invest in security wisely and thus allow the business to, well, "do business." :-)

Anton is the evangelist at LogLogic. As such, he has hands on knowledge on the challenges business meet regarding information security.

A: Regulatory challenges: more new regulations, more details on the existing regulations, more bad regulations, the whole pile :-) It will have sometimes good and sometimes bad impact on security.

Commercialized, professional hacking (this has been beaten to death, so - no more comments)

Data governance (and, especially, identity information governance): who can access data, who does, who has the data, what do they do with it, etc. This will be growing in importance for at least a few years.

You can read more about Anton at his website.

Anton has his Security Warrior blog.

He is the evangelist at LogLogic.

His book is available at Amazon!

And the book PCI Compliance is available at Amazon as well!