Q: There is a renewed push for companies to
weaken encryption methodologies so governments can more easily access data during investigations, what impact would such policies
have on your organization / constituents?
Q: Does your organization use NIST for cybersecurity management? Would you recommend
other organizations have this framework?
Whether it’s NIST or some other type of framework, getting an overall framework established
My opinion is that if an agency embeds back-
and set up is vital. While they may be struc-
door keys into encryption, no one will use that
tured differently, cybersecurity frameworks
encryption any longer and other approaches
translate to each other pretty well. You can
will be used. I wouldn’t use it since as we have
start by doing very basic things like verifying
seen the government is often compromised
your inventory and hardware, figuring out your
(see the OPM break in issue) and as such my
assets and resources, and starting from there
data would not be secure. Any serious actor in
the world would simply use a different method
so this would only work on the lowest level of
criminal activity. Thus, completely ineffective.
Solutions Engineer, OSHEAN
Network Engineer, OSHEAN
Dr. Doug White meets with students.
Q: Have hacktivists like Anonymous caused
you to change your approach to security?
In many ways, they’re the vigilantes of the
Q&A with Our OSHEAN Members
OSHEAN members are the engines behind IT transformation
within their organizations. Join us as we profile different
members each month.
DR. DOUG WHITE
network and that microwave is full of security
Professor of Networking, Security and Forensics
at Roger Williams University
compromises, this is a huge threat. Much like
the early Wi-Fi problems where people were
Q: As the ‘Internet of things’ becomes more of bringing in Wi-Fi nodes and attaching them in
their offices, this will require new protocols
a reality, what steps must organizations take
to protect sensitive data?
and restrictions to prevent creating difficult to
Testing and training will have to expand. If I
spot security threats.
Q: In such complex IT environments, how do
you balance security and usability?
Internet. They pose a threat to certain people/
groups who have done wrong by them or who
represent socioeconomic, political, or criminal
If you don’t have an easy, reliable way for users
injustices. Yet they rarely (if at all) act as a col-
to do their jobs day-to-day, they will find one
lective, going after random targets.
on their own. For example, if your organization
More importantly is knowing what information
doesn’t have a good IM client that is easy to use
you (or your organization) holds that could be
and reliable, your employees may begin using
of value to hackers. This enables you to deter-
applications like Facebook’s chat function to
mine what the target landscape looks like. Un-
transfer business files. Having good interac-
derstanding the threats better positions you to
tions with your users and educating them on
implement measures to protect against those
the right way to do things allows you to deter-
threats regardless of the underlying motiva-
mine their needs and build good solutions to
tion. The motivation isn’t as important as what
you’re actually susceptible to.
can attach a microwave oven to the company