John Pescatore

Type: Person
Name: John Pescatore
First reported Aug 27 2014 - Updated Aug 27 2014 - 1 reports

Want to protect your EHR from hackers? Secure those mobile devices

Hackers used malware to penetrate Community Health Systems' firewall, and once inside, they made off with some 4.5 million medical records — a staggering but not surprising number to cyber security professionals.While the uninformed may ask how such a ... [Published Government Health IT - Aug 27 2014]
First reported Aug 25 2014 - Updated Aug 25 2014 - 5 reports

Breach Response: Are We Doing Enough?

What lessons can be learned from recent high-profile breaches? IT security experts John Pescatore of the SANS Institute and Ron Ross of NIST explain how organizations can work to mitigate the new-style data breach threat. Listen to the conversation. ... [Published BankInfoSecurity.com - Aug 25 2014]
First reported Aug 19 2014 - Updated Aug 19 2014 - 1 reports

Every EHR's weakest link

When asked to rate the security of typical electronic health records, SANS Institute senior analyst John Pescatore answered: 9.At first blush that might even seem positive, but in the world of IT and information security where the phrase “five 9’s” — ... [Published Government Health IT - Aug 19 2014]
First reported Aug 15 2014 - Updated Aug 15 2014 - 1 reports

Insider security threats: Negligence is a data loss double bogey

News roundup: Pro golfer Rory McIlroy inadvertently revealed his passcode on live TV, highlighting how easy it is to inadvertently reveal sensitive information. Plus: BlackBerry and Google issue updates, and Gartner hit with Magic Quadrant lawsuit.In ... [Published SearchSecurity.com - Aug 15 2014]
First reported Aug 13 2014 - Updated Aug 13 2014 - 1 reports

Attacker could use default defibrillator password to launch denial of service

Jay Radcliffe freaked out the medical community in 2011 when he revealed how insulin pumps could be hacked to deliver a fatal dose of insulin ( pdf ). Yet at a medical device security and privacy roundtable discussion at Black Hat, Radcliffe said “it ... [Published NetworkWorld - Aug 13 2014]
First reported Jul 24 2014 - Updated Jul 24 2014 - 1 reports

What should I look for in a Next Generation Firewall? SANS Provides Guidance

With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different. John Pescatore of SANS Institute originally coined the phrase and now explains what he suggests enterprises look for when ... [Published ITworld.com - Jul 24 2014]
First reported Jul 24 2014 - Updated Jul 24 2014 - 1 reports

Continuous Diagnostics and Mitigation: Making It Work--A SANS Survey

/PRNewswire-USNewswire/ -- The Continuous Diagnostics and Mitigation (CDM) program is improving the security levels at federal agencies that are taking advantage of the program, according to a new SANS survey on CDM adoption. In it, 44% of those who reported ... [Published WGNT - Jul 24 2014]
First reported Jun 03 2014 - Updated Jun 03 2014 - 1 reports

Threat intelligence versus risk: How much cybersecurity is enough?

This article can also be found in the Premium Editorial Download "Information Security magazine: Threat intelligence and risk: Why cybersecurity hangs in the balance."Download it now to read this article plus other related content.Security officers who ... [Published SearchSecurity.com - Jun 03 2014]
First reported May 09 2014 - Updated May 09 2014 - 1 reports

Verizon DBIR: Incident Noise and Attack Patterns Mapped to Top 20 Critical Security Controls

In our Security Connected discussions, security leaders routinely ask “Where do I invest for results? How do I communicate the risk reduction impact of security investments to the Board?” Now there’s practical assistance on which controls count and why: ... [Published McAfee Blogs - May 09 2014]
First reported Apr 15 2014 - Updated Apr 15 2014 - 1 reports

What’s Needed Now: Supply Chain Integrity Testing

Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply ... [Published Security Bloggers Network - Apr 15 2014]
First reported Apr 11 2014 - Updated Apr 12 2014 - 6 reports

NSA denies exploiting Heartbleed bug to gather data

WASHINGTON — The National Security Agency denied Friday that it knew about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence.According to people familiar ... [Published Denver Post - Apr 12 2014]
First reported Apr 10 2014 - Updated Apr 10 2014 - 1 reports

How Quickly Will the Web Bandage the Heartbleed Hole?

Finding a software bug such as Heartbleed is the hard part. Pushing out the fix is relatively easy. But forcing people to update their machines? Total crapshoot.Every couple of years, a mega-flaw is discovered in some key part of the Internet's infrastructure. ... [Published Bloomberg - Apr 10 2014]

Quotes

..."The dirty secret of security is that about 80 percent of what we do is make up for deficiencies in IT operations," Pescatore says. "wait a minute; why isn't that windows system configured securely; why isn't the system patched? that isn't security's job; that's it operations."
...will require significant process change and skill enhancement," says John Pescatore , author of the report and senior director at SANS Institute. "this sans survey showed that government security managers are worried about the training and staffing they will need to make the change from the traditional compliance-focused annual audit approach."

More Content

All (25) | News (18) | Reports (0) | Blogs (7) | Audio/Video (0) | Fact Sheets (0) | Press Releases (0)
sort by: Date | Relevance
Want to protect your EHR from hackers? Secure t... [Published Government Health IT - Aug 27 2014]
Breach Response: Are We Doing Enough? [Published BankInfoSecurity.com - Aug 25 2014]
Breach Response: Are We Doing Enough? [Published CareersInfoSecurity.com - Aug 25 2014]
Breach Response: Are We Doing Enough? [Published HealthcareInfoSecurity.com - Aug 25 2014]
Breach Response: Are We Doing Enough? [Published GovInfoSecurity.com - Aug 25 2014]
Breach Response: Are We Doing Enough? [Published InfoRiskToday - Aug 25 2014]
Every EHR's weakest link [Published Government Health IT - Aug 19 2014]
Insider security threats: Negligence is a data ... [Published SearchSecurity.com - Aug 15 2014]
Attacker could use default defibrillator passwo... [Published NetworkWorld - Aug 13 2014]
What should I look for in a Next Generation Fir... [Published ITworld.com - Jul 24 2014]
Continuous Diagnostics and Mitigation: Making I... [Published WGNT - Jul 24 2014]
Threat intelligence versus risk: How much cyber... [Published SearchSecurity.com - Jun 03 2014]
Verizon DBIR: Incident Noise and Attack Pattern... [Published McAfee Blogs - May 09 2014]
What’s Needed Now: Supply Chain Integrity Testing [Published Security Bloggers Network - Apr 15 2014]
NSA denies exploiting Heartbleed bug to gather ... [Published Denver Post - Apr 12 2014]
NSA hackers said to have used Heartbleed bug fo... [Published Pittsburgh Tribune Review - Apr 12 2014]
The NSA Knew About Heartbleed And Did Nothing (... [Published Techdirt - Apr 11 2014]
UPDATED: NSA Denies Claims That It Knew About H... [Published Techdirt - Apr 11 2014]
The NSA Knew About Heartbleed And Did Nothing (... [Published Techdirt - Apr 11 2014]
NSA exploited Heartbleed bug for two years to g... [Published Financial Post | Business » FP Tech Desk - Apr 11 2014]
NSA Said to Have Used Heartbleed Bug, Exposing ... [Published Bloomberg - Apr 11 2014]
How Quickly Will the Web Bandage the Heartbleed... [Published Bloomberg - Apr 10 2014]
DDoS Attacks – A Mainstream Occurrence and Disr... [Published Security Bloggers Network - Mar 20 2014]
A Social Summary of SANS ICS Security Summit 2014 [Published The Smart Grid Security Blog - Mar 19 2014]
SANS Institute Tackles Emerging Security Threat... [Published PR Newswire - Mar 11 2014]
1
In Focus
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Content Volume
Document Volume
Network
Network

Blogs

sort by: Date | Relevance
Verizon DBIR: Incident Noise and Attack Pattern... [Published McAfee Blogs - May 09 2014]
In our Security Connected discussions, security leaders routinely ask “Where do I invest for results? How do I communicate the risk reduction impact of security investments to the Board?” Now there’s practical assistance on which controls count and why: ...
What’s Needed Now: Supply Chain Integrity Testing [Published Security Bloggers Network - Apr 15 2014]
Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply ...
UPDATED: NSA Denies Claims That It Knew About H... [Published Techdirt - Apr 11 2014]
Update: The NSA has denied the Bloomberg report , briefly stating that the agency "was not aware of the recently identified Heartbleed vulnerability until it was made public." We'll continue to update as more information emerges. The internet ...
The NSA Knew About Heartbleed And Did Nothing (... [Published Techdirt - Apr 11 2014]
The internet is still reeling from the discovery of the Heartbleed bug, and yesterday we wondered if the NSA knew about it and for how long. Today, Bloomberg is reporting that the agency did indeed know about Heartbleed for at least the past two ...
NSA exploited Heartbleed bug for two years to g... [Published Financial Post | Business » FP Tech Desk - Apr 11 2014]
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter ...
1 2
Contact Us
Sales
Support


Freebase CC-BY Some image thumbnails are sourced from Freebase, licensed under CC-BY

Copyright (C) 2014 Silobreaker Ltd. All rights reserved.
The selection and placement of stories and images on any Silobreaker page are determined automatically by a computer program.
The time or date displayed reflects when an article was added to or updated in Silobreaker.