Better late than never, or horse gone now we can lock the barndoor?
I'm not sure what they're doing though I would hope that other companies take things a bit more seriously than Sony did.
Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
It's in their culture. When I read something like the following, I can't help but thinking that Sony does not, and is likely to never, take any responsibility for themselves.
The company's also tossed a sueball at Twitter, asking it to remove Tweets containing screenshots of purloined documents or face future action over any losses Sony incurs.
In other words, they don't get it. In the corporate world there's no cure for that.
It also potentially involves thousands of innocent job losses, 10x in indirect jobs, TV shows you probably didn't even know were made by Sony (Breaking Bad for example), Not to mention all their other divisions that generally make very good hardware (Sony current lineup of cameras destroy anything by Canon and Nikon), of course the PS4, then there is the medical imagining equipment. Lets hope you don't ever need medical imagining diagnostics by Sony equipment. What will you do?
You idiotic comment is typical of many. Someone told you all Sony movies were trash, and you were too lazy to actually see if it was true, or any different from any other movies studios output (it's not. They all produce shite, as guess what, idiot consumers like shite...)
This is mean and bad for the workers and all, but I cannot stop laughing. How much is it going to take for these companies to realize that hey, they should be proactive, not reactive about their security. The very fact that they are looking for these people NOW, seems like it opens them up for gross negligence suits.
Actually, out of all the noise on the Sony pictures hack, only 1 single story has anything I agree with, a cheap and easy way for companies of all sizes to reduce the risk to virtually zero. (as zero as it can be in online connected world), it's this one...
Downvote me all you want, as you despise Google or whatever. But anyone that's got any knowledge of security, there are some very compelling arguments this guy mentions, and I firmly believe had Sony Pictures used this (of course, with enforced 2-factor auth group policy), they would not be seeing their current security problems.
No, what the article describes is basically offshoring your data center. It offers no more security than the example with which he contrasts the use of Google's services with the added illusion that everything will be handled by Google. Additionally, while conventional data centers offer a well-known set of challenges and requirements, people who are not up to properly managing a data center are apt to me equally ill-prepared to analyze the requirements of cloud-based data services. To paraphrase, "There are ways to put the absolutely most secret things on local servers. They just require a little work to secure."
I'm sure Twitter must be quaking in its boots. I wonder if they will have any difficulty proving to a judge that any losses incurred by Sony are Sony's fault entirely, and Twitter should counter-attack with a libel charge for being accused of having a hand in Sony's abysmal stupidity.
Bring it on, Sony. You have a bigger lawsuit warchest than you have for security, so go and prove that you are indeed as stupid as you look now.
Frankly I'd like a lawsuit to be filed, just to be able to read how a judge punted it out of the courtroom and fined Sony for contempt of court.
Man I wish that could happen.
Employing hackers to handle your security is not a wise move. By being a hacker, they have shown they are irresponsible. You p1ss them off, they will turn on you.
You are also setting a very dangerous precedent that rewards hacking with lucrative jobs.
It's an ex-Sony employee that started all this. They might not have turned the ignition, but they stole the keys...
From all I hear one of the problem was that Sony had a very uniform computing architecture. How else could some malware infect nearly all of their systems. If systems were different in every department, the chance of a worm spreading in between them would be a lot slimmer.
This is a classic example of the exact opposite of what is really needed. The prevalent technocentric approach to infosec has got us where we are, so doing more of it will not improve our state of security.
What is really needed (and in my experience as a security consultant is almost universally missing) is a robust security management framework consisting of  a strategy that defines the security priorities of the organisation in terms of risk,  tactics for addressing the priorities, and  operational processes that fulfil the requirements defined by the tactics and strategy. The framework essentially needs to include monitoring and feedback to ensure that [a] perceived risk continues to accurately represent reality as things change, [b] control objectives have a realistic chance of protecting against threats, and [c] controls that actually work.
Appointing techie "hackers" to oversee the security of a vast corporate (or indeed a government, as we seem to be doing here in the UK) is about as useful as appointing a bricklayer (however skilled) to oversee the building of a city.
We need to wake up to the reality that information security is primarily a problem of business process management. Yes - we can be attacked via technologies and we use technologies extensively to protect ourselves, but as in the case of JP Morgan http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ it's in BAU management that the weaknesses mostly manifest themselves.
Biting the hand that feeds IT © 1998–2019