Fred Cohen, PhD, Principal Consulting Analyst
Dr. Fred Cohen is widely considered to be one of the leading security/risk experts in the world. He is best known as the person that defined the term “computer virus” and inventor of the most widely used computer virus defense techniques. Dr. Cohen was also the principal investigator whose team defined information assurance as it relates to critical infrastructure, did seminal research in the use of deception for information protection, a leader in the science digital forensic examination and leading information protection consultant and analyst.
He has authored over 200 published research articles, authored several books and established Masters and Ph.D. security programs now part of Webster University. In 2002 Dr. Cohen revived the “Techno-Security Industry Professional of the Year” award and in 2009 he was named the “most famous hacker of all time” by ABC news.
- Information security
- Privacy Beyond Compliance (PBC)
- Security information intelligence and sharing
- Data governance and architectures
- Security Governance
- Risk Management
- Security Management
- Control Architecture
- Security Architecture
Recently Published Research
Enterprise Information Protection
The Future of Information Sharing
Over the past decade cybersecurity professionals have increasingly focused on the potential value of cybersecurity information aggregation and sharing, particularly through the Information Sharing and Analysis Centers (ISACs). To date there are 21 ISACs providing industry-specific intelligence to a range of Industries from Power and Water to Healthcare to Financial Services and Information Technology. In an attempt to gain greater awareness of current and future threats, many organizations are aggregating these information feeds as well as commercial and native sources. This shared cybersecurity information includes shared intelligence data, threat intelligence , malware updates and other security-centric data.
In theory, cybersecurity information security makes sense: knowledge is power and shared knowledge is far more efficient than each organization implementing its own native threat intelligence center. In practice, however — as discussed in this report — the utility of shared cybersecurity data and best practices for leveraging this shared information requires much more than just connecting to the threat intelligence tap. Specifically, organizations must focus on the types of information to be shared/collected; how this intelligence information supports the organization’s unique cybersecurity activities; how best to analyze and distribute this intelligence; and, how to prevent intelligence overload. In this report we also assess how the information sharing program should evolve within the enterprise. This document will help our clients determine the specific information to aggregate and how to best use this shared information to turn intelligence data into actionable intelligence.
Machine Learning and Artificial Intelligence on Big Data for Cybersecurity
The use of machine learning and artificial intelligence for cyber-security are nothing new. But the availability of larger data sets and the evolution of techniques applicable to big data have produced a new generation of systems that improve efficiency and utility. The need for far greater scale brought about by the dramatic increase in the number of users, uses, and systems involved, has driven the development of machine learning and artificial intelligence for cyber-security.
The basic technological changes involve mathematical algorithms that examine large data sets containing known bad and known good samples. These methods create equations that cluster known “good” and “bad” samples and differentiate them from each other, then apply those same equations to new samples to classify them as “good” or “bad”. This can then be applied to any of a wide range of problems, including many of those of cyber-security.
The enterprise benefits of these emerging technologies are economies of scale, efficiency of labor, and detection in areas not previously addressed.
This report discusses; (1) the basics of these techniques, (2) the words used to describe them and what those words mean, (3) the limitations, benefits, and costs of these techniques, and (4) their application to CySec today and into the future. It then discusses product types emerging in the markets and the current and likely future utility of applying these product types to enterprises.
In this report, we investigate this emerging trend, and what should be the next steps for TechVision Research clients.