Schneier on Security

Catastrophic issues in security can occur, but there are ways to recover.

Speaking at RSA Conference in San Francisco, Bruce Schneier, CTO of Resilient Systems, highlighted the Sony Pictures attack as being an interesting case as it brings catastrophic risk uses to the fore, and not catastrophic as in a life ending sense, but in company terms.

He highlighted seven ways in which a catastrophic incident could be dealt with. Firstly he recommended keeping it internal to "incapsulate the catastrophic risk", secondly consider that attackers on two axes of skills and focus and with someone who is low skilled but has a high focus would use a basic APT, but in the case of Sony this was low skills and low targets. "Why this matters for security is the difference between absolute and low security; it doesnt matter how good security is, be more secure than the other guy and in a high skill high focus they want you," he said…

Coverage of this interview also appeared in International Business Times.

As well as being a renowned cryptographer, influential security expert and outspoken conference favourite, Bruce Schneier has had his share of coverage in recent months as the Prism story unfolded. He chose to leave his position as BT’s security futurologist at the end of last month and has now turned his hand to incident response.

Schneier recently left BT, who acquired his company Counterpane in 2006, to join Co3 Systems as chief technology officer this month. I began by asking him what attracted him to a relatively unknown company…