Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Perspectives of a Security Maverick written by Kenneth F. Belva

Kenneth F. Belva

Kenneth F. Belva is the Publisher and Editor-in-Chief of bloginfosec.com. He currently manages an Information Technology Risk Management Program for a bank whose assets are Billions of dollars. He reports directly to the Senior Vice President and Deputy General Manager (CFO).

ITsecurity.com recognized him as one of the top information security influencers in 2007.

In 2009, he was published in the Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause. He also co-authored one of the central chapters in Enterprise Information Security and Privacy, edited by Warren Axelrod, Jennifer L. Bayuk and Daniel Schutzer.

In addition to his daily corporate responsibilities, he is currently the Vice President of the New York Metro Chapter of the Information Systems Security Association (ISSA). In 2008, he served as an Advisor to the Board. During 2006-2007 he was the Chair of the Public Relations Committee as an active Board Member. In this role Mr. Belva was in charge of communication between the Chapter and other information security related professional organizations.

He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement.

He recently co-authored a paper entitled “Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security” with Sam Dekay of The Bank of New York. In 2005 he authored the contrarian paper: “How It’s Difficult to Ruin A Good Name: An Analysis of Reputation Risk” which was a leading paper on the impact of security breaches on stock prices.

He taught as an Adjunct Professor in the Business Computer Systems Department at the State University of New York at Farmingdale. Mr. Belva is credited by Microsoft and IBM for discovering vulnerabilities in their software. He is the author of the chapter “Encryption in XML” in Hackproofing XML published by Syngress.

Mr. Belva previously held the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) certifications and has passed the Certified Information Security Manager (CISM) exam.

Mr. Belva frequently presents at information security conferences around the US as well as globally. He writes on day-to-day information security experiences in a non-essay format at SecurityMaverick.com.

H1N1 Threat Overblown? Information Security Relevance? A Logic Proof

January 27, 2010 – 6:00 am – “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular flu.” That’s a paraphrase of what some colleagues said to me. This sentiment is now echoed in the mainstream…
Posted in CSO/CISO Perspectives, Security in Popular Culture | Tagged , , , | Comments (1)

Cloud Computing Security at Newsweek

January 26, 2010 – 6:00 am – Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…
Posted in CSO/CISO Perspectives, Compliance and Laws, Cybercrime, General, InfoSec Economics, Privacy | Tagged , , , , , , , | Comments (0)

The Google / China Hack: What you won’t read elsewhere

January 14, 2010 – 6:00 am – Google may leave China after a major hack. That’s the headline.  Yahoo! even joined in denouncing the attack. Google and the mainstream media give the impression that the compromise is the reason Google will leave. It seems unlikely to me: the hack is the straw that may break the…
Posted in CSO/CISO Perspectives, Compliance and Laws, Cybercrime, General, Information Security News | Tagged , , , , , | Comments (3)

Network Solutions “Hacked Account” Demonstrates Incompetence

January 7, 2010 – 5:00 am – When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other companies but this is an interesting case. As professionals we view being hacked as something we defend against. While some…
Posted in Cybercrime, General, Security in Popular Culture, Technical | Tagged , , , , , , , , | Comments (2)

US Drones Hack: It’s The Same Old Story

December 18, 2009 – 11:00 am – CNN reports that Iraqi insurgents were able to hack and view live feeds from US Spy Drones. The vulnerability was a non-technical one. The article summarized the issue as thus: The official said that many of the UAV feeds need to be sent out live to numerous people at one time, and encryption was…
Posted in Cybercrime, Security in Popular Culture, Technical | Tagged , , , , , , , , , | Comments (0)