Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Security Predictions

Is it possible to use crowd-sourced security intelligence to predict future events?

For this exercise, experimental web site Security Predictions http://securitypredictions.xyz/ has been built to harness the ‘wisdom of crowds’. 

As first experiment, let's try if we can predict "The Biggest Security Threats Coming in 2018"? 

Take the challenge, anticipate future trends in security - write your prediction in comment there. 

Thanks!
You must sign in to rate content.
(Unrated)

Comments

RE: Security Predictions

I predict few will go to the unknown website due to security concerns!
Richard521Social at 11/22/2017 3:27:18 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Security Predictions

Good point! Just 13 comments (predictions) there so far. Thanks. Hopefully there will be more.
Dragan PleskonjicEnergizer at 11/22/2017 3:41:10 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

If Certificate Trust Issues are ignored, the Qualys: https://ssllabs.com/ssltest/ gives the website a reasonable score. T: if trust issues are ignored: A. Please fix your Certificate Trust. Supports: TLS 1.2, TLS 1.1, TLS 1.0 (Not so good from a PCI DSS point of view.) TLS 1.2 AES 128/256 bits (sha2) AES 128/256 bits (sha1 -- not needed for TLS 1.2) RSA 128/256 with CAMELLIA RSA with 3DES (Weak: NIST does not recommend, still on PCI DSS list until NIST finally rules.) TLS 1.1 AES 128/256 (SHA2) AES 128/256 (SHA1 -- technologically needed for TLS 1.1 but otherwise deprecated.) RSA... RSA with 3DES and SHA1 (Weak) TLS 1.0: Not PCI DSS compliant: One should actually be warning customers to upgrade. AES 128/256 SHA1 (Sad) RSA with 3DES and SHA1 (Weak and deprecated)
Don TurnbladeEnergizer at 11/30/2017 12:52:48 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

I predict that 20% of firms will be 100% PCI DSS compliant with TLS 1.0 and Weak Cryptography by 30 June 2018. I predict the number of TLS compliant with Mitigating Controls will grow in firms with weaker PCI DSS programs. I predict the number of self-assessment self-deceptions on SAQ documentations will grow. Further, I predict the number of ISACA trained IT Auditors with enough training to spot these errors will swell after classes begin to show up at conferences and local chapters. I also predict that IT Audit will still see products out of compliance with PCI DSS for five years after the 30 June 2018 date expressly given in the PCI DSS 3.2 standard even after the two year process to remediate specified in the requirement Appendix 2.2 control is formally closed for Risk Mitigation and Migration Projects. Then, I predict that just like missing patches more than a year old is an automatic IT Auditor Finding, TLS 1.0, SHA1, 3DES, RC4, RC2, and MD5 weak cryptography will become an automatic IT Audit finding as other standards such as GLBA or HIPAA adopt PCI DSS as "Best Practice" standards.
Don TurnbladeEnergizer at 11/30/2017 1:00:42 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

I predict that 20% of firms will be 100% PCI DSS compliant with TLS 1.0 and Weak Cryptography by 30 June 2018. I predict the number of TLS compliant with Mitigating Controls will grow in firms with weaker PCI DSS programs. I predict the number of self-assessment self-deceptions on SAQ documentations will grow. Further, I predict the number of ISACA trained IT Auditors with enough training to spot these errors will swell after classes begin to show up at conferences and local chapters. I also predict that IT Audit will still see products out of compliance with PCI DSS for five years after the 30 June 2018 date expressly given in the PCI DSS 3.2 standard even after the two year process to remediate specified in the requirement Appendix 2.2 control is formally closed for Risk Mitigation and Migration Projects. Then, I predict that just like missing patches more than a year old is an automatic IT Auditor Finding, TLS 1.0, SHA1, 3DES, RC4, RC2, and MD5 weak cryptography will become an automatic IT Audit finding as other standards such as GLBA or HIPAA adopt PCI DSS as "Best Practice" standards.
Don TurnbladeEnergizer at 11/30/2017 1:00:42 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

If Certificate Trust Issues are ignored, the Qualys: https://ssllabs.com/ssltest/ gives the website a reasonable score. T: if trust issues are ignored: A. Please fix your Certificate Trust. Supports: TLS 1.2, TLS 1.1, TLS 1.0 (Not so good from a PCI DSS point of view.) TLS 1.2 AES 128/256 bits (sha2) AES 128/256 bits (sha1 -- not needed for TLS 1.2) RSA 128/256 with CAMELLIA RSA with 3DES (Weak: NIST does not recommend, still on PCI DSS list until NIST finally rules.) TLS 1.1 AES 128/256 (SHA2) AES 128/256 (SHA1 -- technologically needed for TLS 1.1 but otherwise deprecated.) RSA... RSA with 3DES and SHA1 (Weak) TLS 1.0: Not PCI DSS compliant: One should actually be warning customers to upgrade. AES 128/256 SHA1 (Sad) RSA with 3DES and SHA1 (Weak and deprecated)
Don TurnbladeEnergizer at 11/30/2017 12:52:48 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

Good point! Just 13 comments (predictions) there so far. Thanks. Hopefully there will be more.
Dragan PleskonjicEnergizer at 11/22/2017 3:41:10 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

I predict few will go to the unknown website due to security concerns!
Richard521Social at 11/22/2017 3:27:18 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Security Predictions

I predict few will go to the unknown website due to security concerns!
Richard521Social at 11/22/2017 3:27:18 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Security Predictions

Good point! Just 13 comments (predictions) there so far. Thanks. Hopefully there will be more.
Dragan PleskonjicEnergizer at 11/22/2017 3:41:10 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

If Certificate Trust Issues are ignored, the Qualys: https://ssllabs.com/ssltest/ gives the website a reasonable score. T: if trust issues are ignored: A. Please fix your Certificate Trust. Supports: TLS 1.2, TLS 1.1, TLS 1.0 (Not so good from a PCI DSS point of view.) TLS 1.2 AES 128/256 bits (sha2) AES 128/256 bits (sha1 -- not needed for TLS 1.2) RSA 128/256 with CAMELLIA RSA with 3DES (Weak: NIST does not recommend, still on PCI DSS list until NIST finally rules.) TLS 1.1 AES 128/256 (SHA2) AES 128/256 (SHA1 -- technologically needed for TLS 1.1 but otherwise deprecated.) RSA... RSA with 3DES and SHA1 (Weak) TLS 1.0: Not PCI DSS compliant: One should actually be warning customers to upgrade. AES 128/256 SHA1 (Sad) RSA with 3DES and SHA1 (Weak and deprecated)
Don TurnbladeEnergizer at 11/30/2017 12:52:48 PM Quote
You must sign in to rate content.
(Unrated)

RE: Security Predictions

I predict that 20% of firms will be 100% PCI DSS compliant with TLS 1.0 and Weak Cryptography by 30 June 2018. I predict the number of TLS compliant with Mitigating Controls will grow in firms with weaker PCI DSS programs. I predict the number of self-assessment self-deceptions on SAQ documentations will grow. Further, I predict the number of ISACA trained IT Auditors with enough training to spot these errors will swell after classes begin to show up at conferences and local chapters. I also predict that IT Audit will still see products out of compliance with PCI DSS for five years after the 30 June 2018 date expressly given in the PCI DSS 3.2 standard even after the two year process to remediate specified in the requirement Appendix 2.2 control is formally closed for Risk Mitigation and Migration Projects. Then, I predict that just like missing patches more than a year old is an automatic IT Auditor Finding, TLS 1.0, SHA1, 3DES, RC4, RC2, and MD5 weak cryptography will become an automatic IT Audit finding as other standards such as GLBA or HIPAA adopt PCI DSS as "Best Practice" standards.
Don TurnbladeEnergizer at 11/30/2017 1:00:42 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.