The InfoSec Blog

System Integrity: Without Integrity you don’t have Security

Related Posts
Recent Posts
Archives
Technorati
Subscribe

Enter your email address:

Delivered by FeedBurner

Search

infosecblog Web
emergence SI Site
Categories
Advertisments
July 29th, 2010

RIM vs. Indian government continues

By Anton Aylward

http://www.zdnet.com/blog/india/rim-vs-indian-government-continues/135?tag=nl.e539

… and the UAE.

RIM is between a rock and a hard place.
They say no to this and they loose a market; and the Indian market is big. They say yes to this and the customers don’t trust them, so why should they buy RIM rather than some other insecure service? Read the rest of this entry »

Posted in Human Factors, Politics & Economics, Privay, Risk, Social | No Comments
July 21st, 2010

When organizations put a lot of eggs in one basket – desktop side

By Anton Aylward

http://www.zdnet.com/blog/virtualization/when-organizations-put-a-lot-of-eggs-in-one-basket-desktop-side-of-the-story/2103?tag=nl.e539

This is a chicken-little story.

We’ve been putting many computer eggs in one hardware basket for a long, long time.
What do you think mainframes running MVS and VM/CMS were?
What were things like air traffic control?

The ‘desktop’ is a fuzz concept that gets confused with a GUI.
Those mainframes – think airline ticket and reservation – could handle many hundreds of remote terminals, keeping them updated.

What’s a dumb terminal if not the ultimate in ‘thin clients’? Read the rest of this entry »

Posted in Linux, Politics & Economics, Rants and Raves | No Comments
July 14th, 2010

IAM – Basics – Policy

By Anton Aylward

If there’s one thing that upsets me when I see articles and posting to forums about policy, its mention of a “Password Policy”. I have to step away from the keyboard, go outside and take some deep breaths to calm down.

I get upset because policy is important and developing — and more importantly communicating — policy has been an important part of my career and the professional service I offer. Policies need to be easy to understand and follow and need to be based on business needs.

If you begin with a list of policies, you end up adapting the the reality of your business – the operations – to the list. You are creating a false sense of security. You need to address what you need to control, and that is Identity and Access.

Lets face it, passwords, as Rick Smith points out in his book “Authentication“, are not only awkward, they are passée – even Microsoft thinks so. More to the point, using passwords can be bad for your financial health.

They should be used with care and not as a default.

And they should most certainly NOT be entombed in a corporate policy statement. Read the rest of this entry »

Posted in Failures, Policy, Rants and Raves | No Comments
July 3rd, 2010

Gartner: Hosted Virtual Desktops Are the Catalyst Behind Changing

By Anton Aylward

Read the rest of this entry »

Posted in Failures, Privay, Risk, Security, Standards | No Comments
|

The InfoSec Blog is powered by WordPress | Using Tiga theme with a bit of Ozh Feed Shark