September 20, 2016 UN privacy head slams ‘worse than scary’ UK surveillance bill http://www.theregister.co.uk/2015/11/10/un_privacy_head_slams_uk_surveillance_bill/ Two points in this caught my attention. Cannataci also argued forcefully that mass surveillance was not the way to handle the threat from…
September 19, 2016 Some thoughts on the performance of SSD RAID 0 arrays My Friend Alan Rocker and I often discuss ideas about technology and tradeoffs. Alan asked about SSDs for Linux: > I haven’t been following…
July 2, 2016 Nobody wants to pay for security, including security companies https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…
March 22, 2016 Cyber risk in the business https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/ The take-away that is relevant : Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one…
November 8, 2015 The fatal flaw in IT Risk management Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…
July 5, 2015 Cyber, Ciber or Syber? Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to…
November 19, 2014 Should all applicable controls be mentioned in documenting an ISMS? In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…
January 25, 2014 Most CEOs clueless about cyberattacks http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…
August 25, 2013 The Truth About Best Practices An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…
February 16, 2013 The #1 Reason Leadership Development Fails http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed up with…
October 2, 2012 An “11th Domain” book. http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a…
September 14, 2012 Learning to Counter Threats – Skills or Ethics? Fellow CISSP Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning…
July 2, 2012 Tight budgets no excuse for SMBs’ poor security readiness http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…
March 23, 2012 Social Engineering and sufficency of awareness training Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…
February 8, 2012 Upside and downside: How I hate Journalists http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait,…
July 21, 2011 Economic Impact: Patent trolls chase app developers out of the U.S http://www.linuxfordevices.com/c/a/News/Kootol-joins-Lodsys-as-a-patent-troll/?kc=LNXDEVNL072111 The Debt ceiling crisis will pass; even if there is a crash, the USA can recover from it … IF its core economic…
July 8, 2011 He’s not Ian Paisley I was at a presentation yesterday. One of the vendor’s speakers, I’m sorry to say, was a CISSP. OK, he wasn’t Ian Paisley or…
March 1, 2011 Security and efficiency You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…
February 24, 2011 Are *YOU* ready to give up yet? Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to…
January 16, 2011 Black Swan: “levels only experienced on average once every 500 to http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere, scientists have come to…
