The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Rants and Raves

February 10, 2012

Please Realize That Piracy is a Service Problem.

http://www.forbes.com/sites/insertcoin/2012/02/03/you-will-never-kill-piracy-and-piracy-will-never-kill-you/ The full article is a bit wordy, and manages to avoid lecturing about how the media industry failed at “service” when it came…

February 8, 2012

Upside and downside: How I hate Journalists

http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait,…

January 24, 2012

The Death of Antivirus Software

http://www.infosecisland.com/blogview/19386-The-Death-of-Antivirus-Software.html The real issue here isn’t Ubuntu, or any other form of Linux. Its that AV software doesn’t work. PERIOD. There are over 50,000…

August 7, 2011

Using ALE … inappropriately

Like many forms of presenting facts, not least of all about risk, reducing complex and multifaceted information to a single figure does a dis-service…

August 6, 2011

Schneier on Security: Hacking Cars Through Wireless Tire-Pressure

http://www.schneier.com/blog/archives/2010/08/hacking_cars_th.html A few alarming things here. More nanny State : In other words, the nanny state is forcing upon us expensive and insecure systems…

August 6, 2011

Would you buy a computer from a company like this?

http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html Its not a camera, its computer that takes pictures Its not a car, its a computer that gets you from place to place…

August 6, 2011

Fwd: How Quality Drives the Rise and fall of hi-tech products

http://sloanreview.mit.edu/the-magazine/2011-summer/52403/how-quality-drives-the-rise-and-fall-of-high-tech-products I’m dubious. On the one hand I recall a book titled “In Search of Stupidity“, which I strongly recommends reading, its about the…

August 4, 2011

Mistaken Thinking – Risk not threats

Via a LinkedIn posting in the Infosecurity magazine forum titled “Internet Threats Posed By Mobile Devices: How Can We Prevent Them?” I came to…

July 2, 2011

The Question of Residual Risk value

People keep asking questions like If the risk equation I use is Impact * Probability, when it comes to calculating the residual risk value…

July 1, 2011

Compliance? What Compliance?

Sometimes I wonder why we bother … The Securities and Exchange Commission doesn’t just enforce the rules that govern Wall Street. When asked, it…

June 21, 2011

In praise of OSSTMM

In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…

April 18, 2011

Requirements for conducting VA & PT – Take 2

Soe people ae under the mistaken impression that a Pen Test simulates a hacker’s action.  We get ridiculous statements in RFPs such as: The…

April 15, 2011

Requirements for conducting VA and PT tests

On one of the lists I subscribe to I saw someone make this alarming comment: There may be better and cheaper ways, but I…

March 1, 2011

Security and efficiency

You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…

January 31, 2011

IT AUDIT VS Risk Assessment – 1

We were discussing which should be done first and someone commented: Many times, we find that the Control Objectives and controls become prominent before…

January 16, 2011

Black Swan: “levels only experienced on average once every 500 to

http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere, scientists have come to…

January 6, 2011

Risk due to network administrators

Someone on a forum I subscribe to suggested that there is a major risk of network administrators misusing their privileges. Why admins rather than…

January 6, 2011

What drives the RA? Need or Fashion?

A colleague in InfoSec made the following observation: My point – RA is a nice to have, but it is superfluous. It looks nice…

December 14, 2010

Cell phone risks

Image by Getty Images via @daylife I hope somebody’s thinking seriously about the implications of this: http://www.theregister.co.uk/2010/12/14/us_army_smartphones_4_all/ Israel has already seen some consequences of…

December 3, 2010

All Threats? All Vulnerabilities? All Assets?

One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…

Posts navigation

Previous 1 2 3 … 5 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme