February 10, 2012 Please Realize That Piracy is a Service Problem. http://www.forbes.com/sites/insertcoin/2012/02/03/you-will-never-kill-piracy-and-piracy-will-never-kill-you/ The full article is a bit wordy, and manages to avoid lecturing about how the media industry failed at “service” when it came…
February 8, 2012 Upside and downside: How I hate Journalists http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait,…
January 24, 2012 The Death of Antivirus Software http://www.infosecisland.com/blogview/19386-The-Death-of-Antivirus-Software.html The real issue here isn’t Ubuntu, or any other form of Linux. Its that AV software doesn’t work. PERIOD. There are over 50,000…
August 7, 2011 Using ALE … inappropriately Like many forms of presenting facts, not least of all about risk, reducing complex and multifaceted information to a single figure does a dis-service…
August 6, 2011 Schneier on Security: Hacking Cars Through Wireless Tire-Pressure http://www.schneier.com/blog/archives/2010/08/hacking_cars_th.html A few alarming things here. More nanny State : In other words, the nanny state is forcing upon us expensive and insecure systems…
August 6, 2011 Would you buy a computer from a company like this? http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html Its not a camera, its computer that takes pictures Its not a car, its a computer that gets you from place to place…
August 6, 2011 Fwd: How Quality Drives the Rise and fall of hi-tech products http://sloanreview.mit.edu/the-magazine/2011-summer/52403/how-quality-drives-the-rise-and-fall-of-high-tech-products I’m dubious. On the one hand I recall a book titled “In Search of Stupidity“, which I strongly recommends reading, its about the…
August 4, 2011 Mistaken Thinking – Risk not threats Via a LinkedIn posting in the Infosecurity magazine forum titled “Internet Threats Posed By Mobile Devices: How Can We Prevent Them?” I came to…
July 2, 2011 The Question of Residual Risk value People keep asking questions like If the risk equation I use is Impact * Probability, when it comes to calculating the residual risk value…
July 1, 2011 Compliance? What Compliance? Sometimes I wonder why we bother … The Securities and Exchange Commission doesn’t just enforce the rules that govern Wall Street. When asked, it…
June 21, 2011 In praise of OSSTMM In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…
April 18, 2011 Requirements for conducting VA & PT – Take 2 Soe people ae under the mistaken impression that a Pen Test simulates a hacker’s action. We get ridiculous statements in RFPs such as: The…
April 15, 2011 Requirements for conducting VA and PT tests On one of the lists I subscribe to I saw someone make this alarming comment: There may be better and cheaper ways, but I…
March 1, 2011 Security and efficiency You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…
January 31, 2011 IT AUDIT VS Risk Assessment – 1 We were discussing which should be done first and someone commented: Many times, we find that the Control Objectives and controls become prominent before…
January 16, 2011 Black Swan: “levels only experienced on average once every 500 to http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere, scientists have come to…
January 6, 2011 Risk due to network administrators Someone on a forum I subscribe to suggested that there is a major risk of network administrators misusing their privileges. Why admins rather than…
January 6, 2011 What drives the RA? Need or Fashion? A colleague in InfoSec made the following observation: My point – RA is a nice to have, but it is superfluous. It looks nice…
December 14, 2010 Cell phone risks Image by Getty Images via @daylife I hope somebody’s thinking seriously about the implications of this: http://www.theregister.co.uk/2010/12/14/us_army_smartphones_4_all/ Israel has already seen some consequences of…
December 3, 2010 All Threats? All Vulnerabilities? All Assets? One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…