September 8, 2018 Policy Vs Procedure When discussing ISO27000, my friend Gary Hinson wrote: The terms in the triangle or pyramid shape are generally listed in the reverse sequence, the…
July 2, 2016 Nobody wants to pay for security, including security companies https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…
June 26, 2016 Brexit: What’s Next for Privacy, Policing, Surveillance? http://www.databreachtoday.com/brexit-whats-next-for-privacy-policing-surveillance-a-9225 Now we’re getting over the “how could that do THAT!” shock stage and starting to think what the operational, rather than just the…
July 5, 2015 Cyber, Ciber or Syber? Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to…
May 9, 2015 Tracking kids via microchip ‘can’t be far off,’ says expert http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…
May 1, 2015 Can We Secure the ‘Internet of Other People’s Things’? http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well.
May 1, 2015 Cyber general: US satellite networks hit by ‘millions’ http://www.forensicmag.com/news/2015/04/cyber-general-us-satellite-networks-hit-millions-hacks I wonder what they consider to be a hack? The wording in the in the article is loose enough to mean that if…
April 30, 2015 U.S. Defense Secretary Carter emphasizes culture change needed to http://www.scmagazine.com/ash-carter-spoke-at-stanford-university/article/411392/ Yes the government needs a culture change if it is to address its own and the national issues pertaining to security, technological, in…
March 21, 2015 Review: “Penetration with Perl” by Douglas Berdeaux Douglas Berdeaux has written an excellent book, excellent from quite a number of points of view, some of which I will address. Packt Publishing…
November 19, 2014 Should all applicable controls be mentioned in documenting an ISMS? In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…
November 15, 2014 This is not the IoT you want. http://www.cnet.com/products/quirky-outlink/ If I plug in an IDE drive or a SATA drive or a USB drive or device my mobo or system recognizes what…
August 4, 2014 14 antivirus apps found to have security problems http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…
April 21, 2014 What Applicants Should Ask When Interviewing For An InfoSecurity Position http://www.informationsecuritybuzz.com/applicants-ask-interviewing-information-security-role/ Well what would you ask? These seem to be the kind of questions that might be asked by someone with a strong technical…
April 21, 2014 Data on a Train http://www.informationsecuritybuzz.com/daily-commute-mean-data/ The latest intelligence on Al-Qaeda, a high profile Child Protection report and plans for policing the London 2012 Olympics; three very different documents…
January 25, 2014 Most CEOs clueless about cyberattacks http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…
December 30, 2013 Former Head Of Airport Security: ‘The TSA Couldn’t Save You From http://www.businessinsider.com/problems-with-tsa-2013-12 Based on the demonstrated persistence of their enemies, I have a lot of respect for what Israeli security achieves. Back to Verb vs…
August 31, 2013 On ‘paranoia’ – revisiting “Paid to be paraoid” My fellow CISSP and author Walter Jon Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…
August 25, 2013 The Truth About Best Practices An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…
May 30, 2013 Confusion over Physical Assets, Information Assets – Part Two So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…
May 30, 2013 Confusion over Physical Assets, Information Assets in ISO-27000 I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…
