The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Security

September 8, 2018

Policy Vs Procedure

When discussing ISO27000, my friend Gary Hinson wrote: The terms in the triangle or pyramid shape are generally listed in the reverse sequence, the…

July 2, 2016

Nobody wants to pay for security, including security companies

https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…

June 26, 2016

Brexit: What’s Next for Privacy, Policing, Surveillance?

http://www.databreachtoday.com/brexit-whats-next-for-privacy-policing-surveillance-a-9225 Now we’re getting over the “how could that do THAT!” shock stage and starting to think what the operational, rather than just the…

July 5, 2015

Cyber, Ciber or Syber?

Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to…

May 9, 2015

Tracking kids via microchip ‘can’t be far off,’ says expert

http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…

May 1, 2015

Can We Secure the ‘Internet of Other People’s Things’?

http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well.

May 1, 2015

Cyber general: US satellite networks hit by ‘millions’

http://www.forensicmag.com/news/2015/04/cyber-general-us-satellite-networks-hit-millions-hacks I wonder what they consider to be a hack? The wording in the in the article is loose enough to mean that if…

April 30, 2015

U.S. Defense Secretary Carter emphasizes culture change needed to

http://www.scmagazine.com/ash-carter-spoke-at-stanford-university/article/411392/ Yes the government needs a culture change if it is to address its own and the national issues pertaining to security, technological, in…

March 21, 2015

Review: “Penetration with Perl” by Douglas Berdeaux

Douglas Berdeaux has written an excellent book, excellent from quite a number of points of view, some of which I will address. Packt Publishing…

November 19, 2014

Should all applicable controls be mentioned in documenting an ISMS?

In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…

November 15, 2014

This is not the IoT you want.

http://www.cnet.com/products/quirky-outlink/ If I plug in an IDE drive or a SATA drive or a USB drive or device my mobo or system recognizes what…

August 4, 2014

14 antivirus apps found to have security problems

http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…

April 21, 2014

What Applicants Should Ask When Interviewing For An InfoSecurity Position

http://www.informationsecuritybuzz.com/applicants-ask-interviewing-information-security-role/ Well what would you ask? These seem to be the kind of questions that might be asked by someone with a strong technical…

April 21, 2014

Data on a Train

http://www.informationsecuritybuzz.com/daily-commute-mean-data/ The latest intelligence on Al-Qaeda, a high profile Child Protection report and plans for policing the London 2012 Olympics; three very different documents…

January 25, 2014

Most CEOs clueless about cyberattacks

http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…

December 30, 2013

Former Head Of Airport Security: ‘The TSA Couldn’t Save You From

http://www.businessinsider.com/problems-with-tsa-2013-12 Based on the demonstrated persistence of their enemies, I have a lot of respect for what Israeli security achieves. Back to Verb vs…

August 31, 2013

On ‘paranoia’ – revisiting “Paid to be paraoid”

My fellow CISSP and author Walter Jon  Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…

August 25, 2013

The Truth About Best Practices

An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…

May 30, 2013

Confusion over Physical Assets, Information Assets – Part Two

So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

Posts navigation

1 2 … 9 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme