June 20, 2009 Audit Frequency In one of the forums I subscribe to the question came up “How often should one carry out an internal audit?” There were variations…
May 4, 2009 OWASP Top Ten is really the OWASP Top 6.5 Image via Wikipedia http://secureme.blogspot.com/2005/10/owasp-top-ten-is-really-owasp-top-65.html This is somewhat dated, but so what? Most of the points raised still hold valid. It opens: CIO/CSO: “I just…
January 4, 2009 Is it the end of the road for LiveCDs? Image via Wikipedia http://www.freesoftwaremagazine.com/columns/it_end_road_live_cds No. I don’t think so! The price of recordable DVDs is now under $0.22 each That’s roughly 60 times cheaper…
August 22, 2008 A sign of the times It seems that many people in HR don’t realise that the interview is a two-way street. Not only are they trying to find out…
August 20, 2008 Why would anyone choose Linux when they already have Windows? http://blogs.techrepublic.com.com/window-on-windows/?p=760&tag=nl.e101 I could go through a litany of complaints I have about Linux. I could complain about the confusing number of distributions. I could…
July 18, 2008 Business Logic Flaws Toronto – OWASP This month’s meeting was about layer 7 errors in web applications. Trey Ford was a fast spoken Texan and gave some…
August 30, 2007 FMEA as a risk assessment methodology To my mind FMEA is not only easier than TRA, but it focuses the mind on two key issues – survival and recovery (see MTTR) – that TRA doesn’t.
August 20, 2007 Spam, baseline and ROI calculation We know that anti-spam (and for some, AV) is a necessary baseline. (I’ll avoid using the ‘diligence’ words for now.) But here is a…
April 6, 2007 Make your policy generic, not specific Some of us security types were discussion policy, login notices and the like. Someone commetned on a badly written poicy about the use of…
March 15, 2007 Separation of Duties: InfoSec, IT and Audit A colleague who had the opportunity to restructure the role of his InfoSec department asked for advice about defining the roles and duties and…
December 8, 2006 US-CCU Check List US-CCU has just finished the final release version of their cyber-security check list. A bookmarked pdf copy of it is temporarily available for download…