April 30, 2015 U.S. Defense Secretary Carter emphasizes culture change needed to http://www.scmagazine.com/ash-carter-spoke-at-stanford-university/article/411392/ Yes the government needs a culture change if it is to address its own and the national issues pertaining to security, technological, in…
March 21, 2015 Review: “Penetration with Perl” by Douglas Berdeaux Douglas Berdeaux has written an excellent book, excellent from quite a number of points of view, some of which I will address. Packt Publishing…
November 19, 2014 Should all applicable controls be mentioned in documenting an ISMS? In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…
November 15, 2014 This is not the IoT you want. http://www.cnet.com/products/quirky-outlink/ If I plug in an IDE drive or a SATA drive or a USB drive or device my mobo or system recognizes what…
August 4, 2014 14 antivirus apps found to have security problems http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…
April 25, 2014 OpenBSD forks, prunes, fixes OpenSSL http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/#ftag=RSS86a1aa4 Interesting, eh? At the very least, this will apply a ‘many eyes’ to some of the SSL code and so long as the…
April 22, 2014 Film or digital? Do you recall Alan Cooper‘s book “The Inmates are running the Asylum”? He makes the case that once you put a computer in something…
April 21, 2014 What Applicants Should Ask When Interviewing For An InfoSecurity Position http://www.informationsecuritybuzz.com/applicants-ask-interviewing-information-security-role/ Well what would you ask? These seem to be the kind of questions that might be asked by someone with a strong technical…
April 21, 2014 Data on a Train http://www.informationsecuritybuzz.com/daily-commute-mean-data/ The latest intelligence on Al-Qaeda, a high profile Child Protection report and plans for policing the London 2012 Olympics; three very different documents…
January 25, 2014 Most CEOs clueless about cyberattacks http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…
December 30, 2013 Former Head Of Airport Security: ‘The TSA Couldn’t Save You From http://www.businessinsider.com/problems-with-tsa-2013-12 Based on the demonstrated persistence of their enemies, I have a lot of respect for what Israeli security achieves. Back to Verb vs…
November 2, 2013 Canada’s counter terrorism strategy https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/trrrst-thrt-cnd/index-eng.aspx Here in Kanukistaniland, Vic Toews (remember him? Check back to February of last year to see an example of him being idiotic in…
October 23, 2013 Linux Archive file systems – ext3 vs reiser vs … ? So what’s the best file system to use for archiving and data storage rather than the normal usage? Won’t that depend on … a)…
August 31, 2013 On ‘paranoia’ – revisiting “Paid to be paraoid” My fellow CISSP and author Walter Jon Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…
August 25, 2013 The Truth About Best Practices An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…
May 30, 2013 Confusion over Physical Assets, Information Assets – Part Two So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…
May 30, 2013 Confusion over Physical Assets, Information Assets in ISO-27000 I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…
May 14, 2013 Does ISO 27001 compliance need a data leakage prevention policy? On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…
March 26, 2013 What is the goal behind calculating assets in ISO-27000? My friend and colleague Gary Hinson said about asset valuation in ISO-27000 So, for instance, it’s hard to say exactly how much the HR…
March 15, 2013 “Paid to be paranoid” Read the first four paragraphs of this: http://hollylisle.com/shoes-and-handbags/ Forget the rest, forget that its about ‘creative writing’, just answer that question. Bruce Schneier among…
