The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: Security

July 2, 2016

Nobody wants to pay for security, including security companies

https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…

March 22, 2016

Cyber risk in the business

https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/ The take-away that is relevant : Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one…

July 5, 2015

Cyber, Ciber or Syber?

Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to…

March 21, 2015

Review: “Penetration with Perl” by Douglas Berdeaux

Douglas Berdeaux has written an excellent book, excellent from quite a number of points of view, some of which I will address. Packt Publishing…

January 11, 2013

Another Java bug: Disable the java setting in your browser

http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a…

September 14, 2012

Learning to Counter Threats – Skills or Ethics?

Fellow CISSP  Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning…

August 8, 2012

Steve Wozniak: Cloud Computing Will Cause ‘Horrible Problems In The

http://www.businessinsider.com/steve-wozniak-cloud-computing-will-cause-horrible-problems-in-the-next-five-years-2012-8 Perhaps The Woz isn’t the influence he once was, and certainly not on Wall Street and the consumer market place. The unbounded RAH-RAH-RAH…

March 7, 2012

The 19 most maddening security questions | Security – InfoWorld

http://www.infoworld.com/d/security/the-19-most-maddening-security-questions-187983 An interesting list, since it covers issues of public structural security. I recall reading that the greatest contribution to the health of individuals…

August 7, 2011

Using ALE … inappropriately

Like many forms of presenting facts, not least of all about risk, reducing complex and multifaceted information to a single figure does a dis-service…

June 21, 2011

In praise of OSSTMM

In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…

July 14, 2010

IAM – Basics – Policy

If there’s one thing that upsets me when I see articles and posting to forums about policy, its mention of a “Password Policy”. I…

June 29, 2010

You don’t need a Firewall Security Policy

A member of a discussion list I subscribe asked for a Firewall Policy template. A usual, I was alarmed enough by this to want…

May 19, 2010

The Classical Risk Equation

What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following…

March 26, 2010

A Security Policy needs to be abstract not specific

Image via Wikipedia There’s much I don’t like about many of the published security policies an the ones I see in use at many…

February 28, 2010

The FBI risk equation

It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x…

December 27, 2009

Throwing in the towel

I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense,…

November 18, 2009

How much would you give up your laptop for?

http://tech.yahoo.com/blogs/null/154866;_ylt=Av2YyMlmiE8ERpzUwD020zUWLpA5 Remember all those journalists doing the “give you password or a chocolate bar” articles? Well this seems a lot more realistic – giving…

November 13, 2009

The Cost of patching

I saw this assertion go by and it stood out: The bigger cost would be the cost of not patching. Such items as downtime…

October 24, 2009

How Many Deaths?

Here http://thecipblog.com/?author=3 I found this quote: “In order to be designated ‘critical information infrastructure’, how many deaths would the failure of a network have…

October 6, 2009

About creating Corporate IT Security Policies

As I’ve said before, you should not ask yourself what policies to write but what you need to control.  If you begin with a…

Posts navigation

1 2 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme