May 31, 2015 Misnomer I’ve written before how government agencies misuse terminology associated with information security but it seems to persist and continues to mislead. The latest is…
August 18, 2011 TV kills! I keep telling everybody that TV is injurious to your (mental) health, but does anyone listen? Why should they? They didn’t when Gerry Mander…
June 21, 2011 In praise of OSSTMM In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…
February 28, 2010 The FBI risk equation It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x…
November 13, 2009 The Cost of patching I saw this assertion go by and it stood out: The bigger cost would be the cost of not patching. Such items as downtime…