Archives
- 2008.07.24: Software piracy and the price of software
- 2008.07.22: How to get the truth in a risk assessment interview
- 2008.07.06: Data retention and compliance
- 2008.06.29: Six rules for effective threat modeling
- 2008.06.25: Mitigating away all the risk is a guarantee for mediocrity
- 2008.06.24: A common language of risk assessment
- 2008.06.19: How my Cratoni helmet saved my life
- 2008.06.18: Security vendors advertising - a threat to customers, a call for Truth in packaging
- 2008.06.12: Cloud Computing: Is your data secure?
- 2008.06.10: Threat modeling for the pharmaceutical industry
- 2008.06.08: Is open source for you
- 2008.06.05: The role of threat modeling in risk assessments
- 2008.06.03: The problem with risk assessment software
- 2008.06.01: Hannaford Brothers Supermarkets - Full-disclosure versus vendor-proprietary
- 2008.05.29: In defense of Sarbanes Oxley
- 2008.05.26: Compliance threatens customer data security
- 2008.05.26: There is more to risk than buggy software.
- 2008.05.22: Is DRM an effective tool for customer data protection?
- 2008.05.20: From IT Governance to Sarbanes-Oxley to AOL accounting fraud
- 2008.05.18: Payment Application Security Mandates
- 2008.05.16: The problem with most risk assessment systems is that they don't assess risk.
- 2008.05.14: Manage risk like a fighter pilot
- 2008.05.13: Risk Assessment is a threat to vendors
- 2008.05.13: Live from Infosec 2008
- 2008.05.12: Data leakage prevention: Anti-virus, the universal cure
- 2008.05.11: The ability to make the right decision
- 2008.05.02: What Japanese Customers Want - #2
- 2008.04.29: Phishing for Fifties
- 2008.04.28: Boss - I think someone stole our customer data
- 2008.04.25: What is the best way for a person to protect personal data?
- 2008.04.25: What is the best way for a business to prevent data breaches?
- 2008.04.06: 5 reasons IT projects fail
- 2008.04.04: Security sturm und drang - selling fear.
- 2008.04.03: Independent Living
- 2008.04.02: Hannaford extrusion event - threat modeling a retail network
- 2008.03.27: Why installing more security products is a bad idea
- 2008.03.26: Free risk assessment software - part 2
- 2008.03.25: Free Open Source risk assessment software - part 1
- 2008.03.20: 5 Steps to cost-effective risk mitigation
- 2008.03.18: What Japanese Customers Want
- 2008.03.17: 4.2 Million Credit Card Numbers Stolen From Supermarket Chain
- 2008.03.12: Sears using spyware for sales promotion
- 2008.03.11: Trusted insider threats and Identity managment
- 2008.03.09: Protecting America from the Protect America Act
- 2008.03.05: Change always has political implications
- 2008.03.04: 2,000 compliance heads did not prevent 7.1 Billion dollars of fraud
- 2008.02.26: Nailing a meeting in 30 seconds
- 2008.02.24: SOX, ISO, COBIT and ITIL - putting the cart before the horse?
- 2008.02.17: The straight-talk express on Sarbanes Oxley for SMB
- 2008.02.14: Shrinking IT Security budgets- are the Irish on to something?
- 2008.02.13: Facebook security breaches
- 2008.02.12: Fraud and data leakage
- 2008.02.07: PCI DSS self-assessment - update
- 2008.02.06: Software risk assessments, redux - the role of static code analysis
- 2008.02.04: Application software risk assessment review checklists
- 2008.02.01: Shrinking IT security budgets are better for security
- 2008.01.31: CIP - Critical Infrastructure Protection, FERC and NERC
- 2008.01.28: Security by obscurity
- 2008.01.27: The risk management divide - marrying risk and strategy to create value
- 2008.01.10: Peace and Geula - or Microsoft Open Source lab invites Mozilla to "mosey" on down
- 2008.01.09: IT security product prices will drop in 2008
- 2008.01.08: Hate is not a sustainable strategy - not in politics nor in technology
- 2008.01.07: Economists say 2008 will be a year to forget
- 2008.01.06: Arab Israeli arrested for Cyber-Sabotage of Israeli Websites
- 2007.12.28: The cost of credit card security
- 2007.12.26: The danger of Silo Risk
- 2007.12.25: Security policy, the good, the bad and the ugly
- 2007.12.24: Swinging and feeling good
- 2007.12.19: DRM World Domination: Disney announces that Blu-Ray victory is only delayed.
- 2007.12.18: Digital Video content protection
- 2007.12.06: Virtual worlds - the next Internet
- 2007.12.03: Israeli VC convicted on kiddie-porn charges
- 2007.11.29: A small business needs risk management more than the big guys
- 2007.11.28: PCI DSS 1.1 victims of the Compliance Culture- be less than you can be
- 2007.10.24: Options Backdating, Mercury Shareholders Receive $117.5M Settlement
- 2007.10.23: Options Backdating
- 2007.10.18: English communications skills for Information Security pros
- 2007.10.16: PCI DSS 1.1 can make retailers more secure
- 2007.10.15: Small business security effectiveness
- 2007.10.10: Sometimes you need a 10KG hammer
- 2007.10.09: Should you allow blogging?
- 2007.10.07: Using threat analysis to mitigate risk, examples
- 2007.10.05: Using threat analysis to understand risk
- 2007.10.03: PCI DSS 1.1 Self assessments, a business exercise
- 2007.10.02: Sea changes in the music industry, a threat analysis
- 2007.09.21: Erev Yom Kippur
- 2007.09.20: PCI DSS is not "one-size fits all"
- 2007.08.10: Risk assessment and the theory of constraints
- 2007.07.16: Try doing it with the engine running
- 2007.07.15: Recognizing Superior Performance
- 2007.07.13: Platform plays
- 2007.07.12: Minding the compliance police instead of managing risk
- 2007.06.21: Building Trust - a team with a shared vision builds better software
- 2007.06.20: Secure communications without encryption
- 2007.06.19: Imitation is the highest form of flattery
- 2007.06.15: Analyzing PCI Data Security
- 2007.06.10: People risks and software vulnerabilities
- 2007.06.05: Live from the IDC IT Security Roadshow 2007 Re-thinking Security
- 2007.06.04: Ehud Barak, spam and political activism
- 2007.06.03: Google and Salesforce.com - a match made in heaven?
- 2007.06.01: That was the month that was
- 2007.05.31: GRC - governance, operational risk and compliance: Will the dinosoars live or become extinct?
- 2007.05.27: Why firewalls are not enough
- 2007.05.24: PCI Data Security, Point of Order
- 2007.05.21: PCI Data Security, be all you can be
- 2007.05.16: Is blogging from work a threat or a vulnerability?
- 2007.05.14: Extrusion Prevention Three years after
- 2007.05.13: Mothers Day Spam
- 2007.05.10: Supply-chain security
- 2007.05.09: Symantec and McAfee-part of the problem, not part of the solution
- 2007.05.08: Security in the living room, IBM & Cisco Team for IPTV
- 2007.05.07: Web 2.0, Secure IT applications
- 2007.05.06: Do We Really Need a Security Industry?
- 2007.05.04: Extrusion Detection revisited, part 1
- 2007.05.03: If Enron had been SOX-compliant.
- 2007.04.30: Making risk mitigation cost effective
- 2007.04.22: Compliance is not enough
- 2007.04.19: Build management and ...Governance
- 2007.04.17: The death of the anti-virus
- 2007.04.11: Security is in the cracks
- 2007.03.29: Intellectual property is not just algorithms
- 2007.03.23: Japan’s Shrinking Population - Polands' exploding real-estate
- 2007.03.22: The mushroom theory of management-are non-US customers second class citizens?
- 2007.03.21: Software for detecting Coronary Artery Disease
- 2007.03.08: Identity theft and surfing to porn sites
- 2007.02.20: e-commerce workshop at the UPU in Bern
- 2007.02.19: User-generated privacy protection
- 2007.01.22: The big trade-off: Privacy versus service
- 2007.01.09: Compliance, the human factor and extrusion prevention
- 2007.01.07: Antivirus software and intrusion prevention solutions, yesterday's hype today.
- 2006.12.23: Winny
- 2006.12.22: Elves
- 2006.12.20: Is PCI Data Security good for the Jews?
- 2006.12.19: Run information security like a business
- 2006.12.11: Software Security with Open Source, necassary but not sufficient.
- 2006.12.10: Microsoft, Novell - Part III, yes Virginia, Microsoft does want to engulf and devour the Linux consulting market
- 2006.12.01: A little modesty never hurts-The week of Oracle database bugs
- 2006.11.28: In the EU, protecting human life takes second place to data protection
- 2006.11.27: Third party software vulnerabilities
- 2006.11.26: Extrusion Indian Style
- 2006.11.24: Hype is proportional to investment.
- 2006.11.23: Reality is inversely proportional to Press
- 2006.11.22: Do Symantec and McAfee have a shot at the services market?
- 2006.11.21: Novell, Microsoft and Intellectual property - displacing FOSS services with MSFT products
- 2006.11.20: Novell, Microsoft and Intellectual property-Opening Shots
- 2006.10.19: K through 12 - control policy for instant gratification
- 2006.10.18: You cannot test quality into your system
- 2006.10.17: Application security is not software security.
- 2006.10.16: The dark side of content-filtering proxy servers
- 2006.10.05: Information security is a major operational risk
- 2006.09.26: Software Security or Stupidity: AOL - Part II
- 2006.09.25: Local patriotism and Open Source CRM solutions
- 2006.09.22: The vulnerability of default passwords: From Oracle to ATM hacking
- 2006.09.17: Making a business case against internal threats
- 2006.09.13: Microsoft vs. Open Source: Who Will Win?
- 2006.09.12: Why product development is like big band jazz
- 2006.09.11: Sustained trends: 9/11, application firewalls and bare midriffs.
- 2006.09.05: Security Engineering Online
- 2006.08.29: By the people, for the people, of the people.
- 2006.08.27: Are we capable of writing secure software?
- 2006.08.24: Things they don't tell programmers
- 2006.08.23: Software Security or Stupidity: AOL
- 2006.08.23: All beginnings are difficult
Search
Recent Posts
- Software piracy and the price of software
- How to get the truth in a risk assessment interview
- Data retention and compliance
- Six rules for effective threat modeling
- Mitigating away all the risk is a guarantee for mediocrity
- A common language of risk assessment
- How my Cratoni helmet saved my life
- Security vendors advertising - a threat to customers, a call for Truth in packaging
- Cloud Computing: Is your data secure?
- Threat modeling for the pharmaceutical industry
[What is this?]
Categories
Archives
Powered by
Movable Type 3.32
Movable Type 3.32