Thursday this week, is the 7′th anniversary of the Al Queda attack on the US in New York on 9/11/2001. The world today is more connected, more always-on, more accessible…and more hostile. There are threats from Islamic terror, identity theft, hacking for pay, custom spyware, mobile malware, money laundering and corporate espionage. For those of …
Read more »I was looking at the CSI 2008 security survey recently and noticed that the top three loss categories are fraud (number 1), viruses (number 2) and data loss (number 3). I’m a little dubious about viruses landing up in the number 2 slot. We haven’t even installed anti-virus software on our office workstations in the …
Read more »This week, I met with one of my former clients who have done some innovative work in the digital media space. They are a typical tech company with typical problems that create typical opportunities for larger companies to buy them out for peanuts. This particular company operates in a difficult and competitive market with long …
Read more »It’s always interesting to see if industry analysis stands the test of time, like Dana Gardner (formerly with the Yankee Group, now with Interarbor Solutions) who told Internetnews.com back in 2004 that “Solaris may find fertile ground in the embedded space with a combination of real-time Java and the Solaris operating system”. Hmm. Now there’s …
Read more »One thing that is burnt into my personal flash memory from 7 years at Intel is working in Plan 2009 in September/October. This time of year, I start thinking about how we can survive and grow the business. We all like to think we learn from mistakes, however, recent experiences reminded me that the software …
Read more »Quantity or quality - that is the question! There is a great deal of debate between the supporters of quantitative risk assessment and the supporters of qualitative risk assessment in the security and compliance business. The qualitative people say that since it is impossible to estimate risk as an absolute number such as “87 percent …
Read more »There is an automated self-service fingerprint id system for passport control at Ben Gurion Airport. I was one of the early adopters and stopped after a year of frustrating attempts to get it to recognize my fingers. They were charging 50 sheqels/year for the service – the last thing an Israeli wants is to be …
Read more »just saw a post from a month ago by Jeremiah Grossman from White Hat Security on his blog PCI-DSS references the outdated OWASP Top Ten There are actually a number of more serious technical issues with PCI DSS 1.1 than using the OWASP Top 10 from 4 years ago. Note the definition of vulnerability management …
Read more »I was working on an article on a holistic approach to data leakage, fraud and revenue leakage today. Spend most of my Sunday, reading and trying to summarize some of the work we’ve done with our telecom service provider customers in Israel and Poland. I came across a thread entitled What is the acceptable percentage …
Read more »One of the more difficult tasks in any fraud, revenue assurance, security or compliance risk assessment is classifying assets and tagging them with a financial value. Here are a few tips on asset classification and valuation. There are 5 fundamental types of assets: physical assets (like a building or a data center), digital assets (like …
Read more »