Category: Risk management

  • Risk analysis of legacy systems

    A practical, proven methodology for practical risk assessment and security breach risk reduction in enterprise software systems. Click here to download the article Tell your friends and colleagues about us. Thanks!Share this Follow

  • SOX IT Compliance

    A customer case study – SOX IT Compliance We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company. The objectives for the study were to evaluate the internal and external threats that impact the company’s information assets. Using the Business threat modeling (BTM) methodology, a practical threat analysis PTA threat model was constructed and a number […]

  • Will security turn into a B2B industry?

    Information security is very much product driven and very much network perimeter security driven at that:   firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]

  • Practical security management for startups

    We normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc… However – there is an important class of small business operations that is often overlooked when it comes to information security and […]

  • The cloud concierge

    The Israeli ISPs are really really bad.  Just abysmal. It hurts me just to think about the level of customer service and data security incompetence that would make an Iraqi ISP running an operation in a store front beam with pride. I assume that we are not the only business to suffer from Netvision (and […]

  • The importance of data collection in a risk assessment

    A risk assessment of a business always starts with data collection. The end objective is identifying and then implementing a corrective action plan that will improve data security in a cost-effective way, that is the right fit for the business. The question in any risk assessment is how do you get from point A (current […]

  • How to convert a web application to a multi-tenant SaaS solution

    Of course, putting an application into a cloud data center is not enough. You have to think about application security, data security and compliance such as PCI DSS 2.0 or HIPAA if you are in the life science space. But – in addition to cloud security, you need to make sure that your Web application […]

  • How to assess risk – Part I: Asking the right questions

    It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care.  Let’s face it – risk is difficult to understand, since it […]

  • Why software patents are a bad idea

    In  Bilski and software patents, Rob Tiller (vice president and assistant general counsel for Red Hat) attempts to make a case against software patents by claiming that they are abstract and therefore not patentable: In view of this serious problem, Red Hat submits that the Interim Guidance should be revised to recognize that software patents will ordinarily […]

  • Brainwashed by propaganda?

    I decided to update this post – after the security theater of the week with the Palestinians and Israelis – as if Israel really needs the Palestinians to recognize Israel as a Jewish State and as if not building a few houses is going to give the Palestinian leaders a reason to stop terror and […]