Category: Risk management

  • The credit crunch, Cisco and Nortel

    I was talking with my friend Gennady Weizman yesterday about medium term (as in the next 6-18 months) impact of the current financial markets crisis on the tech market.   Most of our business is in the telecom industry – so I have an interest in whether our clients will have money to spend. it appears […]

  • What risks really count for your business?

    Is there a “black-box” security solution for the business? What risks really count for your business? No question is more important for implementing an effective program of security countermeasures. The management, IT and security practioners cannot expect to mitigate risk effectively without knowing the sources and cost of threats to the organization. We all depend […]

  • Risk management – bringing brick and mortar security to IT

    I was talking with a prospect yesterday who is an information security manager; extremely professional and creative at what he does.   In the course of the conversation, I realized that there are fundamental differences in mentality between IT and Security practitioners. Back when I wrote COBOL/CICS applications for Tadiran Information systems – some of our […]

  • The danger of losing your digital assets in a down market

    Any information security professional will tell you that security countermeasures are comprised of people, processes and technology.  The only problem is that good security depends on stable people, processes and technology. A stable organization undergoing rapid and violent change is an oxymoron. People countermeasures are a mix of security awareness training, background checks (at a […]

  • Operational risk is not a bad business decision

    I was looking at the CSI 2008 security survey recently and noticed that the top three loss categories are fraud (number 1), viruses (number 2) and data loss (number 3). I’m a little dubious about viruses landing up in the number 2 slot.  We haven’t even installed anti-virus software on our office workstations in the […]

  • Technology innovation is not enough

    This week, I met with one of my former clients who have done some innovative work in the digital media space.  They are a typical tech company  with typical problems  that create  typical opportunities for larger companies to buy them out for peanuts. This particular company operates in a difficult and competitive market with long […]

  • Solaris and real-time Java for embedded systems?

    It’s always interesting to see if industry analysis stands the test of time, like Dana Gardner (formerly with the Yankee Group, now with Interarbor Solutions)  who told back in 2004 that  “Solaris may find fertile ground in the embedded space with a combination of real-time Java and the Solaris operating system”. Hmm. Now there’s […]

  • Seven software development mistakes not to make in 2009

    One thing that is burnt into my personal flash memory from 7 years at Intel is working in Plan 2009 in September/October. This time of year, I start thinking about how we can survive and grow the business. We all like to think we learn from mistakes, however, recent experiences reminded me that the software […]

  • Credit card security franchise available

    just saw a post  from a month ago by Jeremiah Grossman from White Hat Security on his blog PCI-DSS references the outdated OWASP Top Ten There are actually a number of more serious technical issues with PCI DSS 1.1 than using the OWASP Top 10 from 4 years ago. Note the definition of vulnerability management […]

  • Preventing drug counterfeiting

    Counterfeiting is old as money itself. We recently had the opportunity to work with a large generic pharmaceutical company examining innovative methods for preventing product counterfeiting. In order to build cost justification for the project, we performed a quantitative threat modeling exercise that involved valuation of assets and analysis of a number of product counterfeiting […]