IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. IT and security adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or manager) needs a line of business software application, IT …
Read more »I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device). I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I gave a talk about mobile medical device security at the Logtel …
Read more »Using shims that fit into the ATM machine and read your mag stripe data has been around for a while. It’s a good way to get the track 2 data but it won’t get your PIN (which if you are in Europe and the Middle East is part of the VISA chip and pin security …
Read more »In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling …
Read more »In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The …
Read more »Are you waiting for the next Gartner Security Report, making plans to evaluate some technology your CEO might not approve after she slashes your funding and maybe your job? As a security professional, you can blame hackers, buggy software and the economy – or you can do something different. “Life is what happens to you …
Read more »