My daughter was distressed yesterday after the Feds shutdown the megaupload file sharing site – “How am I going to see all those series and Korean movies I love? It’s not fair!” The FBI have been after Mr Dotcom for 8 years. His big problem was not the file sharing but his other criminal activities. …
Read more »IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. IT and security adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or manager) needs a line of business software application, IT …
Read more »I met with Maryellen Ariel Evans last week. She was in Israel on vacation and we had coffee on the Bat Yam boardwalk. Maryellen is a serial entrepreneur; her latest venture is a security product for IBM Websphere MQ Series. She’s passionate about message queue security and I confess to buying into the vision. She …
Read more »Instead of getting some real work done this morning, I started collating some thoughts on cyber security strategy. I guess it’s a lot easier to think about strategies than to fix buggy, risky code. For most people – there are two worlds, the cyberspace world and the physical, people-populated world. This dichotomy of two separate spaces …
Read more »I have written several times in the past here, here and here about the notion of taking cyber security on the offensive James Anderson, president of Professional Assurance LLC, says that there is no evidence that governments can protect large firms from cyber attacks. “National security authorities may not even acknowledge that their interests align …
Read more »
Did you ever have a feeling that your IT integrator was treating you like a couple of guys selling you a Persian rug? ”Take it now – it’s so beautfiful, just perfect for your living room, a steal for only $10,000 and it’s on sale” and when you ask if it will last, they tell …
Read more »A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the …
Read more »Last week, I got an email from the Internet Security Alliance (a trade association of companies like Raytheon and Northrup-Grumman that lobbies the government on cyber-security issues) with Melissa Hathaway’s speech to the RSA Security conference. Besides all the touch-feely stuff - I didn’t understand anything she is saying (and I’m a native English speaker..). …
Read more »An information security industry trade association (the ISAlliance – Internet Security Alliance) has been promoting the notion of a social contract between government and the private sector to improve cybersecurity. The ISAlliance includes representatives from Verizon, the National Association of Manufacturers, Nortel, the CyLab at Carnegie Mellon University, Raytheon, and Northrop Grumman. According to the …
Read more »Kudos to ANSI for publishing a free guide to calculating cyber risk. Better late than never – thousands of security professionals in the world use the Microsoft Threat Modeling Tool and the popular free threat modeling software PTA, to calculate risk in financial terms – not to mention the thousands of other users of risk …
Read more »