Are technical privacy controls a substitute for responsible human behavior? In the business environment, management leadership from the front on data security and privacy is a more effective (as in cheaper and stronger) countermeasure than technology when it comes to mitigating trusted insider threats. In the family environment, we traditionally see parents as responsible for …
Read more »Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the …
Read more »
From the recent September/October 2010 issue of Foreign Affairs – William Lyn U.S. Deputy Secretary of Defense writes about defending a new domain. The long, eloquently phrased article, demonstrates that the US has fundamental flaws in it’s strategic thinking about fighting terror: Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors …
Read more »What is interesting and generally overlooked – is the cultural differences between the US and the rest of the world. The Europeans prefer a more nuanced approach stressing discipline and procedures,The Americans are compliance driven and IT top heavy, I imagine if you look at DLP sales – 98% are in the US, being (right or …
Read more »I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures. The recent case …
Read more »Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been …
Read more »I am on an email distribution list from the Israeli Export Institute for Israeli software and security companies. The Export Institute is organizing an event for Protecting Critical Infrastructure – the event is slated to take place Brandenburg, in Berlin-Schönefeld, 18 – 20 May 2009. I liked the use of standard security market-speak to describe the opportunity …
Read more »I got this from my sister in-law Judith Bedichi this morning – it was written by Dr. Guy Bechor and describes an escalation of security threats to the Jewish State of Israel. The Israeli Supreme Court is highly-regarded yet clearly preferential to Israeli Arabs, with liberal rulings allowing operations of radical Islamic groups in the …
Read more »It’s sad that on the 70th anniversary of Kristallnacht, Ehud Olmert and Tzipi Livni felt compelled to mitigate their political vulnerabilities with offers of appeasement to Palestinian terrorists. Political spin is not a sound replacement for national pride. Translated literally from the English as the Night of Broken Glass, Kristallnacht was a pogrom in Nazi …
Read more »What do hackers really want? No question is more important for mounting effective security countermeasures. The management, IT and security practitioners cannot expect to mitigate risk effectively without knowing the objectives and cost of potential attacks on their organization. We all depend on transaction processing to run our business and make decisions, no matter how …
Read more »