Information security is very much product driven and very much network perimeter security driven at that: firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services …
Read more »I’ve been recently writing about why Microsoft Windows and the Microsoft monoculture in general is a bad idea for medical device vendors – see my essays on Windows vulnerabilities and medical devices here, here and here. It is now time to slaughter one more sacred cow: SSL. One of the most prevalent misconceptions with vendors in …
Read more »A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the …
Read more »A colleague of mine, Bill Munroe, is VP Marketing at Verdasys, the first of the agent DLP vendors and the most established of the independent pure play DLP technology companies. (No. I do not have a business relationship with Verdasys). Bill has written a paper entitled “Protecting against Wikileaks events and the trusted insider threat” …
Read more »We all think about sex – men (most of the time), women (some of time) and teenagers (all the time). Sex – despite the huge volume of content in the digital and print media, is one of those phenomena that demonstrate an inverse relationship between substance and talk. The more talk, chances are, the …
Read more »I think in the security space, we spend too much time on the business justification and functional part of security (reducing risk, detection data breach violations, complying with HIPAA, writing secure Web 2.0 applications, securing cloud services, security information management etc…). I think we’re ignoring the emotional content of security and I don’t necessarily mean …
Read more »I am putting together a semester-long, hands-on security training course for a local college. The college asking me for the program showed me a proposal they got from a professional IT training company for a 120 hour information security course. They are trying to figure how to decide, so they send me the competing …
Read more »Almost every SaaS (software as a service) is based on REST or XML Web services. In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of HTTP Web Services is that traffic flows through port 80 and …
Read more »First reported in the Huffington Post in November 2010, the Bank of America has set up a Wikileaks defense team after an announcement by Julian Assange that Wikileaks has information from a 5GB hard drive of a Bank of America executive. In a burst of wikipanic, Bank of America has dived into full-on counterespionage mode…15 …
Read more »With a delay of almost 10 years – SCIAM has published an article on the insider threat – WikiLeaks Breach Highlights Insider Security As one of the pioneers in the DLP space (data loss prevention) and an active data security consultant in the field since 2003 – I am not surprised when civilians like the …
Read more »