How Red Meat can make Cybersecurity Healthier

Monday, March 26, 2012

How Red Meat can make Cybersecurity Healthier

Recently, the L.A. Times and other places wrote about a study done by Dr. Walter Willett of Harvard, et.al. regarding the impact of red meat on one’s mortality. He found that eating as little as one extra serving of red meat a week contributed to a 13% or 20% increased risk of death. More specifically, [...]
Continue Reading...
RSA Conference 2012 – The Sessions I Don’t Want to Miss

Tuesday, February 14, 2012

RSA Conference 2012 – The Sessions I Don’t Want to Miss

The sessions I don’t want to miss (but probably will). These sessions all strike my fancy in some way, and I would love to make it to them. Some are time competing and others take place after I am gone, but I wish I could attend. There are at least two that I am sure [...]
Continue Reading...
Evaluating the Oracle Security Manifesto

Tuesday, August 30, 2011

Evaluating the Oracle Security Manifesto

The cool thing about Mary Ann Davidson is she doesn’t mince her words; you know where she stands on every issue and she is willing to own it in the security world. So when I started hearing some buzz about her latest blog post – Those Who Can’t Do, Audit – I expected some sizzle. [...]
Continue Reading...
My Dream Metrics Status Report

Thursday, May 12, 2011

My Dream Metrics Status Report

“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. [...]
Continue Reading...
Attention InfoSec Pros: measuring risk is in your future

Thursday, March 3, 2011

Attention InfoSec Pros: measuring risk is in your future

Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in our space are relatively well documented already, however, anyone familiar with Cialdini knows that commitment [...]
Continue Reading...
Nuh, uh; Yuh, huh

Friday, February 11, 2011

Nuh, uh; Yuh, huh

(is that title the proper English spelling of two kids disagreeing? who knows…) Andrew Gelman’s enlightening blog points to a great example how scientific research helps us get smarter. He excerpts: Three articles published [by Brett Pelham et al.] have shown that a disproportionate share of people choose spouses, places to live, and occupations with [...]
Continue Reading...
prev next
Posted on March 26 2012 Read more...

How Red Meat can make Cybersecurity Healthier

Recently, the L.A. Times and other places wrote about a study done by Dr. Walter Willett of Harvard, et.al. regarding the impact of red meat on one's mortality. He found that eating as little as one extra serving of red meat a week contributed to a 13% or 20% increased risk of death. More specifically, ...
Posted on February 14 2012 Read more...

RSA Conference 2012 – The Sessions I Don’t Want to Miss

The sessions I don't want to miss (but probably will). These sessions all strike my fancy in some way, and I would love to make it to them. Some are time competing and others take place after I am gone, but I wish I could attend. There are at least two that I am sure ...
Posted on January 25 2012 Read more...

Vulnerability Research in the age of Embedded Systems (SCADA)

I have a post over at the Verizon Business blog (Considering Vulnerability Disclosure in the Realm of SCADA Systems) about how vulnerability discovery and disclosure impacts risk. Although it provides a basic risk model that can be applied to any situation, it focuses on the recent SCADA disclosures by Digital Bond and Rapid7. These are some ...
Posted on August 30 2011 Read more...

Evaluating the Oracle Security Manifesto

The cool thing about Mary Ann Davidson is she doesn't mince her words; you know where she stands on every issue and she is willing to own it in the security world. So when I started hearing some buzz about her latest blog post - Those Who Can't Do, Audit - I expected some sizzle. ...
Posted on August 22 2011 Read more...

Liability and Secure Software

iang over at Financial Cryptography has a thought-provoking discussion of liability (ht @alexhutton) and its corresponding risks. I think I added a comment (but can't be sure) that said this: Culture and consciousness is all a distraction and very malleable. What really matters at the end of the day is the relative number of vulns in ...
Posted on May 12 2011 Read more...

My Dream Metrics Status Report

"Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. ...
Posted on April 29 2011 Read more...

Dr. Laura as Information Security Officer

[One of my first Trend Watch essays circa 2000 or whenever Dr. Laura - the queen of saying "no" - was popular] Dr. Laura: “Hello Kate, you’re on the air” Kate: “Hi, Dr. Laura, thanks for taking my call. My security dilemma is that I would like to open a port in our firewall…” Dr. Laura: “ No. ...
Posted on April 4 2011 Read more...

Thinking about APTs and the RSA Hack

The recent RSA hack has once again (after Google and Aurora made a big splash a little over a year ago) brought to the surface this notion of an "advanced persistent threat." There is great emotion on all sides of the debate about what it is and whether it matters. As I listened to Uri ...
« Older Entries