Ponemon Institute has issued its annual report on the cost of data breaches. I wrote last year about using per record costs for data breaches. An excerpt: It is common when estimating costs of data breaches to quote costs “per…
Highlights
Addressing the Advanced Persistent Threat (APT)
by Pete Lindstrom • • Comments Off
In the past few weeks, the Advanced Persistent Threat (APT) has been all the rage in the infosec world. Security professionals everywhere are taking sides about whether APT is new or not, despite (or perhaps due to) the lack of…
What does “Aurora” mean in Chinese?
by Pete Lindstrom • • Comments Off
George Kurtz of McAfee is providing some details about the hack attack against Google et.al. purportedly originating in China. One of his comments: I am sure you are wondering about the name “Aurora.” Based on our analysis, “Aurora” was part…
Meet my friend Micromort – he’s one in a million!
by Pete Lindstrom • • Comments Off
No, it i’s not some sort of mini-Mortman! It’s micromort, or in other words, a one-in-a-million chance of death. How can you add (or is that subtract?) a micromort to your… err.. life? Here are some options (from Wikipedia): smoking…
Quick and Dirty Risk Calculations – CSI Survey Edition
by Pete Lindstrom • • Comments Off
The Computer Security Institute recently released its 2009 survey results (must register). One of the charts in the executive summary lists the frequency of occurrence in the survey population. Without any other information more pertinent or specific to your organization,…
Notes on the Heartland breach
by Pete Lindstrom • • Comments Off
The Heartland saga continues and it appears that things are going its way. Not only has the company been on a campaign to make lemons out of lemonade by selling the equipment (“end-to-end” encryption) to their customers (and, presumably others),…
Should we change passwords every 90 days?
by Pete Lindstrom • • 1 Comment
[I was unsuccessful trying to post this as a comment on the Securosis blog so figured I'd post it here instead.] David Mortman at Securosis recently posted with the following challenge: Show me any reasonable evidence that changing all your…
ENISA Cloud Computing Security Project
by Pete Lindstrom • • Comments Off
Today, the European Network and Information Security Agency (ENISA) released its Cloud Computing Risk Assessment report. I enjoyed participating on the project and making a number of new friends. As with most workgroups, this project had its ups and downs…