[I was unsuccessful trying to post this as a comment on the Securosis blog so figured I'd post it here instead.] David Mortman at Securosis recently posted with the following challenge: Show me any reasonable evidence that changing all your…
Random
ENISA Cloud Computing Security Project
by Pete Lindstrom • • Comments Off
Today, the European Network and Information Security Agency (ENISA) released its Cloud Computing Risk Assessment report. I enjoyed participating on the project and making a number of new friends. As with most workgroups, this project had its ups and downs…
Somebody Pinch Me
by Pete Lindstrom • • Comments Off
Saw this headline on the InfoSecurity News mailing list today: “Firms spend only up to 20% of their budget on IT security“ This is one of the more bizarre statements I’ve seen in a long time. It refers to one…
Top Ten Web Security Risks
by Pete Lindstrom • • Comments Off
Here is a list of the top ten Web security risks: Hidden Manipulation Cookie Poisoning Backdoor and Debug Options Buffer Overflow Stealth Commanding 3rd Party Misconfiguration Known Vulnerabilities Parameter Tampering Cross Site Scripting Forceful Browsing Looks like a pretty timely…
Confirmation Bias at work?
by Pete Lindstrom • • 2 Comments
Evan Schuman has an intriguing blog post on the McAfee blog about whether the reduced number of data breach reports at DataLossDB.com are indicative of fewer actual data breaches. His answer is unequivocally “No.” His reasoning is as follows: Media…
Ramblings while reading Microsoft’s Security Intelligence Report
by Pete Lindstrom • • 1 Comment
I just downloaded Microsoft’s Security Intelligence Report. Given my predisposition toward good stats, I am looking forward to reading it. Herewith is a running chronology of my thoughts as I read it: opening pages – 25 authors! even more contributors!…
Lindstrom’s Razor is not about security spending
by Pete Lindstrom • • 2 Comments
After a few conversations, and having seen (part of) Russell Cameron Thomas’ post on the topic, I am beginning to realize that people are making a common mistake about Lindstrom’s Razor, which states: The digital assets in question must be…
What is “Lindstrom’s Razor”?
by Pete Lindstrom • • 1 Comment
Yesterday, Andrew Jaquith from Forrester blogged about digital asset value, in response to Russell Cameron Thomas’ post on the same topic, which was in response to a Jeremiah Grossman tweet*. Andrew’s post mentioned a cost-based approach I use for valuation…